Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
xCSONUFhmq.exe

Overview

General Information

Sample name:xCSONUFhmq.exe
renamed because original name is a hash value
Original sample name:1d73078a32ebe241da92d570848accc314fee357579114c1260ac86e1ae84ce9.exe
Analysis ID:1588763
MD5:a6a667c80a8e08466e8845c6833f6f00
SHA1:8aace8c51a7b19525bd77fe7befda64f92d04c68
SHA256:1d73078a32ebe241da92d570848accc314fee357579114c1260ac86e1ae84ce9
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • xCSONUFhmq.exe (PID: 344 cmdline: "C:\Users\user\Desktop\xCSONUFhmq.exe" MD5: A6A667C80A8E08466E8845C6833F6F00)
    • xCSONUFhmq.exe (PID: 2280 cmdline: "C:\Users\user\Desktop\xCSONUFhmq.exe" MD5: A6A667C80A8E08466E8845C6833F6F00)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.1991467804.0000000001090000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      Process Memory Space: xCSONUFhmq.exe PID: 344JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        6.2.xCSONUFhmq.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          6.2.xCSONUFhmq.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: xCSONUFhmq.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: xCSONUFhmq.exeVirustotal: Detection: 80%Perma Link
            Source: xCSONUFhmq.exeReversingLabs: Detection: 68%
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.xCSONUFhmq.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.xCSONUFhmq.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.1991467804.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: xCSONUFhmq.exeJoe Sandbox ML: detected
            Source: xCSONUFhmq.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: xCSONUFhmq.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: VGiq.pdb source: xCSONUFhmq.exe
            Source: Binary string: wntdll.pdbUGP source: xCSONUFhmq.exe, 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: xCSONUFhmq.exe, xCSONUFhmq.exe, 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: VGiq.pdbSHA256 source: xCSONUFhmq.exe

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.xCSONUFhmq.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.xCSONUFhmq.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.1991467804.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0042C8D3 NtClose,6_2_0042C8D3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_015E2DF0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_015E2C70
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E35C0 NtCreateMutant,LdrInitializeThunk,6_2_015E35C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E4340 NtSetContextThread,6_2_015E4340
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E4650 NtSuspendThread,6_2_015E4650
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2B60 NtClose,6_2_015E2B60
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2BF0 NtAllocateVirtualMemory,6_2_015E2BF0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2BE0 NtQueryValueKey,6_2_015E2BE0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2B80 NtQueryInformationFile,6_2_015E2B80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2BA0 NtEnumerateValueKey,6_2_015E2BA0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2AD0 NtReadFile,6_2_015E2AD0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2AF0 NtWriteFile,6_2_015E2AF0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2AB0 NtWaitForSingleObject,6_2_015E2AB0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2D10 NtMapViewOfSection,6_2_015E2D10
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2D00 NtSetInformationFile,6_2_015E2D00
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2D30 NtUnmapViewOfSection,6_2_015E2D30
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2DD0 NtDelayExecution,6_2_015E2DD0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2DB0 NtEnumerateKey,6_2_015E2DB0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2C60 NtCreateKey,6_2_015E2C60
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2C00 NtQueryInformationProcess,6_2_015E2C00
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2CC0 NtQueryVirtualMemory,6_2_015E2CC0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2CF0 NtOpenProcess,6_2_015E2CF0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2CA0 NtQueryInformationToken,6_2_015E2CA0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2F60 NtCreateProcessEx,6_2_015E2F60
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2F30 NtCreateSection,6_2_015E2F30
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2FE0 NtCreateFile,6_2_015E2FE0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2F90 NtProtectVirtualMemory,6_2_015E2F90
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2FB0 NtResumeThread,6_2_015E2FB0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2FA0 NtQuerySection,6_2_015E2FA0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2E30 NtWriteVirtualMemory,6_2_015E2E30
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2EE0 NtQueueApcThread,6_2_015E2EE0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2E80 NtReadVirtualMemory,6_2_015E2E80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2EA0 NtAdjustPrivilegesToken,6_2_015E2EA0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E3010 NtOpenDirectoryObject,6_2_015E3010
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E3090 NtSetValueKey,6_2_015E3090
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E39B0 NtGetContextThread,6_2_015E39B0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E3D70 NtOpenThread,6_2_015E3D70
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E3D10 NtOpenProcessToken,6_2_015E3D10
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_011FD3A41_2_011FD3A4
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_052666981_2_05266698
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_052666881_2_05266688
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_052600061_2_05260006
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_052600401_2_05260040
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_0526EF281_2_0526EF28
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_0526EF381_2_0526EF38
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_0722A1281_2_0722A128
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_0722A11A1_2_0722A11A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_0722AF001_2_0722AF00
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_0722AF101_2_0722AF10
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_07228E881_2_07228E88
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_0722AA001_2_0722AA00
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_07228A501_2_07228A50
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 1_2_0722A9F11_2_0722A9F1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_004101036_2_00410103
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_00402A726_2_00402A72
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_00416ADE6_2_00416ADE
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_00416AE36_2_00416AE3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_00402A806_2_00402A80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0040E3036_2_0040E303
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_004103236_2_00410323
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0040E4476_2_0040E447
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0040E4536_2_0040E453
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0040256A6_2_0040256A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_004025706_2_00402570
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0042EED36_2_0042EED3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_00402F506_2_00402F50
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016381586_2_01638158
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A01006_2_015A0100
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164A1186_2_0164A118
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016681CC6_2_016681CC
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016701AA6_2_016701AA
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016420006_2_01642000
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166A3526_2_0166A352
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016703E66_2_016703E6
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BE3F06_2_015BE3F0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016502746_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016302C06_2_016302C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B05356_2_015B0535
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016705916_2_01670591
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016624466_2_01662446
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016544206_2_01654420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0165E4F66_2_0165E4F6
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D47506_2_015D4750
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B07706_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AC7C06_2_015AC7C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CC6E06_2_015CC6E0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C69626_2_015C6962
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0167A9A66_2_0167A9A6
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A06_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BA8406_2_015BA840
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B28406_2_015B2840
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE8F06_2_015DE8F0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015968B86_2_015968B8
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166AB406_2_0166AB40
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01666BD76_2_01666BD7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AEA806_2_015AEA80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BAD006_2_015BAD00
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164CD1F6_2_0164CD1F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AADE06_2_015AADE0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C8DBF6_2_015C8DBF
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0C006_2_015B0C00
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0CF26_2_015A0CF2
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650CB56_2_01650CB5
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01624F406_2_01624F40
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01652F306_2_01652F30
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D0F306_2_015D0F30
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015F2F286_2_015F2F28
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A2FC86_2_015A2FC8
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BCFE06_2_015BCFE0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162EFA06_2_0162EFA0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0E596_2_015B0E59
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166EE266_2_0166EE26
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166EEDB6_2_0166EEDB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C2E906_2_015C2E90
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166CE936_2_0166CE93
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0167B16B6_2_0167B16B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159F1726_2_0159F172
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E516C6_2_015E516C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BB1B06_2_015BB1B0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166F0E06_2_0166F0E0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016670E96_2_016670E9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B70C06_2_015B70C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0165F0CC6_2_0165F0CC
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159D34C6_2_0159D34C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166132D6_2_0166132D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015F739A6_2_015F739A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016512ED6_2_016512ED
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CB2C06_2_015CB2C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B52A06_2_015B52A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016675716_2_01667571
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164D5B06_2_0164D5B0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A14606_2_015A1460
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166F43F6_2_0166F43F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166F7B06_2_0166F7B0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016616CC6_2_016616CC
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B99506_2_015B9950
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CB9506_2_015CB950
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016459106_2_01645910
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161D8006_2_0161D800
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B38E06_2_015B38E0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166FB766_2_0166FB76
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01625BF06_2_01625BF0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015EDBF96_2_015EDBF9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CFB806_2_015CFB80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01623A6C6_2_01623A6C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01667A466_2_01667A46
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166FA496_2_0166FA49
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0165DAC66_2_0165DAC6
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01651AA36_2_01651AA3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164DAAC6_2_0164DAAC
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015F5AA06_2_015F5AA0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01667D736_2_01667D73
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B3D406_2_015B3D40
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01661D5A6_2_01661D5A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CFDC06_2_015CFDC0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01629C326_2_01629C32
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166FCF26_2_0166FCF2
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166FF096_2_0166FF09
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B1F926_2_015B1F92
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166FFB16_2_0166FFB1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B9EB06_2_015B9EB0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: String function: 015E5130 appears 58 times
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: String function: 0161EA12 appears 86 times
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: String function: 0162F290 appears 105 times
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: String function: 0159B970 appears 280 times
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: String function: 015F7E54 appears 101 times
            Source: xCSONUFhmq.exe, 00000001.00000002.1557070043.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs xCSONUFhmq.exe
            Source: xCSONUFhmq.exe, 00000001.00000002.1555658252.0000000000F7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs xCSONUFhmq.exe
            Source: xCSONUFhmq.exe, 00000001.00000000.1351671262.0000000000922000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVGiq.exe6 vs xCSONUFhmq.exe
            Source: xCSONUFhmq.exe, 00000001.00000002.1560298439.0000000007230000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs xCSONUFhmq.exe
            Source: xCSONUFhmq.exe, 00000001.00000002.1559664138.0000000005660000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs xCSONUFhmq.exe
            Source: xCSONUFhmq.exe, 00000001.00000002.1556415275.0000000002CE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs xCSONUFhmq.exe
            Source: xCSONUFhmq.exe, 00000006.00000002.1991771105.000000000169D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs xCSONUFhmq.exe
            Source: xCSONUFhmq.exeBinary or memory string: OriginalFilenameVGiq.exe6 vs xCSONUFhmq.exe
            Source: xCSONUFhmq.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: xCSONUFhmq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal84.troj.evad.winEXE@3/1@0/0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\xCSONUFhmq.exe.logJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeMutant created: NULL
            Source: xCSONUFhmq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: xCSONUFhmq.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: xCSONUFhmq.exeVirustotal: Detection: 80%
            Source: xCSONUFhmq.exeReversingLabs: Detection: 68%
            Source: unknownProcess created: C:\Users\user\Desktop\xCSONUFhmq.exe "C:\Users\user\Desktop\xCSONUFhmq.exe"
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess created: C:\Users\user\Desktop\xCSONUFhmq.exe "C:\Users\user\Desktop\xCSONUFhmq.exe"
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess created: C:\Users\user\Desktop\xCSONUFhmq.exe "C:\Users\user\Desktop\xCSONUFhmq.exe"Jump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: xCSONUFhmq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: xCSONUFhmq.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: xCSONUFhmq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: VGiq.pdb source: xCSONUFhmq.exe
            Source: Binary string: wntdll.pdbUGP source: xCSONUFhmq.exe, 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: xCSONUFhmq.exe, xCSONUFhmq.exe, 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: VGiq.pdbSHA256 source: xCSONUFhmq.exe
            Source: xCSONUFhmq.exeStatic PE information: 0x98363F30 [Sat Dec 3 14:52:32 2050 UTC]
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0040D066 push cs; retf 6_2_0040D068
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_004238E2 push ebp; ret 6_2_004238EE
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_004238BA push edx; iretd 6_2_004238BB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_00416123 push ecx; iretd 6_2_00416145
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0041692E push eax; ret 6_2_00416930
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_004031F0 push eax; ret 6_2_004031F2
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0040D192 push 32D5BE83h; retf 6_2_0040D19A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_004082F0 push cs; ret 6_2_004082FD
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_004192F0 pushad ; retf 6_2_004192F2
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0040D3DF push edx; retf 6_2_0040D3E1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A09AD push ecx; mov dword ptr [esp], ecx6_2_015A09B6
            Source: xCSONUFhmq.exeStatic PE information: section name: .text entropy: 7.777347223162714
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: xCSONUFhmq.exe PID: 344, type: MEMORYSTR
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeMemory allocated: 11F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeMemory allocated: 2CA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeMemory allocated: 4CA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeMemory allocated: 7BE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeMemory allocated: 7420000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeMemory allocated: 8BE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeMemory allocated: 9BE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E096E rdtsc 6_2_015E096E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeAPI coverage: 0.6 %
            Source: C:\Users\user\Desktop\xCSONUFhmq.exe TID: 6940Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exe TID: 3236Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E096E rdtsc 6_2_015E096E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_00417A73 LdrLoadDll,6_2_00417A73
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A6154 mov eax, dword ptr fs:[00000030h]6_2_015A6154
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A6154 mov eax, dword ptr fs:[00000030h]6_2_015A6154
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159C156 mov eax, dword ptr fs:[00000030h]6_2_0159C156
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01634144 mov eax, dword ptr fs:[00000030h]6_2_01634144
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01634144 mov eax, dword ptr fs:[00000030h]6_2_01634144
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01634144 mov ecx, dword ptr fs:[00000030h]6_2_01634144
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01634144 mov eax, dword ptr fs:[00000030h]6_2_01634144
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01634144 mov eax, dword ptr fs:[00000030h]6_2_01634144
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01638158 mov eax, dword ptr fs:[00000030h]6_2_01638158
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E10E mov eax, dword ptr fs:[00000030h]6_2_0164E10E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E10E mov ecx, dword ptr fs:[00000030h]6_2_0164E10E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E10E mov eax, dword ptr fs:[00000030h]6_2_0164E10E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E10E mov eax, dword ptr fs:[00000030h]6_2_0164E10E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E10E mov ecx, dword ptr fs:[00000030h]6_2_0164E10E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E10E mov eax, dword ptr fs:[00000030h]6_2_0164E10E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E10E mov eax, dword ptr fs:[00000030h]6_2_0164E10E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E10E mov ecx, dword ptr fs:[00000030h]6_2_0164E10E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E10E mov eax, dword ptr fs:[00000030h]6_2_0164E10E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E10E mov ecx, dword ptr fs:[00000030h]6_2_0164E10E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01660115 mov eax, dword ptr fs:[00000030h]6_2_01660115
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D0124 mov eax, dword ptr fs:[00000030h]6_2_015D0124
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164A118 mov ecx, dword ptr fs:[00000030h]6_2_0164A118
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164A118 mov eax, dword ptr fs:[00000030h]6_2_0164A118
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164A118 mov eax, dword ptr fs:[00000030h]6_2_0164A118
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164A118 mov eax, dword ptr fs:[00000030h]6_2_0164A118
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016761E5 mov eax, dword ptr fs:[00000030h]6_2_016761E5
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016661C3 mov eax, dword ptr fs:[00000030h]6_2_016661C3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016661C3 mov eax, dword ptr fs:[00000030h]6_2_016661C3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D01F8 mov eax, dword ptr fs:[00000030h]6_2_015D01F8
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E1D0 mov eax, dword ptr fs:[00000030h]6_2_0161E1D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E1D0 mov eax, dword ptr fs:[00000030h]6_2_0161E1D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E1D0 mov ecx, dword ptr fs:[00000030h]6_2_0161E1D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E1D0 mov eax, dword ptr fs:[00000030h]6_2_0161E1D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E1D0 mov eax, dword ptr fs:[00000030h]6_2_0161E1D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159A197 mov eax, dword ptr fs:[00000030h]6_2_0159A197
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159A197 mov eax, dword ptr fs:[00000030h]6_2_0159A197
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159A197 mov eax, dword ptr fs:[00000030h]6_2_0159A197
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E0185 mov eax, dword ptr fs:[00000030h]6_2_015E0185
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01644180 mov eax, dword ptr fs:[00000030h]6_2_01644180
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01644180 mov eax, dword ptr fs:[00000030h]6_2_01644180
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0165C188 mov eax, dword ptr fs:[00000030h]6_2_0165C188
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0165C188 mov eax, dword ptr fs:[00000030h]6_2_0165C188
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162019F mov eax, dword ptr fs:[00000030h]6_2_0162019F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162019F mov eax, dword ptr fs:[00000030h]6_2_0162019F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162019F mov eax, dword ptr fs:[00000030h]6_2_0162019F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162019F mov eax, dword ptr fs:[00000030h]6_2_0162019F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A2050 mov eax, dword ptr fs:[00000030h]6_2_015A2050
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CC073 mov eax, dword ptr fs:[00000030h]6_2_015CC073
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01626050 mov eax, dword ptr fs:[00000030h]6_2_01626050
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BE016 mov eax, dword ptr fs:[00000030h]6_2_015BE016
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BE016 mov eax, dword ptr fs:[00000030h]6_2_015BE016
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BE016 mov eax, dword ptr fs:[00000030h]6_2_015BE016
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BE016 mov eax, dword ptr fs:[00000030h]6_2_015BE016
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01636030 mov eax, dword ptr fs:[00000030h]6_2_01636030
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01624000 mov ecx, dword ptr fs:[00000030h]6_2_01624000
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01642000 mov eax, dword ptr fs:[00000030h]6_2_01642000
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01642000 mov eax, dword ptr fs:[00000030h]6_2_01642000
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01642000 mov eax, dword ptr fs:[00000030h]6_2_01642000
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01642000 mov eax, dword ptr fs:[00000030h]6_2_01642000
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01642000 mov eax, dword ptr fs:[00000030h]6_2_01642000
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01642000 mov eax, dword ptr fs:[00000030h]6_2_01642000
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01642000 mov eax, dword ptr fs:[00000030h]6_2_01642000
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01642000 mov eax, dword ptr fs:[00000030h]6_2_01642000
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159A020 mov eax, dword ptr fs:[00000030h]6_2_0159A020
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159C020 mov eax, dword ptr fs:[00000030h]6_2_0159C020
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016260E0 mov eax, dword ptr fs:[00000030h]6_2_016260E0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159C0F0 mov eax, dword ptr fs:[00000030h]6_2_0159C0F0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E20F0 mov ecx, dword ptr fs:[00000030h]6_2_015E20F0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A80E9 mov eax, dword ptr fs:[00000030h]6_2_015A80E9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159A0E3 mov ecx, dword ptr fs:[00000030h]6_2_0159A0E3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016220DE mov eax, dword ptr fs:[00000030h]6_2_016220DE
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016380A8 mov eax, dword ptr fs:[00000030h]6_2_016380A8
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A208A mov eax, dword ptr fs:[00000030h]6_2_015A208A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016660B8 mov eax, dword ptr fs:[00000030h]6_2_016660B8
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016660B8 mov ecx, dword ptr fs:[00000030h]6_2_016660B8
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164437C mov eax, dword ptr fs:[00000030h]6_2_0164437C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01622349 mov eax, dword ptr fs:[00000030h]6_2_01622349
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166A352 mov eax, dword ptr fs:[00000030h]6_2_0166A352
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01648350 mov ecx, dword ptr fs:[00000030h]6_2_01648350
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162035C mov eax, dword ptr fs:[00000030h]6_2_0162035C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162035C mov eax, dword ptr fs:[00000030h]6_2_0162035C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162035C mov eax, dword ptr fs:[00000030h]6_2_0162035C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162035C mov ecx, dword ptr fs:[00000030h]6_2_0162035C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162035C mov eax, dword ptr fs:[00000030h]6_2_0162035C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162035C mov eax, dword ptr fs:[00000030h]6_2_0162035C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159C310 mov ecx, dword ptr fs:[00000030h]6_2_0159C310
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C0310 mov ecx, dword ptr fs:[00000030h]6_2_015C0310
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA30B mov eax, dword ptr fs:[00000030h]6_2_015DA30B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA30B mov eax, dword ptr fs:[00000030h]6_2_015DA30B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA30B mov eax, dword ptr fs:[00000030h]6_2_015DA30B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA3C0 mov eax, dword ptr fs:[00000030h]6_2_015AA3C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA3C0 mov eax, dword ptr fs:[00000030h]6_2_015AA3C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA3C0 mov eax, dword ptr fs:[00000030h]6_2_015AA3C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA3C0 mov eax, dword ptr fs:[00000030h]6_2_015AA3C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA3C0 mov eax, dword ptr fs:[00000030h]6_2_015AA3C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA3C0 mov eax, dword ptr fs:[00000030h]6_2_015AA3C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A83C0 mov eax, dword ptr fs:[00000030h]6_2_015A83C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A83C0 mov eax, dword ptr fs:[00000030h]6_2_015A83C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A83C0 mov eax, dword ptr fs:[00000030h]6_2_015A83C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A83C0 mov eax, dword ptr fs:[00000030h]6_2_015A83C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D63FF mov eax, dword ptr fs:[00000030h]6_2_015D63FF
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016263C0 mov eax, dword ptr fs:[00000030h]6_2_016263C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0165C3CD mov eax, dword ptr fs:[00000030h]6_2_0165C3CD
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BE3F0 mov eax, dword ptr fs:[00000030h]6_2_015BE3F0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BE3F0 mov eax, dword ptr fs:[00000030h]6_2_015BE3F0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BE3F0 mov eax, dword ptr fs:[00000030h]6_2_015BE3F0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016443D4 mov eax, dword ptr fs:[00000030h]6_2_016443D4
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016443D4 mov eax, dword ptr fs:[00000030h]6_2_016443D4
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B03E9 mov eax, dword ptr fs:[00000030h]6_2_015B03E9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B03E9 mov eax, dword ptr fs:[00000030h]6_2_015B03E9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B03E9 mov eax, dword ptr fs:[00000030h]6_2_015B03E9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B03E9 mov eax, dword ptr fs:[00000030h]6_2_015B03E9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B03E9 mov eax, dword ptr fs:[00000030h]6_2_015B03E9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B03E9 mov eax, dword ptr fs:[00000030h]6_2_015B03E9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B03E9 mov eax, dword ptr fs:[00000030h]6_2_015B03E9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B03E9 mov eax, dword ptr fs:[00000030h]6_2_015B03E9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E3DB mov eax, dword ptr fs:[00000030h]6_2_0164E3DB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E3DB mov eax, dword ptr fs:[00000030h]6_2_0164E3DB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E3DB mov ecx, dword ptr fs:[00000030h]6_2_0164E3DB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164E3DB mov eax, dword ptr fs:[00000030h]6_2_0164E3DB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01598397 mov eax, dword ptr fs:[00000030h]6_2_01598397
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01598397 mov eax, dword ptr fs:[00000030h]6_2_01598397
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01598397 mov eax, dword ptr fs:[00000030h]6_2_01598397
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159E388 mov eax, dword ptr fs:[00000030h]6_2_0159E388
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159E388 mov eax, dword ptr fs:[00000030h]6_2_0159E388
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159E388 mov eax, dword ptr fs:[00000030h]6_2_0159E388
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C438F mov eax, dword ptr fs:[00000030h]6_2_015C438F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C438F mov eax, dword ptr fs:[00000030h]6_2_015C438F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A6259 mov eax, dword ptr fs:[00000030h]6_2_015A6259
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159A250 mov eax, dword ptr fs:[00000030h]6_2_0159A250
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01650274 mov eax, dword ptr fs:[00000030h]6_2_01650274
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01628243 mov eax, dword ptr fs:[00000030h]6_2_01628243
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01628243 mov ecx, dword ptr fs:[00000030h]6_2_01628243
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159826B mov eax, dword ptr fs:[00000030h]6_2_0159826B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0165A250 mov eax, dword ptr fs:[00000030h]6_2_0165A250
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0165A250 mov eax, dword ptr fs:[00000030h]6_2_0165A250
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A4260 mov eax, dword ptr fs:[00000030h]6_2_015A4260
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A4260 mov eax, dword ptr fs:[00000030h]6_2_015A4260
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A4260 mov eax, dword ptr fs:[00000030h]6_2_015A4260
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159823B mov eax, dword ptr fs:[00000030h]6_2_0159823B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA2C3 mov eax, dword ptr fs:[00000030h]6_2_015AA2C3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA2C3 mov eax, dword ptr fs:[00000030h]6_2_015AA2C3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA2C3 mov eax, dword ptr fs:[00000030h]6_2_015AA2C3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA2C3 mov eax, dword ptr fs:[00000030h]6_2_015AA2C3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA2C3 mov eax, dword ptr fs:[00000030h]6_2_015AA2C3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B02E1 mov eax, dword ptr fs:[00000030h]6_2_015B02E1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B02E1 mov eax, dword ptr fs:[00000030h]6_2_015B02E1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B02E1 mov eax, dword ptr fs:[00000030h]6_2_015B02E1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016362A0 mov eax, dword ptr fs:[00000030h]6_2_016362A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016362A0 mov ecx, dword ptr fs:[00000030h]6_2_016362A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016362A0 mov eax, dword ptr fs:[00000030h]6_2_016362A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016362A0 mov eax, dword ptr fs:[00000030h]6_2_016362A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016362A0 mov eax, dword ptr fs:[00000030h]6_2_016362A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016362A0 mov eax, dword ptr fs:[00000030h]6_2_016362A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE284 mov eax, dword ptr fs:[00000030h]6_2_015DE284
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE284 mov eax, dword ptr fs:[00000030h]6_2_015DE284
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01620283 mov eax, dword ptr fs:[00000030h]6_2_01620283
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01620283 mov eax, dword ptr fs:[00000030h]6_2_01620283
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01620283 mov eax, dword ptr fs:[00000030h]6_2_01620283
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B02A0 mov eax, dword ptr fs:[00000030h]6_2_015B02A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B02A0 mov eax, dword ptr fs:[00000030h]6_2_015B02A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8550 mov eax, dword ptr fs:[00000030h]6_2_015A8550
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8550 mov eax, dword ptr fs:[00000030h]6_2_015A8550
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D656A mov eax, dword ptr fs:[00000030h]6_2_015D656A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D656A mov eax, dword ptr fs:[00000030h]6_2_015D656A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D656A mov eax, dword ptr fs:[00000030h]6_2_015D656A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE53E mov eax, dword ptr fs:[00000030h]6_2_015CE53E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE53E mov eax, dword ptr fs:[00000030h]6_2_015CE53E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE53E mov eax, dword ptr fs:[00000030h]6_2_015CE53E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE53E mov eax, dword ptr fs:[00000030h]6_2_015CE53E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE53E mov eax, dword ptr fs:[00000030h]6_2_015CE53E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01636500 mov eax, dword ptr fs:[00000030h]6_2_01636500
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01674500 mov eax, dword ptr fs:[00000030h]6_2_01674500
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01674500 mov eax, dword ptr fs:[00000030h]6_2_01674500
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01674500 mov eax, dword ptr fs:[00000030h]6_2_01674500
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01674500 mov eax, dword ptr fs:[00000030h]6_2_01674500
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01674500 mov eax, dword ptr fs:[00000030h]6_2_01674500
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01674500 mov eax, dword ptr fs:[00000030h]6_2_01674500
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01674500 mov eax, dword ptr fs:[00000030h]6_2_01674500
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0535 mov eax, dword ptr fs:[00000030h]6_2_015B0535
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0535 mov eax, dword ptr fs:[00000030h]6_2_015B0535
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0535 mov eax, dword ptr fs:[00000030h]6_2_015B0535
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0535 mov eax, dword ptr fs:[00000030h]6_2_015B0535
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0535 mov eax, dword ptr fs:[00000030h]6_2_015B0535
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0535 mov eax, dword ptr fs:[00000030h]6_2_015B0535
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A65D0 mov eax, dword ptr fs:[00000030h]6_2_015A65D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA5D0 mov eax, dword ptr fs:[00000030h]6_2_015DA5D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA5D0 mov eax, dword ptr fs:[00000030h]6_2_015DA5D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE5CF mov eax, dword ptr fs:[00000030h]6_2_015DE5CF
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE5CF mov eax, dword ptr fs:[00000030h]6_2_015DE5CF
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DC5ED mov eax, dword ptr fs:[00000030h]6_2_015DC5ED
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DC5ED mov eax, dword ptr fs:[00000030h]6_2_015DC5ED
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A25E0 mov eax, dword ptr fs:[00000030h]6_2_015A25E0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE5E7 mov eax, dword ptr fs:[00000030h]6_2_015CE5E7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE5E7 mov eax, dword ptr fs:[00000030h]6_2_015CE5E7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE5E7 mov eax, dword ptr fs:[00000030h]6_2_015CE5E7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE5E7 mov eax, dword ptr fs:[00000030h]6_2_015CE5E7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE5E7 mov eax, dword ptr fs:[00000030h]6_2_015CE5E7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE5E7 mov eax, dword ptr fs:[00000030h]6_2_015CE5E7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE5E7 mov eax, dword ptr fs:[00000030h]6_2_015CE5E7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE5E7 mov eax, dword ptr fs:[00000030h]6_2_015CE5E7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE59C mov eax, dword ptr fs:[00000030h]6_2_015DE59C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016205A7 mov eax, dword ptr fs:[00000030h]6_2_016205A7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016205A7 mov eax, dword ptr fs:[00000030h]6_2_016205A7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016205A7 mov eax, dword ptr fs:[00000030h]6_2_016205A7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D4588 mov eax, dword ptr fs:[00000030h]6_2_015D4588
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A2582 mov eax, dword ptr fs:[00000030h]6_2_015A2582
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A2582 mov ecx, dword ptr fs:[00000030h]6_2_015A2582
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C45B1 mov eax, dword ptr fs:[00000030h]6_2_015C45B1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C45B1 mov eax, dword ptr fs:[00000030h]6_2_015C45B1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162C460 mov ecx, dword ptr fs:[00000030h]6_2_0162C460
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159645D mov eax, dword ptr fs:[00000030h]6_2_0159645D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C245A mov eax, dword ptr fs:[00000030h]6_2_015C245A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE443 mov eax, dword ptr fs:[00000030h]6_2_015DE443
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE443 mov eax, dword ptr fs:[00000030h]6_2_015DE443
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE443 mov eax, dword ptr fs:[00000030h]6_2_015DE443
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE443 mov eax, dword ptr fs:[00000030h]6_2_015DE443
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE443 mov eax, dword ptr fs:[00000030h]6_2_015DE443
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE443 mov eax, dword ptr fs:[00000030h]6_2_015DE443
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE443 mov eax, dword ptr fs:[00000030h]6_2_015DE443
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DE443 mov eax, dword ptr fs:[00000030h]6_2_015DE443
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CA470 mov eax, dword ptr fs:[00000030h]6_2_015CA470
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CA470 mov eax, dword ptr fs:[00000030h]6_2_015CA470
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CA470 mov eax, dword ptr fs:[00000030h]6_2_015CA470
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0165A456 mov eax, dword ptr fs:[00000030h]6_2_0165A456
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01626420 mov eax, dword ptr fs:[00000030h]6_2_01626420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01626420 mov eax, dword ptr fs:[00000030h]6_2_01626420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01626420 mov eax, dword ptr fs:[00000030h]6_2_01626420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01626420 mov eax, dword ptr fs:[00000030h]6_2_01626420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01626420 mov eax, dword ptr fs:[00000030h]6_2_01626420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01626420 mov eax, dword ptr fs:[00000030h]6_2_01626420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01626420 mov eax, dword ptr fs:[00000030h]6_2_01626420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D8402 mov eax, dword ptr fs:[00000030h]6_2_015D8402
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D8402 mov eax, dword ptr fs:[00000030h]6_2_015D8402
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D8402 mov eax, dword ptr fs:[00000030h]6_2_015D8402
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA430 mov eax, dword ptr fs:[00000030h]6_2_015DA430
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159E420 mov eax, dword ptr fs:[00000030h]6_2_0159E420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159E420 mov eax, dword ptr fs:[00000030h]6_2_0159E420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159E420 mov eax, dword ptr fs:[00000030h]6_2_0159E420
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159C427 mov eax, dword ptr fs:[00000030h]6_2_0159C427
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A04E5 mov ecx, dword ptr fs:[00000030h]6_2_015A04E5
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162A4B0 mov eax, dword ptr fs:[00000030h]6_2_0162A4B0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D44B0 mov ecx, dword ptr fs:[00000030h]6_2_015D44B0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A64AB mov eax, dword ptr fs:[00000030h]6_2_015A64AB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0165A49A mov eax, dword ptr fs:[00000030h]6_2_0165A49A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0750 mov eax, dword ptr fs:[00000030h]6_2_015A0750
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2750 mov eax, dword ptr fs:[00000030h]6_2_015E2750
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2750 mov eax, dword ptr fs:[00000030h]6_2_015E2750
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D674D mov esi, dword ptr fs:[00000030h]6_2_015D674D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D674D mov eax, dword ptr fs:[00000030h]6_2_015D674D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D674D mov eax, dword ptr fs:[00000030h]6_2_015D674D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8770 mov eax, dword ptr fs:[00000030h]6_2_015A8770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0770 mov eax, dword ptr fs:[00000030h]6_2_015B0770
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01624755 mov eax, dword ptr fs:[00000030h]6_2_01624755
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162E75D mov eax, dword ptr fs:[00000030h]6_2_0162E75D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0710 mov eax, dword ptr fs:[00000030h]6_2_015A0710
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D0710 mov eax, dword ptr fs:[00000030h]6_2_015D0710
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161C730 mov eax, dword ptr fs:[00000030h]6_2_0161C730
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DC700 mov eax, dword ptr fs:[00000030h]6_2_015DC700
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D273C mov eax, dword ptr fs:[00000030h]6_2_015D273C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D273C mov ecx, dword ptr fs:[00000030h]6_2_015D273C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D273C mov eax, dword ptr fs:[00000030h]6_2_015D273C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DC720 mov eax, dword ptr fs:[00000030h]6_2_015DC720
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DC720 mov eax, dword ptr fs:[00000030h]6_2_015DC720
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162E7E1 mov eax, dword ptr fs:[00000030h]6_2_0162E7E1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AC7C0 mov eax, dword ptr fs:[00000030h]6_2_015AC7C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A47FB mov eax, dword ptr fs:[00000030h]6_2_015A47FB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A47FB mov eax, dword ptr fs:[00000030h]6_2_015A47FB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016207C3 mov eax, dword ptr fs:[00000030h]6_2_016207C3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C27ED mov eax, dword ptr fs:[00000030h]6_2_015C27ED
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C27ED mov eax, dword ptr fs:[00000030h]6_2_015C27ED
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C27ED mov eax, dword ptr fs:[00000030h]6_2_015C27ED
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016547A0 mov eax, dword ptr fs:[00000030h]6_2_016547A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164678E mov eax, dword ptr fs:[00000030h]6_2_0164678E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A07AF mov eax, dword ptr fs:[00000030h]6_2_015A07AF
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166866E mov eax, dword ptr fs:[00000030h]6_2_0166866E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166866E mov eax, dword ptr fs:[00000030h]6_2_0166866E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BC640 mov eax, dword ptr fs:[00000030h]6_2_015BC640
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D2674 mov eax, dword ptr fs:[00000030h]6_2_015D2674
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA660 mov eax, dword ptr fs:[00000030h]6_2_015DA660
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA660 mov eax, dword ptr fs:[00000030h]6_2_015DA660
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E2619 mov eax, dword ptr fs:[00000030h]6_2_015E2619
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B260B mov eax, dword ptr fs:[00000030h]6_2_015B260B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B260B mov eax, dword ptr fs:[00000030h]6_2_015B260B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B260B mov eax, dword ptr fs:[00000030h]6_2_015B260B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B260B mov eax, dword ptr fs:[00000030h]6_2_015B260B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B260B mov eax, dword ptr fs:[00000030h]6_2_015B260B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B260B mov eax, dword ptr fs:[00000030h]6_2_015B260B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B260B mov eax, dword ptr fs:[00000030h]6_2_015B260B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E609 mov eax, dword ptr fs:[00000030h]6_2_0161E609
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A262C mov eax, dword ptr fs:[00000030h]6_2_015A262C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015BE627 mov eax, dword ptr fs:[00000030h]6_2_015BE627
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D6620 mov eax, dword ptr fs:[00000030h]6_2_015D6620
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D8620 mov eax, dword ptr fs:[00000030h]6_2_015D8620
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E6F2 mov eax, dword ptr fs:[00000030h]6_2_0161E6F2
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E6F2 mov eax, dword ptr fs:[00000030h]6_2_0161E6F2
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E6F2 mov eax, dword ptr fs:[00000030h]6_2_0161E6F2
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E6F2 mov eax, dword ptr fs:[00000030h]6_2_0161E6F2
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016206F1 mov eax, dword ptr fs:[00000030h]6_2_016206F1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016206F1 mov eax, dword ptr fs:[00000030h]6_2_016206F1
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA6C7 mov ebx, dword ptr fs:[00000030h]6_2_015DA6C7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA6C7 mov eax, dword ptr fs:[00000030h]6_2_015DA6C7
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A4690 mov eax, dword ptr fs:[00000030h]6_2_015A4690
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A4690 mov eax, dword ptr fs:[00000030h]6_2_015A4690
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D66B0 mov eax, dword ptr fs:[00000030h]6_2_015D66B0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DC6A6 mov eax, dword ptr fs:[00000030h]6_2_015DC6A6
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01644978 mov eax, dword ptr fs:[00000030h]6_2_01644978
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01644978 mov eax, dword ptr fs:[00000030h]6_2_01644978
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162C97C mov eax, dword ptr fs:[00000030h]6_2_0162C97C
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01620946 mov eax, dword ptr fs:[00000030h]6_2_01620946
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E096E mov eax, dword ptr fs:[00000030h]6_2_015E096E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E096E mov edx, dword ptr fs:[00000030h]6_2_015E096E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015E096E mov eax, dword ptr fs:[00000030h]6_2_015E096E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C6962 mov eax, dword ptr fs:[00000030h]6_2_015C6962
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C6962 mov eax, dword ptr fs:[00000030h]6_2_015C6962
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C6962 mov eax, dword ptr fs:[00000030h]6_2_015C6962
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01598918 mov eax, dword ptr fs:[00000030h]6_2_01598918
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01598918 mov eax, dword ptr fs:[00000030h]6_2_01598918
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162892A mov eax, dword ptr fs:[00000030h]6_2_0162892A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0163892B mov eax, dword ptr fs:[00000030h]6_2_0163892B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E908 mov eax, dword ptr fs:[00000030h]6_2_0161E908
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161E908 mov eax, dword ptr fs:[00000030h]6_2_0161E908
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162C912 mov eax, dword ptr fs:[00000030h]6_2_0162C912
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162E9E0 mov eax, dword ptr fs:[00000030h]6_2_0162E9E0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA9D0 mov eax, dword ptr fs:[00000030h]6_2_015AA9D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA9D0 mov eax, dword ptr fs:[00000030h]6_2_015AA9D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA9D0 mov eax, dword ptr fs:[00000030h]6_2_015AA9D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA9D0 mov eax, dword ptr fs:[00000030h]6_2_015AA9D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA9D0 mov eax, dword ptr fs:[00000030h]6_2_015AA9D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AA9D0 mov eax, dword ptr fs:[00000030h]6_2_015AA9D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D49D0 mov eax, dword ptr fs:[00000030h]6_2_015D49D0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016369C0 mov eax, dword ptr fs:[00000030h]6_2_016369C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D29F9 mov eax, dword ptr fs:[00000030h]6_2_015D29F9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D29F9 mov eax, dword ptr fs:[00000030h]6_2_015D29F9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166A9D3 mov eax, dword ptr fs:[00000030h]6_2_0166A9D3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016289B3 mov esi, dword ptr fs:[00000030h]6_2_016289B3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016289B3 mov eax, dword ptr fs:[00000030h]6_2_016289B3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_016289B3 mov eax, dword ptr fs:[00000030h]6_2_016289B3
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A09AD mov eax, dword ptr fs:[00000030h]6_2_015A09AD
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A09AD mov eax, dword ptr fs:[00000030h]6_2_015A09AD
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B29A0 mov eax, dword ptr fs:[00000030h]6_2_015B29A0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A4859 mov eax, dword ptr fs:[00000030h]6_2_015A4859
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A4859 mov eax, dword ptr fs:[00000030h]6_2_015A4859
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D0854 mov eax, dword ptr fs:[00000030h]6_2_015D0854
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162E872 mov eax, dword ptr fs:[00000030h]6_2_0162E872
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162E872 mov eax, dword ptr fs:[00000030h]6_2_0162E872
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01636870 mov eax, dword ptr fs:[00000030h]6_2_01636870
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01636870 mov eax, dword ptr fs:[00000030h]6_2_01636870
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B2840 mov ecx, dword ptr fs:[00000030h]6_2_015B2840
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164483A mov eax, dword ptr fs:[00000030h]6_2_0164483A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164483A mov eax, dword ptr fs:[00000030h]6_2_0164483A
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C2835 mov eax, dword ptr fs:[00000030h]6_2_015C2835
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C2835 mov eax, dword ptr fs:[00000030h]6_2_015C2835
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C2835 mov eax, dword ptr fs:[00000030h]6_2_015C2835
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C2835 mov ecx, dword ptr fs:[00000030h]6_2_015C2835
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C2835 mov eax, dword ptr fs:[00000030h]6_2_015C2835
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C2835 mov eax, dword ptr fs:[00000030h]6_2_015C2835
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DA830 mov eax, dword ptr fs:[00000030h]6_2_015DA830
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162C810 mov eax, dword ptr fs:[00000030h]6_2_0162C810
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166A8E4 mov eax, dword ptr fs:[00000030h]6_2_0166A8E4
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CE8C0 mov eax, dword ptr fs:[00000030h]6_2_015CE8C0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DC8F9 mov eax, dword ptr fs:[00000030h]6_2_015DC8F9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DC8F9 mov eax, dword ptr fs:[00000030h]6_2_015DC8F9
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0887 mov eax, dword ptr fs:[00000030h]6_2_015A0887
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162C89D mov eax, dword ptr fs:[00000030h]6_2_0162C89D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01636B40 mov eax, dword ptr fs:[00000030h]6_2_01636B40
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01636B40 mov eax, dword ptr fs:[00000030h]6_2_01636B40
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0166AB40 mov eax, dword ptr fs:[00000030h]6_2_0166AB40
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01648B42 mov eax, dword ptr fs:[00000030h]6_2_01648B42
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0159CB7E mov eax, dword ptr fs:[00000030h]6_2_0159CB7E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01654B4B mov eax, dword ptr fs:[00000030h]6_2_01654B4B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01654B4B mov eax, dword ptr fs:[00000030h]6_2_01654B4B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164EB50 mov eax, dword ptr fs:[00000030h]6_2_0164EB50
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01668B28 mov eax, dword ptr fs:[00000030h]6_2_01668B28
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01668B28 mov eax, dword ptr fs:[00000030h]6_2_01668B28
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161EB1D mov eax, dword ptr fs:[00000030h]6_2_0161EB1D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161EB1D mov eax, dword ptr fs:[00000030h]6_2_0161EB1D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161EB1D mov eax, dword ptr fs:[00000030h]6_2_0161EB1D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161EB1D mov eax, dword ptr fs:[00000030h]6_2_0161EB1D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161EB1D mov eax, dword ptr fs:[00000030h]6_2_0161EB1D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161EB1D mov eax, dword ptr fs:[00000030h]6_2_0161EB1D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161EB1D mov eax, dword ptr fs:[00000030h]6_2_0161EB1D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161EB1D mov eax, dword ptr fs:[00000030h]6_2_0161EB1D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161EB1D mov eax, dword ptr fs:[00000030h]6_2_0161EB1D
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CEB20 mov eax, dword ptr fs:[00000030h]6_2_015CEB20
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CEB20 mov eax, dword ptr fs:[00000030h]6_2_015CEB20
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162CBF0 mov eax, dword ptr fs:[00000030h]6_2_0162CBF0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C0BCB mov eax, dword ptr fs:[00000030h]6_2_015C0BCB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C0BCB mov eax, dword ptr fs:[00000030h]6_2_015C0BCB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C0BCB mov eax, dword ptr fs:[00000030h]6_2_015C0BCB
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0BCD mov eax, dword ptr fs:[00000030h]6_2_015A0BCD
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0BCD mov eax, dword ptr fs:[00000030h]6_2_015A0BCD
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0BCD mov eax, dword ptr fs:[00000030h]6_2_015A0BCD
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CEBFC mov eax, dword ptr fs:[00000030h]6_2_015CEBFC
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8BF0 mov eax, dword ptr fs:[00000030h]6_2_015A8BF0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8BF0 mov eax, dword ptr fs:[00000030h]6_2_015A8BF0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8BF0 mov eax, dword ptr fs:[00000030h]6_2_015A8BF0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164EBD0 mov eax, dword ptr fs:[00000030h]6_2_0164EBD0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01654BB0 mov eax, dword ptr fs:[00000030h]6_2_01654BB0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01654BB0 mov eax, dword ptr fs:[00000030h]6_2_01654BB0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0BBE mov eax, dword ptr fs:[00000030h]6_2_015B0BBE
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0BBE mov eax, dword ptr fs:[00000030h]6_2_015B0BBE
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0A5B mov eax, dword ptr fs:[00000030h]6_2_015B0A5B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015B0A5B mov eax, dword ptr fs:[00000030h]6_2_015B0A5B
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0164EA60 mov eax, dword ptr fs:[00000030h]6_2_0164EA60
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A6A50 mov eax, dword ptr fs:[00000030h]6_2_015A6A50
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A6A50 mov eax, dword ptr fs:[00000030h]6_2_015A6A50
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A6A50 mov eax, dword ptr fs:[00000030h]6_2_015A6A50
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A6A50 mov eax, dword ptr fs:[00000030h]6_2_015A6A50
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A6A50 mov eax, dword ptr fs:[00000030h]6_2_015A6A50
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A6A50 mov eax, dword ptr fs:[00000030h]6_2_015A6A50
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A6A50 mov eax, dword ptr fs:[00000030h]6_2_015A6A50
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161CA72 mov eax, dword ptr fs:[00000030h]6_2_0161CA72
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0161CA72 mov eax, dword ptr fs:[00000030h]6_2_0161CA72
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DCA6F mov eax, dword ptr fs:[00000030h]6_2_015DCA6F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DCA6F mov eax, dword ptr fs:[00000030h]6_2_015DCA6F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DCA6F mov eax, dword ptr fs:[00000030h]6_2_015DCA6F
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DCA38 mov eax, dword ptr fs:[00000030h]6_2_015DCA38
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C4A35 mov eax, dword ptr fs:[00000030h]6_2_015C4A35
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015C4A35 mov eax, dword ptr fs:[00000030h]6_2_015C4A35
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015CEA2E mov eax, dword ptr fs:[00000030h]6_2_015CEA2E
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_0162CA11 mov eax, dword ptr fs:[00000030h]6_2_0162CA11
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DCA24 mov eax, dword ptr fs:[00000030h]6_2_015DCA24
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0AD0 mov eax, dword ptr fs:[00000030h]6_2_015A0AD0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D4AD0 mov eax, dword ptr fs:[00000030h]6_2_015D4AD0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D4AD0 mov eax, dword ptr fs:[00000030h]6_2_015D4AD0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015F6ACC mov eax, dword ptr fs:[00000030h]6_2_015F6ACC
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015F6ACC mov eax, dword ptr fs:[00000030h]6_2_015F6ACC
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015F6ACC mov eax, dword ptr fs:[00000030h]6_2_015F6ACC
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DAAEE mov eax, dword ptr fs:[00000030h]6_2_015DAAEE
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015DAAEE mov eax, dword ptr fs:[00000030h]6_2_015DAAEE
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015D8A90 mov edx, dword ptr fs:[00000030h]6_2_015D8A90
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AEA80 mov eax, dword ptr fs:[00000030h]6_2_015AEA80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AEA80 mov eax, dword ptr fs:[00000030h]6_2_015AEA80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AEA80 mov eax, dword ptr fs:[00000030h]6_2_015AEA80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AEA80 mov eax, dword ptr fs:[00000030h]6_2_015AEA80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AEA80 mov eax, dword ptr fs:[00000030h]6_2_015AEA80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AEA80 mov eax, dword ptr fs:[00000030h]6_2_015AEA80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AEA80 mov eax, dword ptr fs:[00000030h]6_2_015AEA80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AEA80 mov eax, dword ptr fs:[00000030h]6_2_015AEA80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015AEA80 mov eax, dword ptr fs:[00000030h]6_2_015AEA80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_01674A80 mov eax, dword ptr fs:[00000030h]6_2_01674A80
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8AA0 mov eax, dword ptr fs:[00000030h]6_2_015A8AA0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8AA0 mov eax, dword ptr fs:[00000030h]6_2_015A8AA0
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015F6AA4 mov eax, dword ptr fs:[00000030h]6_2_015F6AA4
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0D59 mov eax, dword ptr fs:[00000030h]6_2_015A0D59
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0D59 mov eax, dword ptr fs:[00000030h]6_2_015A0D59
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A0D59 mov eax, dword ptr fs:[00000030h]6_2_015A0D59
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8D59 mov eax, dword ptr fs:[00000030h]6_2_015A8D59
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8D59 mov eax, dword ptr fs:[00000030h]6_2_015A8D59
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8D59 mov eax, dword ptr fs:[00000030h]6_2_015A8D59
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeCode function: 6_2_015A8D59 mov eax, dword ptr fs:[00000030h]6_2_015A8D59
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeMemory written: C:\Users\user\Desktop\xCSONUFhmq.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeProcess created: C:\Users\user\Desktop\xCSONUFhmq.exe "C:\Users\user\Desktop\xCSONUFhmq.exe"Jump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeQueries volume information: C:\Users\user\Desktop\xCSONUFhmq.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\xCSONUFhmq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.xCSONUFhmq.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.xCSONUFhmq.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.1991467804.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.xCSONUFhmq.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.xCSONUFhmq.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.1991467804.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            xCSONUFhmq.exe81%VirustotalBrowse
            xCSONUFhmq.exe68%ReversingLabsWin32.Trojan.Jalapeno
            xCSONUFhmq.exe100%AviraHEUR/AGEN.1309499
            xCSONUFhmq.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            s-part-0017.t-0009.t-msedge.net
            		13.107.246.45
            		truefalse
              		high

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1588763
              Start date and time:2025-01-11 05:18:41 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 48s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Run name:Run with higher sleep bypass
              Number of analysed new started processes analysed:10
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:xCSONUFhmq.exe
              renamed because original name is a hash value
              Original Sample Name:1d73078a32ebe241da92d570848accc314fee357579114c1260ac86e1ae84ce9.exe
              Detection:MAL
              Classification:mal84.troj.evad.winEXE@3/1@0/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 93%
              • Number of executed functions: 36
              • Number of non-executed functions: 271
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
              • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 13.107.246.45, 184.28.90.27, 4.245.163.56
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              s-part-0017.t-0009.t-msedge.net5n2U8ZZZbc.exeGet hashmaliciousFormBookBrowse
              • 13.107.246.45
              iJCj3AQIBC.exeGet hashmaliciousRevengeRATBrowse
              • 13.107.246.45
              leUmNO9XPu.exeGet hashmaliciousHawkEye, MailPassViewBrowse
              • 13.107.246.45
              2976587-987347589.08.exeGet hashmaliciousNitolBrowse
              • 13.107.246.45
              of5HklY9qP.exeGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              yMXFgPOdf2.exeGet hashmaliciousGuLoaderBrowse
              • 13.107.246.45
              1dVtYIvfHz.exeGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              FJRUb5lb9m.exeGet hashmaliciousFormBookBrowse
              • 13.107.246.45
              5hD3Yjf7xD.exeGet hashmaliciousAgentTeslaBrowse
              • 13.107.246.45
              02Eh1ah35H.exeGet hashmaliciousGuLoaderBrowse
              • 13.107.246.45

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\xCSONUFhmq.exe.log

              Download File
              Process:C:\Users\user\Desktop\xCSONUFhmq.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1216
              Entropy (8bit):5.34331486778365
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
              MD5:1330C80CAAC9A0FB172F202485E9B1E8
              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
              Malicious:true
              Reputation:high, very likely benign file
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.770366576540085
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Generic Win/DOS Executable (2004/3) 0.01%
              File name:xCSONUFhmq.exe
              File size:754'176 bytes
              MD5:a6a667c80a8e08466e8845c6833f6f00
              SHA1:8aace8c51a7b19525bd77fe7befda64f92d04c68
              SHA256:1d73078a32ebe241da92d570848accc314fee357579114c1260ac86e1ae84ce9
              SHA512:f142e8c8d3db560656c584696c7fe851a53c44fe15974e784a6245953b9627551ceeb9e97997cdf02528b18e6ccd6eda2e0e41af7e8c4e881497050f38aa72b3
              SSDEEP:12288:CSZOEiavGynJ/Z3emR7h+wV8pQjGfxnHYIgAeaBEFSiqQhd2S8IJl7Fb43PK5usl:XZOdvyRf7TWuGHYBAeaufb7JBxz
              TLSH:27F4019C6606D912CA9097B41AB2F2B927B87EDDAA01D3038FDD6CFBB875F004D44253
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0?6...............0..x............... ........@.. ....................................@................................

              File Icon

              Icon Hash:00928e8e8686b000

              Static PE Info

              General

              Entrypoint:0x4b968a
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0x98363F30 [Sat Dec 3 14:52:32 2050 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xb96350x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xba0000x5a4.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xbc0000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0xb79d40x70.text
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xb76900xb78007dd5dc0c93e5ae91816fd41db479697bFalse0.9196118762772479data7.777347223162714IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xba0000x5a40x600a237330c0b98aeec2593cd33b7d579afFalse0.4205729166666667data4.067342957462682IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xbc0000xc0x200937314a3b5661e94245dd6832e016dd5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0xba0900x314data0.4352791878172589
              RT_MANIFEST0xba3b40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jan 11, 2025 05:19:29.072288036 CET1.1.1.1192.168.2.90x76c7No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Jan 11, 2025 05:19:29.072288036 CET1.1.1.1192.168.2.90x76c7No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:1
              Start time:23:19:32
              Start date:10/01/2025
              Path:C:\Users\user\Desktop\xCSONUFhmq.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\xCSONUFhmq.exe"
              Imagebase:0x920000
              File size:754'176 bytes
              MD5 hash:A6A667C80A8E08466E8845C6833F6F00
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:6
              Start time:23:19:53
              Start date:10/01/2025
              Path:C:\Users\user\Desktop\xCSONUFhmq.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\xCSONUFhmq.exe"
              Imagebase:0xa40000
              File size:754'176 bytes
              MD5 hash:A6A667C80A8E08466E8845C6833F6F00
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.1991467804.0000000001090000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:8.9%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:4.3%
                Total number of Nodes:163
                Total number of Limit Nodes:9
                execution_graph 35728 722a950 35729 722a990 ResumeThread 35728->35729 35731 722a9c1 35729->35731 35732 722ba90 35733 722bb19 35732->35733 35733->35733 35734 722bc7e CreateProcessA 35733->35734 35735 722bcdb 35734->35735 35661 11fd478 35662 11fd4be 35661->35662 35666 11fd658 35662->35666 35669 11fd647 35662->35669 35663 11fd5ab 35672 11fb7d0 35666->35672 35670 11fd686 35669->35670 35671 11fb7d0 DuplicateHandle 35669->35671 35670->35663 35671->35670 35673 11fd6c0 DuplicateHandle 35672->35673 35674 11fd686 35673->35674 35674->35663 35736 11f4668 35737 11f467a 35736->35737 35741 11f4686 35737->35741 35742 11f4778 35737->35742 35739 11f46a5 35747 11f3e34 35741->35747 35743 11f479d 35742->35743 35751 11f4878 35743->35751 35755 11f4888 35743->35755 35748 11f3e3f 35747->35748 35763 11f5c7c 35748->35763 35750 11f6ff1 35750->35739 35752 11f4888 35751->35752 35753 11f498c 35752->35753 35759 11f44b4 35752->35759 35757 11f48af 35755->35757 35756 11f498c 35756->35756 35757->35756 35758 11f44b4 CreateActCtxA 35757->35758 35758->35756 35760 11f5918 CreateActCtxA 35759->35760 35762 11f59db 35760->35762 35764 11f5c87 35763->35764 35767 11f5c9c 35764->35767 35766 11f712d 35766->35750 35768 11f5ca7 35767->35768 35771 11f5ccc 35768->35771 35770 11f7202 35770->35766 35772 11f5cd7 35771->35772 35775 11f5cfc 35772->35775 35774 11f7305 35774->35770 35776 11f5d07 35775->35776 35778 11f860b 35776->35778 35783 11facb8 35776->35783 35777 11f8649 35777->35774 35778->35777 35787 11fcda0 35778->35787 35792 11fcdb0 35778->35792 35797 11fcdaf 35778->35797 35802 11facdf 35783->35802 35806 11facf0 35783->35806 35784 11facce 35784->35778 35789 11fcdcd 35787->35789 35788 11fcdf5 35788->35777 35789->35788 35820 11fcf1d 35789->35820 35824 11fcf60 35789->35824 35793 11fcdd1 35792->35793 35794 11fcdf5 35793->35794 35795 11fcf1d 2 API calls 35793->35795 35796 11fcf60 2 API calls 35793->35796 35794->35777 35795->35794 35796->35794 35798 11fcdd1 35797->35798 35799 11fcdf5 35798->35799 35800 11fcf1d 2 API calls 35798->35800 35801 11fcf60 2 API calls 35798->35801 35799->35777 35800->35799 35801->35799 35810 11fadd8 35802->35810 35815 11fade8 35802->35815 35803 11facff 35803->35784 35807 11facff 35806->35807 35808 11fadd8 GetModuleHandleW 35806->35808 35809 11fade8 GetModuleHandleW 35806->35809 35807->35784 35808->35807 35809->35807 35811 11fae1c 35810->35811 35812 11fadf9 35810->35812 35811->35803 35812->35811 35813 11fb020 GetModuleHandleW 35812->35813 35814 11fb04d 35813->35814 35814->35803 35816 11fae1c 35815->35816 35817 11fadf9 35815->35817 35816->35803 35817->35816 35818 11fb020 GetModuleHandleW 35817->35818 35819 11fb04d 35818->35819 35819->35803 35821 11fcf4d 35820->35821 35822 11fcfa7 35821->35822 35828 11fb7c0 35821->35828 35822->35788 35826 11fcf6d 35824->35826 35825 11fb7c0 2 API calls 35827 11fcfa7 35825->35827 35826->35825 35826->35827 35827->35788 35829 11fb7cb 35828->35829 35831 11fdcb8 35829->35831 35832 11fd0c4 35829->35832 35831->35831 35833 11fd0cf 35832->35833 35834 11f5cfc 2 API calls 35833->35834 35835 11fdd27 35834->35835 35835->35831 35653 722ae38 35654 722ae7d Wow64SetThreadContext 35653->35654 35656 722aec5 35654->35656 35657 722b8f8 35658 722b943 ReadProcessMemory 35657->35658 35660 722b987 35658->35660 35675 722b748 35676 722b788 VirtualAllocEx 35675->35676 35678 722b7c5 35676->35678 35679 722db48 35680 722dcd3 35679->35680 35682 722db6e 35679->35682 35682->35680 35683 722b390 35682->35683 35684 722ddc8 PostMessageW 35683->35684 35685 722de34 35684->35685 35685->35682 35686 f6d01c 35687 f6d034 35686->35687 35688 f6d08e 35687->35688 35691 5262818 35687->35691 35696 5262809 35687->35696 35692 5262845 35691->35692 35693 5262877 35692->35693 35701 5262da8 35692->35701 35705 5262d98 35692->35705 35697 5262845 35696->35697 35698 5262877 35697->35698 35699 5262da8 2 API calls 35697->35699 35700 5262d98 2 API calls 35697->35700 35699->35698 35700->35698 35703 5262dbc 35701->35703 35702 5262e48 35702->35693 35709 5262e60 35703->35709 35707 5262dbc 35705->35707 35706 5262e48 35706->35693 35708 5262e60 2 API calls 35707->35708 35708->35706 35710 5262e71 35709->35710 35712 5264022 35709->35712 35710->35702 35716 5264040 35712->35716 35720 5264050 35712->35720 35713 526403a 35713->35710 35717 5264050 35716->35717 35718 52640ea CallWindowProcW 35717->35718 35719 5264099 35717->35719 35718->35719 35719->35713 35721 5264092 35720->35721 35723 5264099 35720->35723 35722 52640ea CallWindowProcW 35721->35722 35721->35723 35722->35723 35723->35713 35724 722b808 35725 722b850 WriteProcessMemory 35724->35725 35727 722b8a7 35725->35727 35836 5266698 35837 52666c2 35836->35837 35844 5266584 35837->35844 35840 5266584 2 API calls 35841 5266730 35840->35841 35842 5266584 2 API calls 35841->35842 35843 526675f 35842->35843 35845 526658f 35844->35845 35848 5266634 35845->35848 35847 5266701 35847->35840 35849 526663f 35848->35849 35851 11f5cfc 2 API calls 35849->35851 35853 11f834a 35849->35853 35850 52672dc 35850->35847 35851->35850 35854 11f8353 35853->35854 35856 11f860b 35854->35856 35857 11facb8 2 API calls 35854->35857 35855 11f8649 35855->35850 35856->35855 35858 11fcdaf 2 API calls 35856->35858 35859 11fcdb0 2 API calls 35856->35859 35860 11fcda0 2 API calls 35856->35860 35857->35856 35858->35855 35859->35855 35860->35855

                Executed Functions

                Function 05266698 Relevance: .5, Instructions: 483COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1559133647.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_5260000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 612f89fc7f4902f85e6f53a8953f1b0b08be5ef605b9ec150add64c7d2ff2bcf
                • Instruction ID: 1f3a1e1d1828cffc3243a9f158954aaf1929c211ec6b423c7a41ec2c6c3c300b
                • Opcode Fuzzy Hash: 612f89fc7f4902f85e6f53a8953f1b0b08be5ef605b9ec150add64c7d2ff2bcf
                • Instruction Fuzzy Hash: 3532B434E11619CFDB14EFA4C894A9DB7B2FF8A304F1185A9D809AB365DB30AD85CF50
                Function 05266688 Relevance: .5, Instructions: 480COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1559133647.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_5260000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca73b99b256d95ff32226aa6c430a2a6f6190f3a11b9589274062f5fbb50760e
                • Instruction ID: 930ab871d5411dd9245cd31d6fb49d88435a12c442deb0edcdfafe2e0fd744c9
                • Opcode Fuzzy Hash: ca73b99b256d95ff32226aa6c430a2a6f6190f3a11b9589274062f5fbb50760e
                • Instruction Fuzzy Hash: A322C334E11219CFDB14EFA4C894A9DB7B2FF8A304F1185A9D809AB365DB34AD85CF50
                Function 0722BA86 Relevance: 1.8, APIs: 1, Instructions: 270processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 0 722ba86-722ba8c 1 722ba38-722ba4a 0->1 2 722ba8e-722bb25 0->2 6 722ba53-722ba78 1->6 7 722ba4c-722ba52 1->7 8 722bb27-722bb31 2->8 9 722bb5e-722bb7e 2->9 7->6 8->9 10 722bb33-722bb35 8->10 18 722bb80-722bb8a 9->18 19 722bbb7-722bbe6 9->19 13 722bb37-722bb41 10->13 14 722bb58-722bb5b 10->14 16 722bb43 13->16 17 722bb45-722bb54 13->17 14->9 16->17 17->17 21 722bb56 17->21 18->19 22 722bb8c-722bb8e 18->22 26 722bbe8-722bbf2 19->26 27 722bc1f-722bcd9 CreateProcessA 19->27 21->14 24 722bb90-722bb9a 22->24 25 722bbb1-722bbb4 22->25 28 722bb9e-722bbad 24->28 29 722bb9c 24->29 25->19 26->27 31 722bbf4-722bbf6 26->31 40 722bce2-722bd68 27->40 41 722bcdb-722bce1 27->41 28->28 30 722bbaf 28->30 29->28 30->25 32 722bbf8-722bc02 31->32 33 722bc19-722bc1c 31->33 35 722bc06-722bc15 32->35 36 722bc04 32->36 33->27 35->35 38 722bc17 35->38 36->35 38->33 51 722bd6a-722bd6e 40->51 52 722bd78-722bd7c 40->52 41->40 51->52 53 722bd70 51->53 54 722bd7e-722bd82 52->54 55 722bd8c-722bd90 52->55 53->52 54->55 56 722bd84 54->56 57 722bd92-722bd96 55->57 58 722bda0-722bda4 55->58 56->55 57->58 59 722bd98 57->59 60 722bdb6-722bdbd 58->60 61 722bda6-722bdac 58->61 59->58 62 722bdd4 60->62 63 722bdbf-722bdce 60->63 61->60 65 722bdd5 62->65 63->62 65->65
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0722BCC6
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: a0039add8e3242f0649ffb6f9a698814540fc1eba007b219602534b011f36ebb
                • Instruction ID: e824dfa133e62ae59098b4f219b1c03911d8e283b08f7f869de58f90c746541e
                • Opcode Fuzzy Hash: a0039add8e3242f0649ffb6f9a698814540fc1eba007b219602534b011f36ebb
                • Instruction Fuzzy Hash: F1A180B1D1032ADFEB24CF68C8417EDBBB2BF48310F148569D808A7250EB759986DF91
                Function 0722BA90 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 66 722ba90-722bb25 68 722bb27-722bb31 66->68 69 722bb5e-722bb7e 66->69 68->69 70 722bb33-722bb35 68->70 76 722bb80-722bb8a 69->76 77 722bbb7-722bbe6 69->77 71 722bb37-722bb41 70->71 72 722bb58-722bb5b 70->72 74 722bb43 71->74 75 722bb45-722bb54 71->75 72->69 74->75 75->75 78 722bb56 75->78 76->77 79 722bb8c-722bb8e 76->79 83 722bbe8-722bbf2 77->83 84 722bc1f-722bcd9 CreateProcessA 77->84 78->72 81 722bb90-722bb9a 79->81 82 722bbb1-722bbb4 79->82 85 722bb9e-722bbad 81->85 86 722bb9c 81->86 82->77 83->84 88 722bbf4-722bbf6 83->88 97 722bce2-722bd68 84->97 98 722bcdb-722bce1 84->98 85->85 87 722bbaf 85->87 86->85 87->82 89 722bbf8-722bc02 88->89 90 722bc19-722bc1c 88->90 92 722bc06-722bc15 89->92 93 722bc04 89->93 90->84 92->92 95 722bc17 92->95 93->92 95->90 108 722bd6a-722bd6e 97->108 109 722bd78-722bd7c 97->109 98->97 108->109 110 722bd70 108->110 111 722bd7e-722bd82 109->111 112 722bd8c-722bd90 109->112 110->109 111->112 113 722bd84 111->113 114 722bd92-722bd96 112->114 115 722bda0-722bda4 112->115 113->112 114->115 116 722bd98 114->116 117 722bdb6-722bdbd 115->117 118 722bda6-722bdac 115->118 116->115 119 722bdd4 117->119 120 722bdbf-722bdce 117->120 118->117 122 722bdd5 119->122 120->119 122->122
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0722BCC6
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: d060f5afba7d0761633b7647dd15bd0fd01ed9e8b926c0eee3774b7f1adb74e5
                • Instruction ID: 45f09076dca035ecdfb33afcce1a13824d413bd3079730150312429e103b2c54
                • Opcode Fuzzy Hash: d060f5afba7d0761633b7647dd15bd0fd01ed9e8b926c0eee3774b7f1adb74e5
                • Instruction Fuzzy Hash: 60916DB1D1072ADFEB24CF68C8417EDBBB2BF48310F148569D808A7250EB759986DF91
                Function 011FADE8 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 123 11fade8-11fadf7 124 11fadf9-11fae06 call 11f9414 123->124 125 11fae23-11fae27 123->125 131 11fae1c 124->131 132 11fae08 124->132 127 11fae3b-11fae7c 125->127 128 11fae29-11fae33 125->128 134 11fae7e-11fae86 127->134 135 11fae89-11fae97 127->135 128->127 131->125 178 11fae0e call 11fb070 132->178 179 11fae0e call 11fb080 132->179 134->135 136 11faebb-11faebd 135->136 137 11fae99-11fae9e 135->137 139 11faec0-11faec7 136->139 140 11faea9 137->140 141 11faea0-11faea7 call 11fa150 137->141 138 11fae14-11fae16 138->131 142 11faf58-11fb018 138->142 145 11faec9-11faed1 139->145 146 11faed4-11faedb 139->146 143 11faeab-11faeb9 140->143 141->143 173 11fb01a-11fb01d 142->173 174 11fb020-11fb04b GetModuleHandleW 142->174 143->139 145->146 149 11faedd-11faee5 146->149 150 11faee8-11faef1 call 11fa160 146->150 149->150 154 11faefe-11faf03 150->154 155 11faef3-11faefb 150->155 156 11faf05-11faf0c 154->156 157 11faf21-11faf2e 154->157 155->154 156->157 159 11faf0e-11faf1e call 11fa170 call 11fa180 156->159 164 11faf51-11faf57 157->164 165 11faf30-11faf4e 157->165 159->157 165->164 173->174 175 11fb04d-11fb053 174->175 176 11fb054-11fb068 174->176 175->176 178->138 179->138
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 011FB03E
                Memory Dump Source
                • Source File: 00000001.00000002.1556123272.00000000011F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_11f0000_xCSONUFhmq.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 900094b36bc7e2c28cdfdb7cb822cd86c6ab17c99d0686774533567595395a68
                • Instruction ID: 1d44276a99bd5b98bd75038b2312a739feb501f20e9a8cfe5c09d579b5deef19
                • Opcode Fuzzy Hash: 900094b36bc7e2c28cdfdb7cb822cd86c6ab17c99d0686774533567595395a68
                • Instruction Fuzzy Hash: A1716770A00B058FE728DF69E44475ABBF1FF88304F00892DD68ADBA41D779E949CB95
                Function 011F44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 180 11f44b4-11f59d9 CreateActCtxA 183 11f59db-11f59e1 180->183 184 11f59e2-11f5a3c 180->184 183->184 191 11f5a3e-11f5a41 184->191 192 11f5a4b-11f5a4f 184->192 191->192 193 11f5a51-11f5a5d 192->193 194 11f5a60 192->194 193->194 195 11f5a61 194->195 195->195
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 011F59C9
                Memory Dump Source
                • Source File: 00000001.00000002.1556123272.00000000011F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_11f0000_xCSONUFhmq.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 84512eea0be5cec96d867064c2c8217ef7726d61382af2899cb6d85591a9c544
                • Instruction ID: f5db038cf76d0fb54955dfbe018f198dec49599c2801caf8cedefb864133b7c6
                • Opcode Fuzzy Hash: 84512eea0be5cec96d867064c2c8217ef7726d61382af2899cb6d85591a9c544
                • Instruction Fuzzy Hash: 1941C1B0C0075DCBDB28CFA9C884BDEBBB6BF49704F60806AD508AB251DB756945CF90
                Function 011F590C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 197 11f590c-11f59d9 CreateActCtxA 199 11f59db-11f59e1 197->199 200 11f59e2-11f5a3c 197->200 199->200 207 11f5a3e-11f5a41 200->207 208 11f5a4b-11f5a4f 200->208 207->208 209 11f5a51-11f5a5d 208->209 210 11f5a60 208->210 209->210 211 11f5a61 210->211 211->211
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 011F59C9
                Memory Dump Source
                • Source File: 00000001.00000002.1556123272.00000000011F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_11f0000_xCSONUFhmq.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: d1649feb36a1aa06e55ff2393830a3982e2d79597cc3bc623e5b68ed81afe67b
                • Instruction ID: 29b7887b34617b34eede34bed430d684b30f7e19bc16c03191938f2cc6140d30
                • Opcode Fuzzy Hash: d1649feb36a1aa06e55ff2393830a3982e2d79597cc3bc623e5b68ed81afe67b
                • Instruction Fuzzy Hash: 4941F1B0C00769CFDB28CFA9C884BDEBBB2BF49704F60806AD508AB251DB755945CF50
                Function 05264050 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 213 5264050-526408c 214 5264092-5264097 213->214 215 526413c-526415c 213->215 216 52640ea-5264122 CallWindowProcW 214->216 217 5264099-52640d0 214->217 221 526415f-526416c 215->221 219 5264124-526412a 216->219 220 526412b-526413a 216->220 223 52640d2-52640d8 217->223 224 52640d9-52640e8 217->224 219->220 220->221 223->224 224->221
                APIs
                • CallWindowProcW.USER32(?,?,?,?,?), ref: 05264111
                Memory Dump Source
                • Source File: 00000001.00000002.1559133647.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_5260000_xCSONUFhmq.jbxd
                Similarity
                • API ID: CallProcWindow
                • String ID:
                • API String ID: 2714655100-0
                • Opcode ID: a820887bad9b6cd86a0f10f7f9c1a951f50f303e6f1fab58010fbfdf7ea09866
                • Instruction ID: c993765d86e3680cb5884d895a8900c0e45ea7ee7d9a674391c5cab5fda322b9
                • Opcode Fuzzy Hash: a820887bad9b6cd86a0f10f7f9c1a951f50f303e6f1fab58010fbfdf7ea09866
                • Instruction Fuzzy Hash: 4C414CB8910305CFDB14DF95C884AAABBF6FF48314F24C499D519AB361D375A841CFA0
                Function 0722B802 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 227 722b802-722b856 230 722b866-722b8a5 WriteProcessMemory 227->230 231 722b858-722b864 227->231 233 722b8a7-722b8ad 230->233 234 722b8ae-722b8de 230->234 231->230 233->234
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0722B898
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: 07e68628713f95cf6ee92d14d10b396784be3008b649f34e45fbb379025eef24
                • Instruction ID: 4a2ea2f655f1602c832c698eb711079cfccf9c4a33cc89807abb285f20ede3bb
                • Opcode Fuzzy Hash: 07e68628713f95cf6ee92d14d10b396784be3008b649f34e45fbb379025eef24
                • Instruction Fuzzy Hash: F8215AB29103599FDB10CFA9C885BEEBBF5FF48310F10842AE518A7240D7799550CBA1
                Function 0722B808 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 238 722b808-722b856 240 722b866-722b8a5 WriteProcessMemory 238->240 241 722b858-722b864 238->241 243 722b8a7-722b8ad 240->243 244 722b8ae-722b8de 240->244 241->240 243->244
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0722B898
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: 65d46493e045b2494bfd6e04b87c488c90a7ee852620df2b5fa06523ef35f7a2
                • Instruction ID: 780366ef161eea779a1ee43079209d4fea53e67aa2987570f6ea0a8720292332
                • Opcode Fuzzy Hash: 65d46493e045b2494bfd6e04b87c488c90a7ee852620df2b5fa06523ef35f7a2
                • Instruction Fuzzy Hash: 93216BB19103599FDF10CFA9C885BEEBBF5FF48310F10842AE518A7240D7799550CBA1
                Function 0722AE30 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 248 722ae30-722ae83 251 722ae93-722ae96 248->251 252 722ae85-722ae91 248->252 253 722ae9d-722aec3 Wow64SetThreadContext 251->253 252->251 254 722aec5-722aecb 253->254 255 722aecc-722aefc 253->255 254->255
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0722AEB6
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 25d24555639744042421306ea05d12eb84c3787ef508a48fa7dbde53bb39588d
                • Instruction ID: c0cd67c108131fe9875fb3f8bae1ca4caa49a6df4ba1c6857b30bb446c1a8857
                • Opcode Fuzzy Hash: 25d24555639744042421306ea05d12eb84c3787ef508a48fa7dbde53bb39588d
                • Instruction Fuzzy Hash: E82168B2D1034A9FDB10DFAAC4857EEBBF4EF48224F14C42AD458A7640C7789A45CFA1
                Function 0722B8F0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 259 722b8f0-722b985 ReadProcessMemory 263 722b987-722b98d 259->263 264 722b98e-722b9be 259->264 263->264
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0722B978
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 72cfc43940d35f2bf7af3db8e36d105081c1f9972d2cf48d367d5c7c88f56c98
                • Instruction ID: b082b14f89e7d0f1754ef2934ecd2cbde5b25c59125f6bdaac16b2866dbda185
                • Opcode Fuzzy Hash: 72cfc43940d35f2bf7af3db8e36d105081c1f9972d2cf48d367d5c7c88f56c98
                • Instruction Fuzzy Hash: 002136B19003599FDB10CFAAC881BEEBBF5FF48320F14842AE558A7640D7799641DBA1
                Function 011FB7D0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 268 11fb7d0-11fd754 DuplicateHandle 270 11fd75d-11fd77a 268->270 271 11fd756-11fd75c 268->271 271->270
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,011FD686,?,?,?,?,?), ref: 011FD747
                Memory Dump Source
                • Source File: 00000001.00000002.1556123272.00000000011F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_11f0000_xCSONUFhmq.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 98209f9c19fd436b7b4796c93b5ff438bc14eba012cd510714edc3c06c9ecfb6
                • Instruction ID: f0a4b1e18faeb5eceff93f7775455de8134244ed8da32479708c211c51092042
                • Opcode Fuzzy Hash: 98209f9c19fd436b7b4796c93b5ff438bc14eba012cd510714edc3c06c9ecfb6
                • Instruction Fuzzy Hash: D321E6B5900749DFDB10CF9AD584AEEBBF4EB48310F14841AE914B7350D375A950CFA5
                Function 0722AE38 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 274 722ae38-722ae83 276 722ae93-722aec3 Wow64SetThreadContext 274->276 277 722ae85-722ae91 274->277 279 722aec5-722aecb 276->279 280 722aecc-722aefc 276->280 277->276 279->280
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0722AEB6
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 6d399a703fa0e09fdd55c662ae95e9f5fd54aeb387891d5843ded0243da9d514
                • Instruction ID: 88f33a894f414d838d25ace97b4cdb6d9f6e976e76b943916e1c45e45b8a29e2
                • Opcode Fuzzy Hash: 6d399a703fa0e09fdd55c662ae95e9f5fd54aeb387891d5843ded0243da9d514
                • Instruction Fuzzy Hash: 872138B1D1034A9FDB10DFAAC4857EEBBF4EF48214F14842AD459A7640C7789A45CFA1
                Function 0722B8F8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 284 722b8f8-722b985 ReadProcessMemory 287 722b987-722b98d 284->287 288 722b98e-722b9be 284->288 287->288
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0722B978
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 6a4852f80f37f08994103acea66176f2b98d5823a375bc5be58fde6761395c46
                • Instruction ID: 9ba8549b06e06739ddb674af82e1db00222ac962a7dcf09048717209e874f8c9
                • Opcode Fuzzy Hash: 6a4852f80f37f08994103acea66176f2b98d5823a375bc5be58fde6761395c46
                • Instruction Fuzzy Hash: 912145B18003599FDB10CFAAC880BEEFBF5FF48310F10842AE518A7240D7799A00CBA1
                Function 011FD6B9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 292 11fd6b9-11fd754 DuplicateHandle 293 11fd75d-11fd77a 292->293 294 11fd756-11fd75c 292->294 294->293
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,011FD686,?,?,?,?,?), ref: 011FD747
                Memory Dump Source
                • Source File: 00000001.00000002.1556123272.00000000011F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_11f0000_xCSONUFhmq.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: b933214dd5dca28e3a3dd24ee27a247a63bd312b2c17466fe99cb1fec31b3091
                • Instruction ID: d00d3192bc63ee2aab3cdd6ab96e14d222c3f4bf38b3a5ddcc390adc8282ea99
                • Opcode Fuzzy Hash: b933214dd5dca28e3a3dd24ee27a247a63bd312b2c17466fe99cb1fec31b3091
                • Instruction Fuzzy Hash: 2F21E4B5D00249DFDB10CFAAD584AEEBBF4EB48314F14846AE914A7350C378A954CF61
                Function 0722B742 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 297 722b742-722b78b 300 722b792-722b7c3 VirtualAllocEx 297->300 301 722b7c5-722b7cb 300->301 302 722b7cc-722b7f1 300->302 301->302
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0722B7B6
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 4db0762e116b63d2be44a127dd9e396eb2b145166923e5937f154c16fcf94e70
                • Instruction ID: 3310503c9f5ac0d22cf0b169f5f8993b691bf7529fd3cc20139711f45525c921
                • Opcode Fuzzy Hash: 4db0762e116b63d2be44a127dd9e396eb2b145166923e5937f154c16fcf94e70
                • Instruction Fuzzy Hash: F51167B69003499FDB10DFAAC844BEEBFF5EF48320F14841AE519A7650C77AA550CFA1
                Function 0722A949 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: b32b57cc2cdcf0b16d913afb2d68c1b0983ba69e5d9fa670937b6df28b20a760
                • Instruction ID: 4b9ae29e58f2813d761939e0b65cd7dfae93dbb95805d220227281151af9e599
                • Opcode Fuzzy Hash: b32b57cc2cdcf0b16d913afb2d68c1b0983ba69e5d9fa670937b6df28b20a760
                • Instruction Fuzzy Hash: A7116DB19003499FDB20DFAAC4457EEFBF4EF48220F24881AD559A7640C779A541CFA1
                Function 0722B748 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0722B7B6
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 2c3a242ecec4f1f0ebf1e502570311b10f3cd3fde4a3614a9302a8f72c215632
                • Instruction ID: 67ff9ba7012455ec21ba4c8564c7082b30e5b06c1d4ff46333d9587aaedd2b18
                • Opcode Fuzzy Hash: 2c3a242ecec4f1f0ebf1e502570311b10f3cd3fde4a3614a9302a8f72c215632
                • Instruction Fuzzy Hash: 5C1149B69003499FDB10DFAAC844BEFBBF5EF48320F14841AE519A7250C776A550CFA1
                Function 0722A950 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 99a97ebd9c1d4aae4a96cb26bb63dc30d26dc0fed7ae15152dcd050f47234bd2
                • Instruction ID: 736de38a1c8e5deece3f16bf5c48cb19e7858a90d1f0f19a4374751ee3c0966b
                • Opcode Fuzzy Hash: 99a97ebd9c1d4aae4a96cb26bb63dc30d26dc0fed7ae15152dcd050f47234bd2
                • Instruction Fuzzy Hash: 87113AB19003498FDB10DFAAC4457EEFBF5EF88224F24842AD559A7640C779A644CBA1
                Function 011FAFD8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 011FB03E
                Memory Dump Source
                • Source File: 00000001.00000002.1556123272.00000000011F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_11f0000_xCSONUFhmq.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 63608610316996445f7f693aa3b2531fa9b37c103e59e1700ee86d541b88bade
                • Instruction ID: ead43c56028d667690405be677a148dc765e2efe1ab4707c5a99541c8a9ed0ec
                • Opcode Fuzzy Hash: 63608610316996445f7f693aa3b2531fa9b37c103e59e1700ee86d541b88bade
                • Instruction Fuzzy Hash: F01110B5C003498FDB14CF9AC444BDEFBF4AB88324F10842AD528B7600D379A545CFA5
                Function 0722B390 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0722DE25
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: ab33eea64918e2675bc82e42e88c103ddb338dd5e85621fdadab720bc859caa8
                • Instruction ID: 6a4d785b5de866b22661c13eaca10023f6b3bd0670605873142fe38001221761
                • Opcode Fuzzy Hash: ab33eea64918e2675bc82e42e88c103ddb338dd5e85621fdadab720bc859caa8
                • Instruction Fuzzy Hash: 711136B5910349AFDB10DF8AC484BEEBBF8EB48310F10841AE518A7600C375A944CFA1
                Function 00F6D1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1555640303.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f6d000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9adfe2e3f72537521ac67e6bfc4da9b35872acf9f713a706faabfb39c2d0194
                • Instruction ID: b54b8b14a34551a5de27380a0791bedc6c5e004f5b57b7202171447108a7ecc5
                • Opcode Fuzzy Hash: f9adfe2e3f72537521ac67e6bfc4da9b35872acf9f713a706faabfb39c2d0194
                • Instruction Fuzzy Hash: 6B212671E04344EFDB05DF10D9D0B26BBA5FB88324F24C5ADE8094B292C336D846DB62
                Function 00F6D01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1555640303.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f6d000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 46a6cb03e34ab725a96a077db0d43a0d730a7aac68f8f113727a66da4e766b24
                • Instruction ID: 87d84dd69a8e8d23050fe7afec37e35e2644e72efdaf95130610bb0be55015b9
                • Opcode Fuzzy Hash: 46a6cb03e34ab725a96a077db0d43a0d730a7aac68f8f113727a66da4e766b24
                • Instruction Fuzzy Hash: FB21F575A04344EFDB14DF10D5C0B26BB65FB84324F24C569D80A4B28AC337D847DAA2
                Function 00F6D005 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1555640303.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f6d000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2066a3ae13d6deaba9f103cd3aeab98f700e278b3be878c1921108f9afbdcf3a
                • Instruction ID: b00b3187ced25de670ebb9f55513c822f84df643d48e6cf9479cab51f5f8b92d
                • Opcode Fuzzy Hash: 2066a3ae13d6deaba9f103cd3aeab98f700e278b3be878c1921108f9afbdcf3a
                • Instruction Fuzzy Hash: 572150759093809FCB12CF24D994715BF71EB46314F28C5EAD8498B6A7C33A984ACB62
                Function 00F6D1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1555640303.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_f6d000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                • Instruction ID: 620d03ea33969ef678084c5e6d6269486e52ffda58c01337ebf0016e44467668
                • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                • Instruction Fuzzy Hash: 6C119D75A04280DFCB15CF50D9D4B15FBB1FB84324F28C6AED8494B696C33AD84ADB61

                Non-executed Functions

                Function 05260040 Relevance: .3, Instructions: 315COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1559133647.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_5260000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd7c5b2efd94c412ddb7625463f0925ed27e83261aad1fca9d2b45ef6bf5a776
                • Instruction ID: 16459b38c6bc9fbcc0f76790dca7d055131d78e3699ef5461719b870caf3e3b1
                • Opcode Fuzzy Hash: bd7c5b2efd94c412ddb7625463f0925ed27e83261aad1fca9d2b45ef6bf5a776
                • Instruction Fuzzy Hash: 141296F4C817458BE330CF65EC4C5897BB1B741398FD24A09DA692B2E1EBB415AACF44
                Function 0722A128 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3af9aa00cf07f80c33d862d36f85d80b22ddde392eb81f9aaee573af619882da
                • Instruction ID: 17b37c8af6a832650450d3223e5ba84dd50e227d23520643d3f3dc1fa939b787
                • Opcode Fuzzy Hash: 3af9aa00cf07f80c33d862d36f85d80b22ddde392eb81f9aaee573af619882da
                • Instruction Fuzzy Hash: 05E11AB4E102199FDB14DFA8C580AAEFBB2FF89305F248169D814AB355D7319D42CFA0
                Function 0722AF10 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 19666a0dfa49aca380111c2c0d21ed5a260bde57cb1d425dd07441233a692ee6
                • Instruction ID: caa6dd68036c9bff3be0b01a182b8ac206223326ca07c9f6da664deebbad256d
                • Opcode Fuzzy Hash: 19666a0dfa49aca380111c2c0d21ed5a260bde57cb1d425dd07441233a692ee6
                • Instruction Fuzzy Hash: 38E119B4E102199FDB14DFA9C580AAEFBB2FF89305F248169D414AB355D730AD42DFA0
                Function 07228E88 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04ba735386796829208cc462d25783e127993caf8730963357a0c668c13aab8a
                • Instruction ID: 7f05648ea3e45599bf4b71e011f2e735fd0b18c9d3787f3d46cd6f5456acd674
                • Opcode Fuzzy Hash: 04ba735386796829208cc462d25783e127993caf8730963357a0c668c13aab8a
                • Instruction Fuzzy Hash: 4BE11BB4E102299FDB14DFA9C580AAEFBB2FF89305F248169D444A7355D731AD42CFA0
                Function 0722AA00 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c7a9c60f0445b895a7dcb0358a932ea8fb34831b6c9e187191dbd6de67831c3c
                • Instruction ID: b36a7e3331f070ca75f853f7534240294a57dd6354e300ae71ba52611c7fc12d
                • Opcode Fuzzy Hash: c7a9c60f0445b895a7dcb0358a932ea8fb34831b6c9e187191dbd6de67831c3c
                • Instruction Fuzzy Hash: E5E1E8B4E102199FDB14DFA8C580AAEFBB2FF49305F248169D815AB355D730AD42DFA0
                Function 07228A50 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 641f6cfc684582c8074f4dc7a8bde99801d999c7cb9c1234ab4cc66f422cf07c
                • Instruction ID: 1715e39872748521c81e341209e8dc914a14265cda2661e9a99a258e07b35c90
                • Opcode Fuzzy Hash: 641f6cfc684582c8074f4dc7a8bde99801d999c7cb9c1234ab4cc66f422cf07c
                • Instruction Fuzzy Hash: 99E11BB4E106299FDB14DFA8C580AAEFBB2FF89305F248169D415A7355D730AD42CFA0
                Function 0526EF28 Relevance: .3, Instructions: 269COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1559133647.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_5260000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8f81247bed11b4fd71a188c9ee88075c1d77ad61df290d6e556033adcaa012c5
                • Instruction ID: a24598e298368926805f10fc75fc88b83a39b2c306c8fa0808371b042aa8a7f7
                • Opcode Fuzzy Hash: 8f81247bed11b4fd71a188c9ee88075c1d77ad61df290d6e556033adcaa012c5
                • Instruction Fuzzy Hash: 25D11635920B1A8ACB01EBB4D9916D9F7B1FF95300F50C79AE4097B251EB706EC8CB91
                Function 011FD3A4 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1556123272.00000000011F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_11f0000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6f09962eeb59232ad6e9117d9fbfb6113563801020bacf60bc7cf0787ef7902f
                • Instruction ID: 963fb82f63a3b9f7c5e10bed4acbb65775b06ec2cda8fd4ef1ff84adbccf3ce0
                • Opcode Fuzzy Hash: 6f09962eeb59232ad6e9117d9fbfb6113563801020bacf60bc7cf0787ef7902f
                • Instruction Fuzzy Hash: 15A19336E00616CFCF09DFB4C84459EBBB2FF85304B15456EEA05AB265DBB1D916CB40
                Function 0526EF38 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1559133647.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_5260000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab5fb5b0ed3229b4d908425f2fcd0d3b034cd9d2f6afaf67120799bde8108ab0
                • Instruction ID: a6b90c12e5aa791de7d0a7028696247fc170494f0e94270c5622f0bb26ae8404
                • Opcode Fuzzy Hash: ab5fb5b0ed3229b4d908425f2fcd0d3b034cd9d2f6afaf67120799bde8108ab0
                • Instruction Fuzzy Hash: 84D11735920B1A8ACB01EBB4D9916D9F7B1FF95300F50C79AE4097B251EB706EC8CB91
                Function 05260006 Relevance: .2, Instructions: 233COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1559133647.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_5260000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f70850f5dfeb87f1fb24cf1587edb1d3379daabaac48a7654c400b230ce099e
                • Instruction ID: d0ac60dcddbb2c1d26186c6b4cee424ee616db36e739235bfe8010b5c9ca817a
                • Opcode Fuzzy Hash: 7f70850f5dfeb87f1fb24cf1587edb1d3379daabaac48a7654c400b230ce099e
                • Instruction Fuzzy Hash: FBC14CB0C80745CFE720CF25EC485897FB1BB81394F924A09D6696F2E1EBB414AACF54
                Function 0722AF00 Relevance: .1, Instructions: 134COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a8199e6f8acd4703c555c9b371d3c2f1a859026cbdf8ab9f2e231ee5e45e722d
                • Instruction ID: 93494b7bcaa0f2e16f67d33f1a5a52dde1a84774db7b369f48ba560ab9a72847
                • Opcode Fuzzy Hash: a8199e6f8acd4703c555c9b371d3c2f1a859026cbdf8ab9f2e231ee5e45e722d
                • Instruction Fuzzy Hash: 8B510AB0E106298FDB14CFA9C5809AEFBF2FF89305F24856AD418A7255D7319942CFA1
                Function 0722A9F1 Relevance: .1, Instructions: 132COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f76eca4b3e2555bb7be558c7e4fd9bbc64f1f00512443d319dd9bcff9d0fa86
                • Instruction ID: 8e8df900caef94cdf3feff9f68ccba33fb3906792dbef66fdb092088dc813104
                • Opcode Fuzzy Hash: 7f76eca4b3e2555bb7be558c7e4fd9bbc64f1f00512443d319dd9bcff9d0fa86
                • Instruction Fuzzy Hash: 5751F9B0E102198FDB14CFA9D5805AEFBB2FF89315F24C16AD818AB255D7319D42CFA1
                Function 0722A11A Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000001.00000002.1560258271.0000000007220000.00000040.00000800.00020000.00000000.sdmp, Offset: 07220000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7220000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f51724773e6954229706595cb90405a3412a54dd52fb4d855b3b1616f5f7a4fa
                • Instruction ID: fcce5477536f15b7b5ffdaf6aa5df99796e8e783a0d1aa6e5001b47ee9b07227
                • Opcode Fuzzy Hash: f51724773e6954229706595cb90405a3412a54dd52fb4d855b3b1616f5f7a4fa
                • Instruction Fuzzy Hash: 69510AB4E106198BDB14CFA9C9806AEFBF2FF89305F24C169D818A7355D7319942CFA0

                Execution Graph

                Execution Coverage:0.9%
                Dynamic/Decrypted Code Coverage:4.4%
                Signature Coverage:4.4%
                Total number of Nodes:113
                Total number of Limit Nodes:9
                execution_graph 91382 424bc3 91383 424bdf 91382->91383 91384 424c07 91383->91384 91385 424c1b 91383->91385 91386 42c8d3 NtClose 91384->91386 91392 42c8d3 91385->91392 91388 424c10 91386->91388 91389 424c24 91395 42ea93 RtlAllocateHeap 91389->91395 91391 424c2f 91393 42c8f0 91392->91393 91394 42c901 NtClose 91393->91394 91394->91389 91395->91391 91401 42bed3 91402 42bef0 91401->91402 91405 15e2df0 LdrInitializeThunk 91402->91405 91403 42bf18 91405->91403 91406 424f53 91407 424f6c 91406->91407 91408 424fb7 91407->91408 91411 424ffa 91407->91411 91413 424fff 91407->91413 91414 42e973 91408->91414 91412 42e973 RtlFreeHeap 91411->91412 91412->91413 91417 42cc43 91414->91417 91416 424fc7 91418 42cc60 91417->91418 91419 42cc71 RtlFreeHeap 91418->91419 91419->91416 91420 42fdf3 91422 42fe19 91420->91422 91421 42fe6b 91422->91421 91425 429ca3 91422->91425 91424 42fec0 91426 429d01 91425->91426 91428 429d15 91426->91428 91429 417af3 91426->91429 91428->91424 91430 417ac4 91429->91430 91431 417ad3 LdrLoadDll 91430->91431 91432 417aea 91430->91432 91431->91432 91432->91428 91433 42fa13 91434 42fa23 91433->91434 91435 42fa29 91433->91435 91438 42ea53 91435->91438 91437 42fa4f 91441 42cbf3 91438->91441 91440 42ea6e 91440->91437 91442 42cc10 91441->91442 91443 42cc21 RtlAllocateHeap 91442->91443 91443->91440 91444 413f53 91448 413f73 91444->91448 91446 413fdc 91447 413fd2 91448->91446 91449 41b6b3 RtlFreeHeap LdrInitializeThunk 91448->91449 91449->91447 91450 41a833 91451 41a84b 91450->91451 91453 41a8a5 91450->91453 91451->91453 91454 41e753 91451->91454 91455 41e779 91454->91455 91459 41e870 91455->91459 91460 42fb43 91455->91460 91457 41e80e 91457->91459 91466 42bf23 91457->91466 91459->91453 91461 42fab3 91460->91461 91462 42ea53 RtlAllocateHeap 91461->91462 91465 42fb10 91461->91465 91463 42faed 91462->91463 91464 42e973 RtlFreeHeap 91463->91464 91464->91465 91465->91457 91467 42bf40 91466->91467 91470 15e2c0a 91467->91470 91468 42bf6c 91468->91459 91471 15e2c1f LdrInitializeThunk 91470->91471 91472 15e2c11 91470->91472 91471->91468 91472->91468 91473 4019dc 91474 4019f1 91473->91474 91474->91474 91477 42fee3 91474->91477 91480 42e523 91477->91480 91481 42e549 91480->91481 91490 407273 91481->91490 91483 42e55f 91484 401afd 91483->91484 91493 41b3a3 91483->91493 91486 42e57e 91487 42e593 91486->91487 91488 42cc93 ExitProcess 91486->91488 91504 42cc93 91487->91504 91488->91487 91507 416723 91490->91507 91492 407280 91492->91483 91494 41b3ce 91493->91494 91518 41b293 91494->91518 91497 41b3fc 91500 41b407 91497->91500 91501 42c8d3 NtClose 91497->91501 91498 41b414 91499 41b430 91498->91499 91502 42c8d3 NtClose 91498->91502 91499->91486 91500->91486 91501->91500 91503 41b426 91502->91503 91503->91486 91505 42ccb0 91504->91505 91506 42ccc1 ExitProcess 91505->91506 91506->91484 91509 41673d 91507->91509 91508 416756 91508->91492 91509->91508 91511 42d313 91509->91511 91513 42d32d 91511->91513 91512 42d35c 91512->91508 91513->91512 91514 42bf23 LdrInitializeThunk 91513->91514 91515 42d3b9 91514->91515 91516 42e973 RtlFreeHeap 91515->91516 91517 42d3d2 91516->91517 91517->91508 91519 41b389 91518->91519 91520 41b2ad 91518->91520 91519->91497 91519->91498 91524 42bfc3 91520->91524 91523 42c8d3 NtClose 91523->91519 91525 42bfdd 91524->91525 91528 15e35c0 LdrInitializeThunk 91525->91528 91526 41b37d 91526->91523 91528->91526

                Executed Functions

                Function 00417A73 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 31 417a73-417a8f 32 417a97-417a9c 31->32 33 417a92 call 42f553 31->33 34 417aa2-417ab0 call 42fb53 32->34 35 417a9e-417aa1 32->35 33->32 38 417ac0-417ad1 call 42dff3 34->38 39 417ab2-417abd call 42fdf3 34->39 45 417ad3-417ae7 LdrLoadDll 38->45 46 417aea-417aed 38->46 39->38 45->46
                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AE5
                Memory Dump Source
                • Source File: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_400000_xCSONUFhmq.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                • Instruction ID: 3da9ad656e2a33d7f058596d6c0db2f8ecc23348adbfd370e033ddd8e755fe76
                • Opcode Fuzzy Hash: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                • Instruction Fuzzy Hash: EC0152B1E0010DBBDF10DAA5DC42FDEB778AF54308F4481A6E90897240F674EB588755
                Function 0042C8D3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 57 42c8d3-42c90f call 404663 call 42db03 NtClose
                APIs
                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C90A
                Memory Dump Source
                • Source File: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_400000_xCSONUFhmq.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                • Instruction ID: edcd4929374db9964348cfcf96216c1e7e48739ffbccb93e989d5216367ee6f6
                • Opcode Fuzzy Hash: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                • Instruction Fuzzy Hash: CCE04F752042147BC220EA6ADC41FAB775CDFC6714F108419FA4977241C7757910C7F4
                Function 015E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 72 15e2df0-15e2dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: efb4a6bc95a297836f6fdb6fabc0d37667fee6a7593bdab116ce7f6aa1d14ae7
                • Instruction ID: ece4a825972cd39c39a6e94d1a7c764132b1db88d7506ed9f10b1d064ea22799
                • Opcode Fuzzy Hash: efb4a6bc95a297836f6fdb6fabc0d37667fee6a7593bdab116ce7f6aa1d14ae7
                • Instruction Fuzzy Hash: 2A90023120140413D511715845047070049E7D1251F99C816A1824958DD796CA66A221
                Function 015E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 71 15e2c70-15e2c7c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 2065394cf928cf7415f4b01ea8a3877ef8c8d20b93835d61c8f0268b9b81fd9d
                • Instruction ID: 4148e3c0adba99ffc56f1c333c8b480ed35d19aec21455f542ce30763c25dd75
                • Opcode Fuzzy Hash: 2065394cf928cf7415f4b01ea8a3877ef8c8d20b93835d61c8f0268b9b81fd9d
                • Instruction Fuzzy Hash: 6990023120148802D5107158840474A0045E7D1311F5DC815A5824A58DC7D5C9A57221
                Function 015E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 73 15e35c0-15e35cc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: fb79abdbd9e8c61ea391d7ecb107ccf0383d324d4f6be24883cb545f6f4bcb5e
                • Instruction ID: e97fababe3f5696cfe48f370160cb99c6d255d5d0369453bd3315ef42bbd5ce5
                • Opcode Fuzzy Hash: fb79abdbd9e8c61ea391d7ecb107ccf0383d324d4f6be24883cb545f6f4bcb5e
                • Instruction Fuzzy Hash: BE90023160550402D500715845147061045E7D1211F69C815A1824968DC7D5CA6566A2
                Function 00417AF3 Relevance: 1.6, APIs: 1, Instructions: 62libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 21 417af3-417b2b 23 417b2c-417b37 21->23 23->23 24 417b39-417b40 23->24 25 417b42 24->25 26 417ac4-417ad1 call 42dff3 24->26 29 417ad3-417ae7 LdrLoadDll 26->29 30 417aea-417aed 26->30 29->30
                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AE5
                Memory Dump Source
                • Source File: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_400000_xCSONUFhmq.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: 8d41206cb82bf2de7a09805619e6fe61e886688f6cc38260023a6cbf9ed9e3a9
                • Instruction ID: 974bac3e534c670f7ac2524caa8da76db0f880a9a0dc8598db73eafaeed0b4e5
                • Opcode Fuzzy Hash: 8d41206cb82bf2de7a09805619e6fe61e886688f6cc38260023a6cbf9ed9e3a9
                • Instruction Fuzzy Hash: 5A019C36A0810C7FCF10DAA4DC429EE7B78DF41285F040659D685E7201E632B64F8789
                Function 0042CBF3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 47 42cbf3-42cc37 call 404663 call 42db03 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(?,0041E80E,?,?,00000000,?,0041E80E,?,?,?), ref: 0042CC32
                Memory Dump Source
                • Source File: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_400000_xCSONUFhmq.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                • Instruction ID: 2846fa4b3233f60a92fef8d27f7aa413956122f50d55b758d752c0d3958e743e
                • Opcode Fuzzy Hash: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                • Instruction Fuzzy Hash: 28E06DB12082097BCA10EE59DC41FAB37ACEFC5714F004419FA08A7241DB74B91087B8
                Function 0042CC43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 52 42cc43-42cc87 call 404663 call 42db03 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,33F84D8B,00000007,00000000,00000004,00000000,004172DE,000000F4), ref: 0042CC82
                Memory Dump Source
                • Source File: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_400000_xCSONUFhmq.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                • Instruction ID: cc980803f6f00e9c11348fd80cdf1fb29ca32894386c6b15e328b1e50aae6e2f
                • Opcode Fuzzy Hash: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                • Instruction Fuzzy Hash: 80E092B12142087BD610EF59DC41FDB3BACEFC5710F004419FA08A7241D775B9108BB8
                Function 0042CC93 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 62 42cc93-42cccf call 404663 call 42db03 ExitProcess
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.1991136012.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_400000_xCSONUFhmq.jbxd
                Yara matches
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 67cb749b5959da813ff9cc8226a13492c2e86e24a442318dac2c5c70b4266204
                • Instruction ID: ac3c5cb8458b9ec8aaad2dc6460039598258f1f05cf85b266bad946a97558dfc
                • Opcode Fuzzy Hash: 67cb749b5959da813ff9cc8226a13492c2e86e24a442318dac2c5c70b4266204
                • Instruction Fuzzy Hash: 38E086356002147BD110EB6ADC41FD7776CDFC6710F004519FA48A7242C675790187F5
                Function 015E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 67 15e2c0a-15e2c0f 68 15e2c1f-15e2c26 LdrInitializeThunk 67->68 69 15e2c11-15e2c18 67->69
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 7b3ed69e72735e8526f9528bac7897cf54025084d5e17d934d9388216d66b734
                • Instruction ID: 932965a108c9d8be306911566dc32ef95921709c4ffc900eafbba808685d1c03
                • Opcode Fuzzy Hash: 7b3ed69e72735e8526f9528bac7897cf54025084d5e17d934d9388216d66b734
                • Instruction Fuzzy Hash: 85B02B31C015C0C5DE01F360860C70B3940B7C0300F19C021D3030A41F4338C0E0E271

                Non-executed Functions

                Function 01622349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: 77e68b103c96231b87f5e84bff1f8db5e2bf77184be205c06964e0695fa8045b
                • Instruction ID: fe97975145bed24bee48efd9915bee2253ff62bc66cb00512301847b3a636a50
                • Opcode Fuzzy Hash: 77e68b103c96231b87f5e84bff1f8db5e2bf77184be205c06964e0695fa8045b
                • Instruction Fuzzy Hash: 3A929D71A08B529FE721DE28CC90B6BB7E8BB88750F04491DFA949B350D774E844CF92
                Function 015D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                Download Yara Rule
                Strings
                • double initialized or corrupted critical section, xrefs: 01615508
                • Invalid debug info address of this critical section, xrefs: 016154B6
                • Address of the debug info found in the active list., xrefs: 016154AE, 016154FA
                • Thread identifier, xrefs: 0161553A
                • Critical section debug info address, xrefs: 0161541F, 0161552E
                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016154E2
                • undeleted critical section in freed memory, xrefs: 0161542B
                • Thread is in a state in which it cannot own a critical section, xrefs: 01615543
                • Critical section address, xrefs: 01615425, 016154BC, 01615534
                • Critical section address., xrefs: 01615502
                • 8, xrefs: 016152E3
                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016154CE
                • corrupted critical section, xrefs: 016154C2
                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0161540A, 01615496, 01615519
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                • API String ID: 0-2368682639
                • Opcode ID: 6018b1d25151b7ad2655095ecce6a11baab3cc0a0c07e671c778807a3530f4fa
                • Instruction ID: 985bedd9f52f0cc5a887934489c888c49bb6a41c086734a0f411b6d1cbcfd4ee
                • Opcode Fuzzy Hash: 6018b1d25151b7ad2655095ecce6a11baab3cc0a0c07e671c778807a3530f4fa
                • Instruction Fuzzy Hash: F181BBB1A40349AFDB20CF99CC45BAEBBB9FB89714F144119F505BB290D3B1A941CBA0
                Function 015D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                Download Yara Rule
                Strings
                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01612602
                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01612409
                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0161261F
                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016125EB
                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016124C0
                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01612498
                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01612412
                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016122E4
                • @, xrefs: 0161259B
                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01612624
                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01612506
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                • API String ID: 0-4009184096
                • Opcode ID: 1c2666d32e3e9e1db2c81e95812008e9dd5609ba8952fb054d279ed9ed715521
                • Instruction ID: 47a9b01a5c3cca8b5d58c993b1bb899b1b5b1a0d90e990f0a9b3828cfabc820d
                • Opcode Fuzzy Hash: 1c2666d32e3e9e1db2c81e95812008e9dd5609ba8952fb054d279ed9ed715521
                • Instruction Fuzzy Hash: 370280B1D002299FDB31DB58CC80BDAB7B8BF54704F1445DAE609AB251EB709E84CF99
                Function 01648B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                • API String ID: 0-2515994595
                • Opcode ID: d153f2483a17a54487fd3f27d46ab0b460fa7290676298d6218de4b2db4b17f6
                • Instruction ID: 56708fa1dc6bf703efdb967a54f14550c43050184bb61aaff49820cbf72f722c
                • Opcode Fuzzy Hash: d153f2483a17a54487fd3f27d46ab0b460fa7290676298d6218de4b2db4b17f6
                • Instruction Fuzzy Hash: 1551CE725053029BC729DF58EC49BABBBECFF98240F14492DE999CB241E770D604CB92
                Function 01650274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: 9c60ca51f4a1cf82f923e619a4b0838a40d9131111fdc2a918567021cc07b33c
                • Instruction ID: b3b96be5dcf87c3223eb52e312e8296c5b30a593901a338dc67e237d6c1d6599
                • Opcode Fuzzy Hash: 9c60ca51f4a1cf82f923e619a4b0838a40d9131111fdc2a918567021cc07b33c
                • Instruction Fuzzy Hash: 9CD1DB35610686DFDB62DF68D841AAEBBF1FF8A714F088049F8459B362C734D981CB15
                Function 016289B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                Download Yara Rule
                Strings
                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01628A3D
                • HandleTraces, xrefs: 01628C8F
                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01628A67
                • AVRF: -*- final list of providers -*- , xrefs: 01628B8F
                • VerifierDebug, xrefs: 01628CA5
                • VerifierDlls, xrefs: 01628CBD
                • VerifierFlags, xrefs: 01628C50
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                • API String ID: 0-3223716464
                • Opcode ID: 9f4fdac2b4f0372d1213f8a4a9b6b55ec0ad5fb5d5eadec2fc8994d8f96b9e95
                • Instruction ID: ab2dd7338ba6b28372543c29a27f83e49e304a4aeab05f28515caeb665b7bb7f
                • Opcode Fuzzy Hash: 9f4fdac2b4f0372d1213f8a4a9b6b55ec0ad5fb5d5eadec2fc8994d8f96b9e95
                • Instruction Fuzzy Hash: CC910472605B229FE722EF68CC80B6A77ECBB94B14F05489DFA416F240C7309815CF95
                Function 015AEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                • API String ID: 0-1109411897
                • Opcode ID: 4f0a5bef1040519e11cf3df22c6114d3d3def4191cd5b3bebe7d03ae2452e536
                • Instruction ID: 46a51fc584e855eae9411eab9a4e6a3d461bf2a2f32b04e367fe42104f6eb9f3
                • Opcode Fuzzy Hash: 4f0a5bef1040519e11cf3df22c6114d3d3def4191cd5b3bebe7d03ae2452e536
                • Instruction Fuzzy Hash: 9FA22970A4562A8BDB79DF18CC987AEBBB5FF45304F5442DAD509AB290DB309E81CF40
                Function 015D63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: 524dfcf87bf074b174e50864e49145b4f68e57fe59ac6ce5bed6f62fb0717502
                • Instruction ID: e44b393a8f4105faa941c4cb510c3e65def4b5e68a39e4dd042da2a949d0415b
                • Opcode Fuzzy Hash: 524dfcf87bf074b174e50864e49145b4f68e57fe59ac6ce5bed6f62fb0717502
                • Instruction Fuzzy Hash: 47913871A003169BEB35DF6DDC85BAE3BA5BF40B24F18412DD9016F389DB709842CB94
                Function 0159645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                Download Yara Rule
                Strings
                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 015F9A01
                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 015F9A2A
                • minkernel\ntdll\ldrinit.c, xrefs: 015F9A11, 015F9A3A
                • LdrpInitShimEngine, xrefs: 015F99F4, 015F9A07, 015F9A30
                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015F99ED
                • apphelp.dll, xrefs: 01596496
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: 33d10fbdf67113995580cde91222cf73708464d8fa13d96e583a6256760ee810
                • Instruction ID: cfa50910c454546ee706fa4fe1afa5d6ead70b594518d36c3c714bc1039663e2
                • Opcode Fuzzy Hash: 33d10fbdf67113995580cde91222cf73708464d8fa13d96e583a6256760ee810
                • Instruction Fuzzy Hash: 335180712087059FEB25DF24DC81BABBBE9FF84648F44091DF6859F260D670E948CB92
                Function 015D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • RtlGetAssemblyStorageRoot, xrefs: 01612160, 0161219A, 016121BA
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01612178
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0161219F
                • SXS: %s() passed the empty activation context, xrefs: 01612165
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 016121BF
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01612180
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: 3c3c8f1255436e58271d7522146e9fa3e46bafe69fafa78baeb87b3fb55577a3
                • Instruction ID: 9051285ce87ba686c1f5712cb5894ec2ec3a24ece4aa4623b17ea143850a6db6
                • Opcode Fuzzy Hash: 3c3c8f1255436e58271d7522146e9fa3e46bafe69fafa78baeb87b3fb55577a3
                • Instruction Fuzzy Hash: E9313536F002217BE731DA998C82F5A7A79FF65A40F29409DFB04BF204D7709A01CBA0
                Function 015DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • LdrpInitializeImportRedirection, xrefs: 01618177, 016181EB
                • minkernel\ntdll\ldrredirect.c, xrefs: 01618181, 016181F5
                • Unable to build import redirection Table, Status = 0x%x, xrefs: 016181E5
                • minkernel\ntdll\ldrinit.c, xrefs: 015DC6C3
                • Loading import redirection DLL: '%wZ', xrefs: 01618170
                • LdrpInitializeProcess, xrefs: 015DC6C4
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-475462383
                • Opcode ID: bd777a779e1236b6779731eacd62f2fbd456d75ccf0245ec6dc2c3bf982a731c
                • Instruction ID: 4d2b8de06c89927004de29cc32d6d61a9f9958929a358fc6f6274c248ac02b3e
                • Opcode Fuzzy Hash: bd777a779e1236b6779731eacd62f2fbd456d75ccf0245ec6dc2c3bf982a731c
                • Instruction Fuzzy Hash: 1031CE726447529FC224EF6CDD86E2A7BE9BB94A20F04055CF945AF391E660EC04C7A2
                Function 015E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 015E2DF0: LdrInitializeThunk.NTDLL ref: 015E2DFA
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015E0BA3
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015E0BB6
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015E0D60
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015E0D74
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                • String ID:
                • API String ID: 1404860816-0
                • Opcode ID: fb64568e1866b5cd3d2ae65221675fb209b5b938173a5d378c94b8b9d6a3414d
                • Instruction ID: 3d536ab001ed9443aeb783f88d6b6cf37ffd75c2e57e9dc2e5ed4b96e5e8374d
                • Opcode Fuzzy Hash: fb64568e1866b5cd3d2ae65221675fb209b5b938173a5d378c94b8b9d6a3414d
                • Instruction Fuzzy Hash: B9427B71A00716DFDB25CF28C894BAAB7F5FF44304F0485A9E989EB245D770AA85CF60
                Function 015AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: 36fe068063a2b9555505e2fa2149f07b27844c952971311730bb2663e0d66727
                • Instruction ID: 79865e975e0248c7da5083373ddda810ca3b69e3f3732b466848dad2097ae0b3
                • Opcode Fuzzy Hash: 36fe068063a2b9555505e2fa2149f07b27844c952971311730bb2663e0d66727
                • Instruction Fuzzy Hash: F8C19A705483828FDB26CF58C444B6EBBE4BF88704F44886EF9958B391E734C949CB56
                Function 015D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrinit.c, xrefs: 015D8421
                • @, xrefs: 015D8591
                • LdrpInitializeProcess, xrefs: 015D8422
                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 015D855E
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1918872054
                • Opcode ID: bcb40d4c9584ebb7ad5a3677efa4261dea0b966195fff1666dda662bd2961d06
                • Instruction ID: fc847c9a09a9655ca4059d69a918008a1015da5b3c4d0e050a81b75973170d5e
                • Opcode Fuzzy Hash: bcb40d4c9584ebb7ad5a3677efa4261dea0b966195fff1666dda662bd2961d06
                • Instruction Fuzzy Hash: 43918D71908346AFD722DF69CC81EAFBAECBF84744F44092EF6859A155E370D904CB62
                Function 015D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 016122B6
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 016121D9, 016122B1
                • .Local, xrefs: 015D28D8
                • SXS: %s() passed the empty activation context, xrefs: 016121DE
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: 695226ebd490745059eab16bb11d544d0d6c1621083d9400c760276f60e501eb
                • Instruction ID: 17c3fdf4364b5b3325387f7d12a03db770a253e373e5c13f50019e89384444df
                • Opcode Fuzzy Hash: 695226ebd490745059eab16bb11d544d0d6c1621083d9400c760276f60e501eb
                • Instruction Fuzzy Hash: 0AA1BB3190122A9BDB35CF68DC88BA9B7B1BF58354F2445EAD908AB355D7309EC1CF90
                Function 015D4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                Download Yara Rule
                Strings
                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01613456
                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01613437
                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0161342A
                • RtlDeactivateActivationContext, xrefs: 01613425, 01613432, 01613451
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                • API String ID: 0-1245972979
                • Opcode ID: 7aaaaafe0e2d057b2c8689a648979ba43fcec2387bd8811e9b14dfb389c175d2
                • Instruction ID: f5a3875438e9abaae3c5cc4e7968a23469c777ccd225d76eee40f468a59f0112
                • Opcode Fuzzy Hash: 7aaaaafe0e2d057b2c8689a648979ba43fcec2387bd8811e9b14dfb389c175d2
                • Instruction Fuzzy Hash: 936102326516129BDB32CF1CCC81B2AB7E5BF90B20F188529E9969F754D730E801CB91
                Function 015A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                Download Yara Rule
                Strings
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016010AE
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01601028
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0160106B
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01600FE5
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: bfb35e05b06bef87eba0864c4813b3749242134e1d37a81b52484c4d81419f69
                • Instruction ID: 218e13f647e4866402be6c0ae333ac20cf2535a56aeb38f4c31df0680c333229
                • Opcode Fuzzy Hash: bfb35e05b06bef87eba0864c4813b3749242134e1d37a81b52484c4d81419f69
                • Instruction Fuzzy Hash: CB71C0B19043069FCB21DF18C884B9B7FE9BF99754F844469F9888F286D734D588CB92
                Function 015C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0160A992
                • LdrpDynamicShimModule, xrefs: 0160A998
                • minkernel\ntdll\ldrinit.c, xrefs: 0160A9A2
                • apphelp.dll, xrefs: 015C2462
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-176724104
                • Opcode ID: 1fd6437b4458e27d2cbb8e91f75bc86b5ed9c9d455056f05d7bfb5d5efdf55bc
                • Instruction ID: 2375b99c124849885a5154be8cd810ff542f9e09fd8db5cda2bd906908186f34
                • Opcode Fuzzy Hash: 1fd6437b4458e27d2cbb8e91f75bc86b5ed9c9d455056f05d7bfb5d5efdf55bc
                • Instruction Fuzzy Hash: B7312871610302ABDB369FEDDD85A6EB7B9FB80B44F16001DE9016F385C7705892C790
                Function 015B29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                Download Yara Rule
                Strings
                • HEAP[%wZ]: , xrefs: 015B3255
                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 015B327D
                • HEAP: , xrefs: 015B3264
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                • API String ID: 0-617086771
                • Opcode ID: b7a25ade2aeb49265009fa455005297e4063b9814768586b2a64b434f6c6e948
                • Instruction ID: cc8986532be024797f131071bf7b62554e83da0fb6607f40ce869ee215a02b67
                • Opcode Fuzzy Hash: b7a25ade2aeb49265009fa455005297e4063b9814768586b2a64b434f6c6e948
                • Instruction Fuzzy Hash: FF929A71A046499FDB25CF68C8847EEBBF1FF48300F188499E859AF291D735A945CF60
                Function 015B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: 63ae19da1c96fffb46d639f8815719ccaacd4d21bfdccb835705352dd1c63e9f
                • Instruction ID: 4144466f2eaa0450e39489336a0de35149c286bb65d26989d0c854ef16ae5673
                • Opcode Fuzzy Hash: 63ae19da1c96fffb46d639f8815719ccaacd4d21bfdccb835705352dd1c63e9f
                • Instruction Fuzzy Hash: 2AF17830A00606DFEB2ACF68C894BABB7F5FF44704F1485A9E5169B391D734A981CF91
                Function 015C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: $@
                • API String ID: 0-1077428164
                • Opcode ID: a4402739ccf5128ef30a0f87f727d7a60a17751f82a306fc6305f7ff46426195
                • Instruction ID: 2b552d2cf512e3a04d59eb3bedd4f9b897201497e2fa2a49e256a44c465e0325
                • Opcode Fuzzy Hash: a4402739ccf5128ef30a0f87f727d7a60a17751f82a306fc6305f7ff46426195
                • Instruction Fuzzy Hash: EEC28E716083419FD72ACF68C881BABBBE5BFC8B14F04896DE9898B341D774D905CB52
                Function 0159A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: fa96f6e1a8a591a0449cf534bf84bf0cf240d2904cdffcdb3cf770b675842ee7
                • Instruction ID: 994a23e8e7f9a7618b783e989dd0058f52ad67dbeadc075fbd0bdb6b81baab2c
                • Opcode Fuzzy Hash: fa96f6e1a8a591a0449cf534bf84bf0cf240d2904cdffcdb3cf770b675842ee7
                • Instruction Fuzzy Hash: A0A14B7591162A9BDF319F68CC88BAEB7B8FF44700F1041E9DA09AB250E7359E84CF50
                Function 015C0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                Download Yara Rule
                Strings
                • Failed to allocated memory for shimmed module list, xrefs: 0160A10F
                • minkernel\ntdll\ldrinit.c, xrefs: 0160A121
                • LdrpCheckModule, xrefs: 0160A117
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                • API String ID: 0-161242083
                • Opcode ID: 74fc4855f08eae96ce7c19236a405de759b19a901489591e53c9bd0397835093
                • Instruction ID: 1ab411b29e7713152905089d03af22332a38f4ef9938795809792b0ba7482769
                • Opcode Fuzzy Hash: 74fc4855f08eae96ce7c19236a405de759b19a901489591e53c9bd0397835093
                • Instruction Fuzzy Hash: 0A71BE75A00306DFDB2ADFA8CD85ABEB7F4FB84604F14446DE912AB391E734A941CB50
                Function 015B0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-1334570610
                • Opcode ID: 2c939e09984470785bc654750182346d7c0a79d05ae21be2c89d59ed56aa7a7f
                • Instruction ID: 7e5460b3be8e3ed3f1d1a6537adb136339439f57e9b0d45fcd23bfc45de055e2
                • Opcode Fuzzy Hash: 2c939e09984470785bc654750182346d7c0a79d05ae21be2c89d59ed56aa7a7f
                • Instruction Fuzzy Hash: 4D619E716003069FDB29CF28D880BABBBF5FF45704F148959E45A8F292D7B0E881CB95
                Function 015DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                Download Yara Rule
                Strings
                • LdrpInitializePerUserWindowsDirectory, xrefs: 016182DE
                • minkernel\ntdll\ldrinit.c, xrefs: 016182E8
                • Failed to reallocate the system dirs string !, xrefs: 016182D7
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1783798831
                • Opcode ID: 4bab97c1d1ee8a7ba6c7385f60b6bfd8770ff7988f2f6bdbd5ed923070d7ad6e
                • Instruction ID: bc9878863b2af4399c441570474a139eff8628fda70c8778e01b1286979ce0d7
                • Opcode Fuzzy Hash: 4bab97c1d1ee8a7ba6c7385f60b6bfd8770ff7988f2f6bdbd5ed923070d7ad6e
                • Instruction Fuzzy Hash: F841BF71551312ABCB31EF69DC84B5B77ECBF88650F05492EB948DB294E770E810CB92
                Function 0165C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0165C1C5
                • PreferredUILanguages, xrefs: 0165C212
                • @, xrefs: 0165C1F1
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: 2456875319e214b47dcb926c6b46ab439e8075f2c6570f3ce656f9946a6756e5
                • Instruction ID: b2c93ff6ea3b8c83dcbebc3dcf9b958b024f181c78175e32679a287affd448a6
                • Opcode Fuzzy Hash: 2456875319e214b47dcb926c6b46ab439e8075f2c6570f3ce656f9946a6756e5
                • Instruction Fuzzy Hash: 10417071E0030AEBDF55DAD8CC91BEEBBBCBB54744F14806AEA09B7240D7749A448B90
                Function 01634144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: 6831df71530d5ab50ff053ba2c354045e53dcc3e80aa9ed703295a9668d856a2
                • Instruction ID: 974da090420c15ad89fbc14ead1811cb92100df0ceb410ba7f8c3adadcf38e7f
                • Opcode Fuzzy Hash: 6831df71530d5ab50ff053ba2c354045e53dcc3e80aa9ed703295a9668d856a2
                • Instruction Fuzzy Hash: 1341CF32A006598FEB26DBA9CC44BADFBB9FF95340F14045AD901BF791DB758901CB50
                Function 01624755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrredirect.c, xrefs: 01624899
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01624888
                • LdrpCheckRedirection, xrefs: 0162488F
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: a7a49ee4160ccab096bb75be9b7b168026cfef67af1791fe96862da941a42a0a
                • Instruction ID: 30fdcd8ba1ef0d45ad7478fefecd4a439ff92a2604a535574f10bb9a30a07fc8
                • Opcode Fuzzy Hash: a7a49ee4160ccab096bb75be9b7b168026cfef67af1791fe96862da941a42a0a
                • Instruction Fuzzy Hash: BD41CF32A14B719BCB21CF68DC40A267BE9BF49B90B06056DED99DB351DB74D800CF91
                Function 015B0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: 3dd17c5f007d688c5917f5a8846d13839c8e721569a95ea58629f28e1c0759a2
                • Instruction ID: 3295c400d32c755ead8073b88f114a50807e39d0572a72e34ca5ec070d8f01b0
                • Opcode Fuzzy Hash: 3dd17c5f007d688c5917f5a8846d13839c8e721569a95ea58629f28e1c0759a2
                • Instruction Fuzzy Hash: 2F11CD313261029FDB2ECA18D885BBBB3A5BF40B16F198169F4068F291DB34D841CB55
                Function 016220DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • Process initialization failed with status 0x%08lx, xrefs: 016220F3
                • minkernel\ntdll\ldrinit.c, xrefs: 01622104
                • LdrpInitializationFailure, xrefs: 016220FA
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: 9d143a6c6fa914ee332bf7aa93f854caae9a2eb12e76a9afd4769685983d17bb
                • Instruction ID: 219c2f44e49734ab5a2b7ca7e89c7859ac03b509d44dbe4221a1e6693f6c7a72
                • Opcode Fuzzy Hash: 9d143a6c6fa914ee332bf7aa93f854caae9a2eb12e76a9afd4769685983d17bb
                • Instruction Fuzzy Hash: 99F0AF75640719ABEB24EA4C9C5AFA93BADFB40A54F20005DFB007B785D2A0A950CA95
                Function 015B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: af626a1fd48ce93b38a356019019b7bb8dd27961d32e0bece709f56fb2dded21
                • Instruction ID: e556e5e67d44f6aa9b70610324a4a6dcc02c878bf4333edfc40386924285a7e4
                • Opcode Fuzzy Hash: af626a1fd48ce93b38a356019019b7bb8dd27961d32e0bece709f56fb2dded21
                • Instruction Fuzzy Hash: A7713C71A0014A9FDB15DFA8CD94BAEB7F8BF48744F144465EA05EB291EB38ED01CB60
                Function 015AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                Download Yara Rule
                Strings
                • LdrResSearchResource Enter, xrefs: 015AAA13
                • LdrResSearchResource Exit, xrefs: 015AAA25
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                • API String ID: 0-4066393604
                • Opcode ID: e468e5e84bf198e212ac96c2ff69509ae08fd57aa65c09cd774ecdb172874588
                • Instruction ID: 65fab12d54d92ce3846a06434e626d4d650bb68de38b74e0fc7d0bbb1b624063
                • Opcode Fuzzy Hash: e468e5e84bf198e212ac96c2ff69509ae08fd57aa65c09cd774ecdb172874588
                • Instruction Fuzzy Hash: 58E19171E802199FEB26CF9DCD94BAEBBB9BF48350F50442AE901EB381D7749941CB50
                Function 0166A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: c34e93c28dd7446cfdc7954f0ed0c26b322c9d1f2ac0511681b8124322370655
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: 0EC1BE312043429BE724CF68CC41B6BBBE9AFD4318F084A2DF696EB291D775D905CB91
                Function 0161E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: 758d896da85da9fde24489c62da70637f9f1ff2f8202fb590a772a2890ef2982
                • Instruction ID: 2444766cc0fff04f8b78dd86111f67850dad79e257980ede947b767793315bf2
                • Opcode Fuzzy Hash: 758d896da85da9fde24489c62da70637f9f1ff2f8202fb590a772a2890ef2982
                • Instruction Fuzzy Hash: 48616D71E006099FEB15DFA8CC80BADBBB5FB48700F19446EEA49EB255D732E941CB50
                Function 016443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: @$MUI
                • API String ID: 0-17815947
                • Opcode ID: e2816eb86be2d7bf3cde7814991aba70da521b365de9f7ecc9212e6d40eaaafb
                • Instruction ID: 2fbea7d755f02d9904bf2bf9186370783a22a956c1b2c082d8c3f50aba343a57
                • Opcode Fuzzy Hash: e2816eb86be2d7bf3cde7814991aba70da521b365de9f7ecc9212e6d40eaaafb
                • Instruction Fuzzy Hash: B2510771E0021EAFDF15DFA9CC85BEEBBBCFB44654F100529E615BB290DB7099058BA0
                Function 015A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                Download Yara Rule
                Strings
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 015A063D
                • kLsE, xrefs: 015A0540
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                • API String ID: 0-2547482624
                • Opcode ID: 1a6503ce8631f4e391d74a35b00973b76fa4d4d409ab8679a9d41fd57058375d
                • Instruction ID: ded9aa301f4ad4ecef74ea096550d3d4919d8c7de61d1a78175052092aa785fd
                • Opcode Fuzzy Hash: 1a6503ce8631f4e391d74a35b00973b76fa4d4d409ab8679a9d41fd57058375d
                • Instruction Fuzzy Hash: D4519F715647428FD724EF68C5406ABBBE4BF85304F50483EE6DA8B281E770E545CB92
                Function 015AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Exit, xrefs: 015AA309
                • RtlpResUltimateFallbackInfo Enter, xrefs: 015AA2FB
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: 4343daf7f0991d8acba20368a6ebb35d9e6fb51e68ff39c39b73ccade2208d11
                • Instruction ID: c2caeaa774fedf8cb83946709b0add43b7f7217a057de71f32ea18ce461500a0
                • Opcode Fuzzy Hash: 4343daf7f0991d8acba20368a6ebb35d9e6fb51e68ff39c39b73ccade2208d11
                • Instruction Fuzzy Hash: EC418B30A44A55DBEB168F69D894B6EBBF4FF84704F1444AAE900DF391E3B5D900CB50
                Function 015DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: 741652cc824a68d61b2f8340d5eb8a2ef43d074ce76d13def1e3fee5bc865aff
                • Instruction ID: 6606729101c10bccacbe3d585eee9480237a754ff2292f0eda8a2ed841cba79a
                • Opcode Fuzzy Hash: 741652cc824a68d61b2f8340d5eb8a2ef43d074ce76d13def1e3fee5bc865aff
                • Instruction Fuzzy Hash: 3E01ADB2654704EFE321DF28CD46B2677E8F784715F048939A648CB190E3B4D804CB46
                Function 015AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 1d293f7b7b3a004418fa7ca700a6908ed37ba307bee72ce042f17f2ca8909900
                • Instruction ID: 558a6c79bad7980246e81e211297aa363e869ce17cc3d75845748bd4e49872ca
                • Opcode Fuzzy Hash: 1d293f7b7b3a004418fa7ca700a6908ed37ba307bee72ce042f17f2ca8909900
                • Instruction Fuzzy Hash: 4A827B75E802198FEB25DFA9C880BEDBBB1BF48310F94816AE919AF750D7709941CF50
                Function 01626420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 30d35625a6fd2a700ad5db7dbe5b7ac22d0f32ea6a2d68c9683d4bee11e4e0a4
                • Instruction ID: 85d8b0d30e63840847da8a1a3857ea34238e4e8d072fe1126b72db23fe22a4dd
                • Opcode Fuzzy Hash: 30d35625a6fd2a700ad5db7dbe5b7ac22d0f32ea6a2d68c9683d4bee11e4e0a4
                • Instruction Fuzzy Hash: C091407190062AAFEB21DF95CD85FAE7BB8FF54B50F104059EA00BB290D774A900CF61
                Function 0164E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 46031242494911736095bc26928249b190f6c1d02425a2ac905e2efd2497d3e2
                • Instruction ID: 694c04f4b7fe3ac5370d6d010109bd53fe289c45ac3294d27a6d3709df2af9df
                • Opcode Fuzzy Hash: 46031242494911736095bc26928249b190f6c1d02425a2ac905e2efd2497d3e2
                • Instruction Fuzzy Hash: 74915F31900606AFDB27ABA5DC84FAFBBB9FF85740F100069F505AB250D77A9902CB50
                Function 015DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: 5fde3f0170a0f0b2729d4e903b47a42350c8428d86ff5bda6b5e27bb610eb2a4
                • Instruction ID: d96a9fd865ec82e7dccef02c10ca1c6f2a44451b39bd48f5bd25546c250a9d3d
                • Opcode Fuzzy Hash: 5fde3f0170a0f0b2729d4e903b47a42350c8428d86ff5bda6b5e27bb610eb2a4
                • Instruction Fuzzy Hash: 49717379E0021ACFDF64CF9CD9906ADBBB1BF88710F18812EE905AB345E7719941CB60
                Function 01644978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: .mui
                • API String ID: 0-1199573805
                • Opcode ID: 1b818a0cab7b849155609b052ea03c0b084826d4a05c20feb3db4297eb315dff
                • Instruction ID: 7586acad639525a0c288a78f15760c4623584de063d4bf01cb15bcea8a736313
                • Opcode Fuzzy Hash: 1b818a0cab7b849155609b052ea03c0b084826d4a05c20feb3db4297eb315dff
                • Instruction Fuzzy Hash: BA519172D0022A9BDF14DF99DC42BAEBBB4BF44A54F05416AEE11BB344DB349801CBA4
                Function 015BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: EXT-
                • API String ID: 0-1948896318
                • Opcode ID: 15579acd4ca8d6d109aa5fe942dc826841e1a6d67070cc78d211aba27842064e
                • Instruction ID: f48e0bc769e3e2d0d0985378591c1ec5a78dbf5df06e77511a0d882bd9f8d78e
                • Opcode Fuzzy Hash: 15579acd4ca8d6d109aa5fe942dc826841e1a6d67070cc78d211aba27842064e
                • Instruction Fuzzy Hash: F3416F72508352ABD711DA69D882BEFBBE8FF88614F48092DF584EF180E674D9048796
                Function 0161C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: 89ada1fa60a23f3cdd0eca47bfc3d3e988116a86670a5f826b52a4b5d08b1cb6
                • Instruction ID: 54987069c2cebc73b12ff7b50b5fc72ac92578f0d67d6dcc2776586a73436b24
                • Opcode Fuzzy Hash: 89ada1fa60a23f3cdd0eca47bfc3d3e988116a86670a5f826b52a4b5d08b1cb6
                • Instruction Fuzzy Hash: D94163B1D4062EABDB21DA50CC84FDEBB7CAB44714F0545E5EB08AB144DB709E898FA4
                Function 01636B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: #
                • API String ID: 0-1885708031
                • Opcode ID: 89dfece819375e8fa7d1faf078b8d49ab8d0fe9a5c6b3c2ac0ca7fdd4a4751e6
                • Instruction ID: f5d89c837c50bded04e470a6207c9656701ad202ba5d931b1fa1f997fcdeb1c7
                • Opcode Fuzzy Hash: 89dfece819375e8fa7d1faf078b8d49ab8d0fe9a5c6b3c2ac0ca7fdd4a4751e6
                • Instruction Fuzzy Hash: FC31F631E00719ABEB26DF69CC54BEE7BB8EF85704F144068EA41AF282D775DA05CB50
                Function 0161CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: BinaryName
                • API String ID: 0-215506332
                • Opcode ID: a63a782797a08a2568e90e587d0fa8421fda5e010e0f4ec2fd3e7b2e0a09c53d
                • Instruction ID: a8ea60e4f82137144c5ebe0137ee92dd75ed3522d297841a9e38a8311f1bb4ca
                • Opcode Fuzzy Hash: a63a782797a08a2568e90e587d0fa8421fda5e010e0f4ec2fd3e7b2e0a09c53d
                • Instruction Fuzzy Hash: 56310536D4051AAFEB16DA59CC55E6FBBB4FF80710F054169E901EB254D730AE00D7E0
                Function 0162892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0162895E
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                • API String ID: 0-702105204
                • Opcode ID: 66edc3c43d79db8d7f3853d1d28b68cb11c579c72ceb4580950730a7ce4572ca
                • Instruction ID: db245512bb15459ced16f101e9be746ed1984a528a31e767f644c28e4d48b7ce
                • Opcode Fuzzy Hash: 66edc3c43d79db8d7f3853d1d28b68cb11c579c72ceb4580950730a7ce4572ca
                • Instruction Fuzzy Hash: 8301F732B10A329FEB256F5E9C84B6A7BADFFC1694B04105DF64217651CB207841CF97
                Function 01642000 Relevance: .8, Instructions: 757COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3365065bce0caaca77d22428606c8d37830a0938a0be52c2c52b90c91bf23b6
                • Instruction ID: 3750a3a6de343fd1f491c12af13a435c73a9703366d39e1fbced6e2ddae237c0
                • Opcode Fuzzy Hash: b3365065bce0caaca77d22428606c8d37830a0938a0be52c2c52b90c91bf23b6
                • Instruction Fuzzy Hash: 5F429D756083428FE725CF68DCA0A6FBBE5BF88700F29492DFA8297250D771D845CB52
                Function 01638158 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51166b39eb66b2bb94aaf2a54c118daba1ba342ccb122ad610c8bfadcc1caf7f
                • Instruction ID: 51fdef1d00592a2a0234e53a90928ff38181f9a42ac970fc333344ad85a7829e
                • Opcode Fuzzy Hash: 51166b39eb66b2bb94aaf2a54c118daba1ba342ccb122ad610c8bfadcc1caf7f
                • Instruction Fuzzy Hash: BE423A75A102198FEB25CF69CC81BEDBBF9BF88300F158199E949AB342D7349985CF50
                Function 015B2840 Relevance: .6, Instructions: 605COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bf9c8b902f00c84761796dbae1661add7181887ae2238783e4656a436456f6fe
                • Instruction ID: f12c834263e953324ef3aa4bc7c4f28cca6b41e1bde3adc7cfd8d04c971d69ae
                • Opcode Fuzzy Hash: bf9c8b902f00c84761796dbae1661add7181887ae2238783e4656a436456f6fe
                • Instruction Fuzzy Hash: 4832BB70A007568BDB2ACF69CC447BEBBF2BF84304F24451DD58A9B385D735A962CB60
                Function 0164A118 Relevance: .6, Instructions: 591COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a475f0ee403e7f5bd2bdb146303487afb6a4963a239fefdee607730a5e6ec6e0
                • Instruction ID: 67358a71aa5cfc50d960f23bd21620aba5246f617c223339e3676a67a988d903
                • Opcode Fuzzy Hash: a475f0ee403e7f5bd2bdb146303487afb6a4963a239fefdee607730a5e6ec6e0
                • Instruction Fuzzy Hash: 4D22EF74284661ABEB25CFADC890376BBF1AF44300F08845DE9878F786E335E452DB60
                Function 015A6A50 Relevance: .5, Instructions: 548COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b9cfb3395c8def213a255535cd3781d3b71469b6c693e6fea23aa23a4d5216f
                • Instruction ID: 2ce6ea69956b1a30838ff2d2f6bb4e642a501a0713cf19ed04e62c7c0b7d1d75
                • Opcode Fuzzy Hash: 7b9cfb3395c8def213a255535cd3781d3b71469b6c693e6fea23aa23a4d5216f
                • Instruction Fuzzy Hash: C732A271A01215CFDB29CF68C880BAEBBF1FF48310F588569E956AB791D774E841CB90
                Function 015C4A35 Relevance: .4, Instructions: 423COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction ID: 04aa80ec245e5a48b419f1b47d053e5279a78fe218fb192885a4aa5e6c9825cf
                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction Fuzzy Hash: 1DF15C74E0020A9FDB19DFD9C990AAEBBF5BF48B14F05852DE905AB350E774E841CB60
                Function 0163892B Relevance: .4, Instructions: 386COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f6edeb22f17ddc0ba366442da5dfb509eae79b28b98052b4855795192c78cfa
                • Instruction ID: 59baa22e5fe114c5858c3fe91a6f52b879415ef4c62400008b22d7159702b47d
                • Opcode Fuzzy Hash: 5f6edeb22f17ddc0ba366442da5dfb509eae79b28b98052b4855795192c78cfa
                • Instruction Fuzzy Hash: A4D1C371E0060A9BDF19CF69CC41AFEB7F9BFC8304F188269E956A7241D735E9068B50
                Function 015A65D0 Relevance: .4, Instructions: 383COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b8c7afc597a0c1681c8b965eae4ef9f5c26de58bb6a2bfbb722d2d4d928ee4c
                • Instruction ID: 4ae723b4600eb80c42b9789aa0c2b432fc2c67e8ee9ba3667a555e5ef75eb5f3
                • Opcode Fuzzy Hash: 3b8c7afc597a0c1681c8b965eae4ef9f5c26de58bb6a2bfbb722d2d4d928ee4c
                • Instruction Fuzzy Hash: 87E19071608342CFC715CF28C490A6EBBE0FF89314F59896DE9998B351EB31E905CB92
                Function 01598397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cdf1cbf640fccb705a23e72c9a1e34485ed565e2fd806c1d707e1bfb13c036ba
                • Instruction ID: c591dbc82ac292b584b87bd24bf82a9360d76153d2fad65c6b433c5d01c7beda
                • Opcode Fuzzy Hash: cdf1cbf640fccb705a23e72c9a1e34485ed565e2fd806c1d707e1bfb13c036ba
                • Instruction Fuzzy Hash: 47D1DE71A0020BDBDF14CF68C880ABEB7E5BF95204F14862DEA16DF280E735E954CB61
                Function 01628243 Relevance: .3, Instructions: 322COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction ID: 303b1f9696d4022fb4797883a9fe1f8656460d39850efd7e69ec850dcbc59ba0
                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction Fuzzy Hash: 36B17174A00A15AFDB24DB98CD44AABBBFEBF85304F14845DEA42A7790DB34E905CF50
                Function 015B0535 Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction ID: 8ae6b1b035d264c95dddbbe2fbaf068cfa0fbb979348ed84a66b91da4e797071
                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction Fuzzy Hash: 4FB19031604646AFDB26DB68C894BBFBBF6BF84200F144599E6529B3D1DB30ED41CB90
                Function 015A83C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4ac2b38e0326a8bd9b5f0c3f5569ed978e0d63e175cd198613bacaea7958369
                • Instruction ID: cccbff339eaa7d5fddeff6af6cd7f5bf3287b3eaf0d2cf47b14c9a2a0fa61bd0
                • Opcode Fuzzy Hash: c4ac2b38e0326a8bd9b5f0c3f5569ed978e0d63e175cd198613bacaea7958369
                • Instruction Fuzzy Hash: DDC146746083419FE764CF19C884BAFB7E5BF88304F44496DE9898B391E774E908CB92
                Function 0159C427 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 010e4bdbd7ba6aa786bf9ce590479f8e526545d72041e91868eecb7521532b64
                • Instruction ID: 2bdd8018e7abf6220ecc6c94c5f07c7b5456eb770966fd2b21d54544f8f6f0ec
                • Opcode Fuzzy Hash: 010e4bdbd7ba6aa786bf9ce590479f8e526545d72041e91868eecb7521532b64
                • Instruction Fuzzy Hash: AEB15170A002668BDB64DF58C890BADB7F5FF84700F0485E9D54AEB281EB74DD85CB21
                Function 015CE5E7 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8eb1d879e538774c0bddfcb5fcc9659f631cdbe349628a8a5b9f32ff17c437d
                • Instruction ID: 7deb89194b48a22e012561ec45281af3635f0257c0239ad3f7e6593318ebdb04
                • Opcode Fuzzy Hash: d8eb1d879e538774c0bddfcb5fcc9659f631cdbe349628a8a5b9f32ff17c437d
                • Instruction Fuzzy Hash: 61A1E131E006599FEB36CE98CC49BAEBFE4FB01B54F050159EA01AB2D1D7749D80CB91
                Function 015E0185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3cca73742a7a94c73b1fec895eaa69e62a686539ac3e781876fe29baeff373d
                • Instruction ID: 8a4199abc506f25abc8ffbd4ad81a955c21a31d47ac6dc51644b1214e2fef8f0
                • Opcode Fuzzy Hash: b3cca73742a7a94c73b1fec895eaa69e62a686539ac3e781876fe29baeff373d
                • Instruction Fuzzy Hash: B6A1F371F007169FEB28CF69C994BAAB7F5FF44314F044429EA05AB285DBB4E811CB90
                Function 01674500 Relevance: .3, Instructions: 275COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db1a2d11059d0cdf3e2b2b033ae548e9f89e003077d44464083d6f4d85df2c8d
                • Instruction ID: b50241e040904e516326796eef913aff18519835223a6d01cad58b9ea39304a3
                • Opcode Fuzzy Hash: db1a2d11059d0cdf3e2b2b033ae548e9f89e003077d44464083d6f4d85df2c8d
                • Instruction Fuzzy Hash: 05A1BB72A14212EFD722DF28CD84B6ABBE9FF88704F050528E5859B751DB34ED41CB91
                Function 016260E0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6f81d72b447e043704d3155f2e4a0766ed96f3b0ec5a1fb9020c334992ed327b
                • Instruction ID: 79420ebcf816fd43b3db9d604c702d7a8ddfaf087c176fc5d039d86fb53e0acf
                • Opcode Fuzzy Hash: 6f81d72b447e043704d3155f2e4a0766ed96f3b0ec5a1fb9020c334992ed327b
                • Instruction Fuzzy Hash: 32919271D01626AFDB15CFA8DC84BAEBFB5AF49710F158169EA10AB341D734E9008FA0
                Function 015BE3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 56fdc0d0125c33722486cdc025c103571f27af14b1949ee0c034291075ba0668
                • Instruction ID: 91a9530a2497353f7fc7a03313fea181d60b2a7d734ff9572869be4d9adcca9e
                • Opcode Fuzzy Hash: 56fdc0d0125c33722486cdc025c103571f27af14b1949ee0c034291075ba0668
                • Instruction Fuzzy Hash: 17912431A00616CBEB259B68C8C5BFEBBE2FF84714F094469E9059F381E738D941C7A1
                Function 015F6ACC Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8d85f4634323db4fa97e48750b2ce877e109c82f7bc254016b04d1c1e641abe
                • Instruction ID: 8e1e8760e035ce4c284ef50ee4d3f69148ad7e9c77c06f9652f431cc3e71f66a
                • Opcode Fuzzy Hash: d8d85f4634323db4fa97e48750b2ce877e109c82f7bc254016b04d1c1e641abe
                • Instruction Fuzzy Hash: 30819471E0061A9FDB28CF69D940ABEBBF9FB48700F04852EE555EB640E334D940CBA4
                Function 0166AB40 Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction ID: 57f51c955e561e2cbbb105b94ffbaaab15a2c5a8b69e2cf0a2040968ea0467d8
                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction Fuzzy Hash: E8818372A002069FDF19DF98C890AAEBBFAFF94310F14856DD916AB385D734E901CB50
                Function 015DE284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f1c3bbd02990c7bab33e1b5c7a80cbb7c5fac8e0af68d8c1947fbbd1742b653
                • Instruction ID: 38aeb8679c8fef874dc3ad8ab577be1ca59d5bfa1f7c96e4b858bda7738330e6
                • Opcode Fuzzy Hash: 9f1c3bbd02990c7bab33e1b5c7a80cbb7c5fac8e0af68d8c1947fbbd1742b653
                • Instruction Fuzzy Hash: 6A816171A00609AFDB25CFA9C881AEEBBF9FF88354F14442DE555AB350DB70AC45CB60
                Function 015BC640 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bcbc663a960165fba1bf2b26b17684129884988acc229b24305ac78c2d3728f2
                • Instruction ID: f403600237f4599df80f77a2684e946c7a189e9e30cbca83a1643ec23b1535b5
                • Opcode Fuzzy Hash: bcbc663a960165fba1bf2b26b17684129884988acc229b24305ac78c2d3728f2
                • Instruction Fuzzy Hash: EA71BE75C00625DBCB2ACF59D9907FEBBB9FF58710F14461AE842AB390E7709811CB94
                Function 016547A0 Relevance: .2, Instructions: 202COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fdc73de78dfef5c5a696b4c0c564fe0e16604c98ca57d26ebbf8457416978add
                • Instruction ID: 583d3f80ca49b20293c74eb93c72be00690b615f842c483da04c8203fc7f82cc
                • Opcode Fuzzy Hash: fdc73de78dfef5c5a696b4c0c564fe0e16604c98ca57d26ebbf8457416978add
                • Instruction Fuzzy Hash: CD718071901305EFDFA4CF69DE44A9ABBFDFF80300F10519AEA15AB258EB718984CB54
                Function 015B260B Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d578a1ca5618dc8a6f9a66e680fa1adb05631fcc61f9e6ae2e26e8dc7660fd30
                • Instruction ID: 2f680c78ec33ea6d752e3d68c1f2e7cf6eb3faf5d37df39191642a27229c69c6
                • Opcode Fuzzy Hash: d578a1ca5618dc8a6f9a66e680fa1adb05631fcc61f9e6ae2e26e8dc7660fd30
                • Instruction Fuzzy Hash: 7A71B3356046428FD316DF2CC884BAAB7E5FF84310F0585A9E859CF352EB34E846CBA5
                Function 0162035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: 41b138b6722fe9e49b13fb7f6106a8f3678a5c8d7aa34e80c38e00bcce3cfb91
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: 59716D71A0061AEFDB10DFA9C984ADEBBB9FF88704F104569E505BB250DB34EA01CF90
                Function 016362A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 24224c116169e4fcc55103bbd70c11754004054421f65b5a306ecd7c85c4eb2b
                • Instruction ID: fde371a17abdb0eb53cd944325dfa9b42493bdb80e863e65990bb7cedf17916d
                • Opcode Fuzzy Hash: 24224c116169e4fcc55103bbd70c11754004054421f65b5a306ecd7c85c4eb2b
                • Instruction Fuzzy Hash: 8171D232A00702BFEB269F18CC44F66BBF6FF80710F148418E6569B2A1D775EA45CB50
                Function 015A8AA0 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 610954898b22620461fbcce992b054b5999af30bd349f6d457226a2642acafde
                • Instruction ID: 298d3ff1da6f310880e4bc02a83e70f60d6f41a99fcf7ced8f5a7488b112341f
                • Opcode Fuzzy Hash: 610954898b22620461fbcce992b054b5999af30bd349f6d457226a2642acafde
                • Instruction Fuzzy Hash: B6818E72A043168FDB29CF9CD998BAEB7B5BF88314F55912DD900AB281C7749D42CB90
                Function 0165A250 Relevance: .2, Instructions: 184COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 22e532d026b938ccde3b20d2c095f967f970a6ec40f846fcde398f5b96ce8552
                • Instruction ID: 424e6d923604d0788196e5bc153cd0110afe212b6716830a7c8a324bc32c1ca4
                • Opcode Fuzzy Hash: 22e532d026b938ccde3b20d2c095f967f970a6ec40f846fcde398f5b96ce8552
                • Instruction Fuzzy Hash: F351AE72905612AFD751DEA8CC84E6BBBE8EFC4750F010A29BE80DB250D770ED0587A2
                Function 01648350 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41aef3a10b00a1919575264aa9818109171f438917f32599ed5aae947294cbe6
                • Instruction ID: 59d5ddb64c5449b8c95602eca9147109ad7e8b0cc0ecbf798cb2fd2cfce23b3c
                • Opcode Fuzzy Hash: 41aef3a10b00a1919575264aa9818109171f438917f32599ed5aae947294cbe6
                • Instruction Fuzzy Hash: 3151AC70900705DFD721DFAAC884AABFBFDBF94710F10461ED292976A1C7B0A945CB90
                Function 015DE443 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e34761498080e15225bdeedc2a38c69c631c88907abf85b29d6ccbd6ab266dbd
                • Instruction ID: cb5500e48e1e434df34d32bc4d67ff33df55260d5902f108ab93b4889b6cae48
                • Opcode Fuzzy Hash: e34761498080e15225bdeedc2a38c69c631c88907abf85b29d6ccbd6ab266dbd
                • Instruction Fuzzy Hash: 49516971210A06DFCB62EFA9C981EAAB7F9FF54784F44082AE5429B260D730E941CB50
                Function 01644180 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a42598a332f88076d822fd556469786bf51ad087e9b53562bd074615b0028c4
                • Instruction ID: 5524b1ac8ae0a80e865bbe68dbd0ff17761ef1e4ce91622763fa8c0e283b2244
                • Opcode Fuzzy Hash: 2a42598a332f88076d822fd556469786bf51ad087e9b53562bd074615b0028c4
                • Instruction Fuzzy Hash: DB5177716083429FD755DF2AC882A6BBBE5BFC8A08F44492DF589C7350EB30D905CB96
                Function 015C45B1 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction ID: 435bdac57da02f5b8de852bf51b939641892914b4ecf7f8099f10c260ae32c6e
                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction Fuzzy Hash: 76516B75E0021AAFDF169FD4C850FAEBBF5BF45B50F148069EA01AF240E734D9458BA0
                Function 0162E9E0 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction ID: c24aeb48241edab3b3603103553082d674777939644aaa2ac507753e7b0e54d7
                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction Fuzzy Hash: 7251E931D00A2AEFDF119B94CD94BAEBB79BF40315F114275D91267290D7729D41CFA0
                Function 01668B28 Relevance: .2, Instructions: 152COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49946f2f22956c7e76cf5dc3a2b4212deeae5bfb2cfeb7342d8512028940ec33
                • Instruction ID: aef7e4ace824de62a26ec685685b2ecd60913bd85ecf5bcece776fb9bd6ef0b2
                • Opcode Fuzzy Hash: 49946f2f22956c7e76cf5dc3a2b4212deeae5bfb2cfeb7342d8512028940ec33
                • Instruction Fuzzy Hash: 4641DFB1701712ABEB29DB3DCC94B7BBB9EEFD0220F088219E95597384DB34D801C691
                Function 0162CBF0 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 47d192992e1f12b4d0393d552389557b428a4c3d171545a1e362371e25b50193
                • Instruction ID: 2a193166c413f4b160a32f71bb0ddcbdd5b4a6b449a8f3e4cf7b0d5045d7f0ae
                • Opcode Fuzzy Hash: 47d192992e1f12b4d0393d552389557b428a4c3d171545a1e362371e25b50193
                • Instruction Fuzzy Hash: 37519D72A0062ADFCB20DFA9CD909AEBBB9FF88354B514919D505AB700D770AD01CFE0
                Function 015DA430 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 479624dce9102d82fb9d39f12dd4ac7905021d4127d1a56d94355a7ce52357e0
                • Instruction ID: 67b39759f711aee7516d56e721a3a66dffc5c49bc8b7fc4bd40dacd09be8b61c
                • Opcode Fuzzy Hash: 479624dce9102d82fb9d39f12dd4ac7905021d4127d1a56d94355a7ce52357e0
                • Instruction Fuzzy Hash: 244124326002029BDF39EF6CECC1F6A37A9FB94708F05546CE9029F245D7B29810CBA1
                Function 0166A9D3 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction ID: 8784567ec55377bae0f3389ddb7f53dc3e9d6feacf828c4223efa451790e0603
                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction Fuzzy Hash: 3541C331600716AFD725CFA8CD84A6AB7ADFF80214B05862EED529B740EB30ED05C794
                Function 015D01F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 67f3f020b267802873f329343c6865bfdd98f3cf4eb1aa91351d3439834991ac
                • Instruction ID: 7e9d05b84b5be5354794704a23d7271d92129cbbd574944e8b6085c93df39dac
                • Opcode Fuzzy Hash: 67f3f020b267802873f329343c6865bfdd98f3cf4eb1aa91351d3439834991ac
                • Instruction Fuzzy Hash: C1418B76D0121A9BDB24DF9CC440AEEBBB4BF88710F14816AF915EB390DB359D41CBA4
                Function 015CEBFC Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4bc93b43a9b83a68492316d3880d5c21e1b4eb7e332268157575ba63f937b248
                • Instruction ID: 6a7596d81a033589926471fef3c6fdcf9da7b09aeb04b6418d0e6ab1c42cc8d5
                • Opcode Fuzzy Hash: 4bc93b43a9b83a68492316d3880d5c21e1b4eb7e332268157575ba63f937b248
                • Instruction Fuzzy Hash: 0141D2722003029FD725DF68CC85A5BBBE9FF88624F00486DE557CB751DB75E8448B61
                Function 015E2750 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction ID: 3f177929e5863a1f54d66caa748f6df3b2bd01551ed21434b9f9a739a43b96ca
                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction Fuzzy Hash: 9C516A75A02255CFCB15CF98C980AAEF7B2FF84710F2881A9D915EB355D730AE42CB90
                Function 015A6154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8f9443b37d5a12a628038dd2f7a4a8eec1733fe5689296ba4c685eb65c4d473c
                • Instruction ID: fd2f42aac6f8a3e6a2af6298afb2830dd702691daede72fee41f5e2df87ca9e2
                • Opcode Fuzzy Hash: 8f9443b37d5a12a628038dd2f7a4a8eec1733fe5689296ba4c685eb65c4d473c
                • Instruction Fuzzy Hash: B551F470940217DBDB2A8B28CC44BEDBBB5FF51314F1882A9E519AF2C1D734A981CF90
                Function 015A0BCD Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b36ae62c4b8ecc040f67c9eaab8dcd429a3a6184810f5370b2d4ef3f4798229
                • Instruction ID: fc1db3318ae18d9475b90268026b3e44f42b2652e1f4749f3e4bd67b05dba293
                • Opcode Fuzzy Hash: 4b36ae62c4b8ecc040f67c9eaab8dcd429a3a6184810f5370b2d4ef3f4798229
                • Instruction Fuzzy Hash: 4C419371A502299FDB21DF68C941BEEB7B4FF45740F4100A9EA08EF291D7749E81CB91
                Function 015A0D59 Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd6ebcc467aca9e20a3b27dc87559e278ef60b6cd0f4a6a22388a98a8157b573
                • Instruction ID: d1469ccbed57acf5e16705d0cc7040455d3ce4144816d095445428b7ca2b9b94
                • Opcode Fuzzy Hash: fd6ebcc467aca9e20a3b27dc87559e278ef60b6cd0f4a6a22388a98a8157b573
                • Instruction Fuzzy Hash: 8841B375A503199FEB21DF28CC80BAE77E9BB55614F40049AFA459F2C1D770ED40CB51
                Function 0166866E Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction ID: 6bb0d7da48c38e25a3378f230488a321eddc394374e10ce5f1714a3f97aa8160
                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction Fuzzy Hash: D1419175B10316ABEB15DFA9CC84ABFBBBEAF88600F144069E904E7341DB74DD0187A0
                Function 015A0887 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df5c2009624c8f8dd5c03252687a05251be5bea9a84b927c5194963ab27a88a1
                • Instruction ID: a6e4c420ea6e3e731dd4634461c7b7a0395a6490f619c23d74721ad35dceed33
                • Opcode Fuzzy Hash: df5c2009624c8f8dd5c03252687a05251be5bea9a84b927c5194963ab27a88a1
                • Instruction Fuzzy Hash: 7E41C4716507029FE725CF28C880A2ABBF9FF89314B504A6DE5478FA90E730F855CB94
                Function 015CA470 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 35f5628bce818368f246457668ac82777ccee208d91266d0292936630ff08200
                • Instruction ID: 57768729c9337a095b727263c36124434dfb666e5d258d9e95ac197db8853105
                • Opcode Fuzzy Hash: 35f5628bce818368f246457668ac82777ccee208d91266d0292936630ff08200
                • Instruction Fuzzy Hash: 5241BF3294021ACFDF25CFACDE887EE7BB4BB98754F044599D411AF285EB359901CBA0
                Function 015A8BF0 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f6d8e32304f1725687785f50dc7e4ab21fca12a2273c2d73e49c0b91dd1e5ec3
                • Instruction ID: 52782b22c6025d874ff50539caddba82d6b9709dea6721aa702dedfa1174970f
                • Opcode Fuzzy Hash: f6d8e32304f1725687785f50dc7e4ab21fca12a2273c2d73e49c0b91dd1e5ec3
                • Instruction Fuzzy Hash: A941DB32A40203CFD7299F5CDD94AAEBBB9FBD4604F65802ED9019F255DB359842CF90
                Function 01598918 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96813b85a3877839569b6e03fa15996c930e2d3e60231838085e57536287d311
                • Instruction ID: 3a14f0bda2c49d2687f31e83fe48ab34ca1ee2cee441eec141c4a7adbb04773c
                • Opcode Fuzzy Hash: 96813b85a3877839569b6e03fa15996c930e2d3e60231838085e57536287d311
                • Instruction Fuzzy Hash: E3416D325183069ED712DF69C840A6BB7E9FF85B54F40092EFA84DB250E730DE048BA3
                Function 0159A020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: b0b9ef4d6d34a548db8d2decc42baa065b1c09193b1a6d44824ee577337d8802
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: D5412731A00212DBEF25DE69C4847BEBBB1FB90754F15C06EEA559F244D6329D80CBA2
                Function 015A09AD Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c8aef29c18627a2b10af3e8e78509e796452d89b22710180294659630816b63
                • Instruction ID: 0c172cd2e3b8bb40bcebd8c7cccaf2ab8fa48e8ba4229bbbe9b7a0321bcce98f
                • Opcode Fuzzy Hash: 7c8aef29c18627a2b10af3e8e78509e796452d89b22710180294659630816b63
                • Instruction Fuzzy Hash: E8417C71650601DFD721CF18C840B6ABBF4FF94314F64896AE549CF291E770E941CB90
                Function 015D0710 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction ID: 3ed717462462bb686bac8591569cfa33cb9c1ef49f70825b7a1b710b4cc77d05
                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction Fuzzy Hash: C241F475A00605EFDB24CFADC981AAABBF9FB18700F10496DE556DB691D330EA44CB90
                Function 015A262C Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcf1b593c472d7cbe066f1d71230525b17a5dbf959d53074095f26b158cb5292
                • Instruction ID: 4fbb2541ed98e9a393ebc99499478dcd8a02f0c5dba3d0b27783876ad7b37311
                • Opcode Fuzzy Hash: fcf1b593c472d7cbe066f1d71230525b17a5dbf959d53074095f26b158cb5292
                • Instruction Fuzzy Hash: 7041B1B1581702CFCB21EF28C941A6DBBF5FF94310F54856EC5069F6A1DB30AA41CB51
                Function 015DC8F9 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 74c78127e179dca3b6100452913d4698d8243be755ebe1c13499c68db5ae980b
                • Instruction ID: 03fa129ee7251dc09945cddc5ccc1c4b77479c7b0b3c6a4f1974b6d889a0c55e
                • Opcode Fuzzy Hash: 74c78127e179dca3b6100452913d4698d8243be755ebe1c13499c68db5ae980b
                • Instruction Fuzzy Hash: 843179B1A01346DFDB22CF68C440799BBF4FB49724F2085AED119EB251D776A902CB90
                Function 016207C3 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 20e3840ec191f18d8d0086afffad8d1964db5b39628e767dc553c891dc46c69f
                • Instruction ID: 95b74bae83b70e5d9454b77833cddfb7e32ffb6f23ebe7cbd56c1c99e43270ae
                • Opcode Fuzzy Hash: 20e3840ec191f18d8d0086afffad8d1964db5b39628e767dc553c891dc46c69f
                • Instruction Fuzzy Hash: 15418C72904711AFD720DF29CC45B9BBBE8FF88614F004A2EF998DB250D7709915CB92
                Function 016205A7 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b66369d3001ac5d85475928cd99d7cb6ef000294ac678fd9ddadd92941615546
                • Instruction ID: 7405d1e69b0e337e893d8d13ba39d34188624ceca36fe2c68fc1a8b460af9323
                • Opcode Fuzzy Hash: b66369d3001ac5d85475928cd99d7cb6ef000294ac678fd9ddadd92941615546
                • Instruction Fuzzy Hash: EF41C472504A629FD324DF68CC80A6AB7E9FFC8740F14061DF9549B780E730E914CBA6
                Function 015A4859 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29215ad8efcbdcf21b57cf9a1108239e1bbcfbcac65c999ce710f9a4b09204fc
                • Instruction ID: d44f611daaed2216b832b58f2c7b1b9e81b644cb6a79c368b2fde08ee972c2ad
                • Opcode Fuzzy Hash: 29215ad8efcbdcf21b57cf9a1108239e1bbcfbcac65c999ce710f9a4b09204fc
                • Instruction Fuzzy Hash: 3F419E712403028FD725DF68D894B2EBBE9BF80354F58482DE6458F2A1DBB0D965CB92
                Function 015B02E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: 6b0912b01b4857e2abd1685ad568d1a55f3fb8162437f2ce8cd287f26c2600ca
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: C8310631A05245AFDB228B68CC84BEFBBF9BF54350F0445A5F425DB392D6749844CB60
                Function 0164E3DB Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 528681b196285f14aa05104b5962e621f207033e0524143f7589fc06d976b74c
                • Instruction ID: 5c1f73cc505bfb733c0dc7d82e50e952e48a19fa0e95e6017f710e09ffcbb322
                • Opcode Fuzzy Hash: 528681b196285f14aa05104b5962e621f207033e0524143f7589fc06d976b74c
                • Instruction Fuzzy Hash: 6831AA31751706ABD7229FA58C81FAF77A5FF98B50F010068F600AF391DAA9DD05C790
                Function 01654B4B Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a38079dab3264ce8199ddef744e33876f5d6a2bd637bba7842d866dde194d39
                • Instruction ID: b2265c0d98f8df850a5d91ffd7a6130eddcc9561d6ab327a9b1aeeb365d91b39
                • Opcode Fuzzy Hash: 9a38079dab3264ce8199ddef744e33876f5d6a2bd637bba7842d866dde194d39
                • Instruction Fuzzy Hash: B031CF326052018FC721DF19DC80E66B7FAFFC1360F0A44AEE9959B351EB30A895CB91
                Function 015A4260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0c6d2e7331ee800925a96a48052f51e3e2aad540b0719a40b04f0ab7b98b46b9
                • Instruction ID: d7d42e7c8edb864144aeccdd17d7b4db677a48f265eb13ecb05957434ad0d959
                • Opcode Fuzzy Hash: 0c6d2e7331ee800925a96a48052f51e3e2aad540b0719a40b04f0ab7b98b46b9
                • Instruction Fuzzy Hash: 01419E71240B46DFD726CF68C885BDB7BE9BF45354F048829E6998B390D7B4E844CB90
                Function 01654BB0 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 17802cff268928a8828930eaa33864c46bdacd70eb082103c91136bbc423ee2d
                • Instruction ID: 12fb91e4558ef41016800faee1d3a451615de3862dd8973ec2da66ae3d485a22
                • Opcode Fuzzy Hash: 17802cff268928a8828930eaa33864c46bdacd70eb082103c91136bbc423ee2d
                • Instruction Fuzzy Hash: 6C3169716043029FD360DF28CC80A6AB7E5FBC4620F0549ADF9659B391EB30E895CBA1
                Function 0161EB1D Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bfc6d1a0fd01e46b028c385a9c9bd73e0ae7c424d687ba7834e9cdfaf9783381
                • Instruction ID: b676a3487ddc7836e7423a60e70b5f266447d9f8ddb774469b5bfe9952aaffa5
                • Opcode Fuzzy Hash: bfc6d1a0fd01e46b028c385a9c9bd73e0ae7c424d687ba7834e9cdfaf9783381
                • Instruction Fuzzy Hash: 7F31B2717016829BF3235B5CCE88B65BBD8BF40B84F1D04A4AE469B7D5DB29D841C225
                Function 016661C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 303849b73798721dcab4566e64987abaac1d4ef91bf7c2219a49d48b2cfb592d
                • Instruction ID: 3fa76dd1caa57a4f27d1f3a06621c5488b959975b462d1e9ccd2f74bcef9a405
                • Opcode Fuzzy Hash: 303849b73798721dcab4566e64987abaac1d4ef91bf7c2219a49d48b2cfb592d
                • Instruction Fuzzy Hash: EF31B076A0025AABDB15DF98DC84BAEB7BDFB44B40F458168E900EB244D770AD01CBA4
                Function 0164483A Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 569b488c344368cf610736a675464cacaf7736c2e0bb9489381d98794f70a905
                • Instruction ID: 6af9896d591fc334b8957761cb113f5db8b5b1d89cf316ff31d0770d7c3f23c1
                • Opcode Fuzzy Hash: 569b488c344368cf610736a675464cacaf7736c2e0bb9489381d98794f70a905
                • Instruction Fuzzy Hash: 05313076A4012DABCF61DF54DC89BDEBBBABB98350F1400E5E508A7250DB309E919F90
                Function 015CEB20 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 70dc27dd73d04e4c9e816d355c813d44b88aab1bd3a0a7650fb0320b8ceb6e48
                • Instruction ID: b27434ee72f16759a292d26fda5d5dda5a2af40bf5c34ce370c2b8ebda2ecf85
                • Opcode Fuzzy Hash: 70dc27dd73d04e4c9e816d355c813d44b88aab1bd3a0a7650fb0320b8ceb6e48
                • Instruction Fuzzy Hash: 49317272E01219AFDB31DFA9CC41AAFBBF9FF44750F114469E515EB290D6749A008BA0
                Function 016660B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c9f622eb619560ee5963b684aef0999f0ad4900ce541ab624030accac7d35d63
                • Instruction ID: 11b55f28ed912b86968d7fd740a727e30521824fb8e91f6eaecf9f855a588e4d
                • Opcode Fuzzy Hash: c9f622eb619560ee5963b684aef0999f0ad4900ce541ab624030accac7d35d63
                • Instruction Fuzzy Hash: 8831B471A00606EFDB229FADDC50B6ABBBDBF84755F014069E506DB351DA70ED018BD0
                Function 015A07AF Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96e9258c53201abc6e0fe32c43d708c91f53be3c37e1fa133180ad95107113ab
                • Instruction ID: e01921e9592e2ed9ec08a1ed8903b58819176d604ea6fe9123cacfac4746e8b4
                • Opcode Fuzzy Hash: 96e9258c53201abc6e0fe32c43d708c91f53be3c37e1fa133180ad95107113ab
                • Instruction Fuzzy Hash: 8F31F132A94203DBC712DE28C890A6FBBE5FFD4250F414829FD05AF250DA30DC0187E5
                Function 015A8550 Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcff3e90688951e2b5b1f7d502ad0eac9fadf725a35c187ada65de56d4a7728d
                • Instruction ID: 790115fd6ba8d8d3e7cb0222fd289de3dbf42cd1a8133d91d843e39affe17abe
                • Opcode Fuzzy Hash: fcff3e90688951e2b5b1f7d502ad0eac9fadf725a35c187ada65de56d4a7728d
                • Instruction Fuzzy Hash: F23178B16093029FE725CF19C848B2BBBE5BF88700F44496DE9899B391D770E844CB91
                Function 015DA6C7 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction ID: 03cd372d9100808772fc6eec5f7c87afe00cf5c0bb700d0d91d781e17be3cba6
                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction Fuzzy Hash: 203116B2B00B01AFD775CF6DCD40B57BBF8BB48A50F09092DA99AC7650E770E9008B60
                Function 0164EBD0 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1cbcc952d9e84bdc51905fc0f0b50fa78070930be89dbd8e4c8e42be7e5cab6
                • Instruction ID: eef724e8978fb34d70265e961967fcb96243fb1d75db46d0158d43822eabe54c
                • Opcode Fuzzy Hash: f1cbcc952d9e84bdc51905fc0f0b50fa78070930be89dbd8e4c8e42be7e5cab6
                • Instruction Fuzzy Hash: 4931ABB1605302CFCB11DF19C98086ABBF5FF89214F0449AEE4A99B351D336E945CF9A
                Function 015C438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b7564392e023054c7b0d3403579d7d51d6a2aee688ce2912a4197248ab8bcae6
                • Instruction ID: 8ad289ea81ea605a344dcc264f546fc750c637a0d2889a027d5f6503be090668
                • Opcode Fuzzy Hash: b7564392e023054c7b0d3403579d7d51d6a2aee688ce2912a4197248ab8bcae6
                • Instruction Fuzzy Hash: 1A31B131B102069FD724EFE8CD90EAEBBF9BB94B44F108529D105DB294D730E941CBA0
                Function 0159CB7E Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction ID: 78310ca43e725cfa379a74d573cddcfb21a2955825c3076cc2df2b016412366b
                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction Fuzzy Hash: C821F536E0025BAADB109BB9C841BAFBBB5FF54740F0584399A19EF240E270D90087A2
                Function 0159C156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a249ffbe301289f375029df5658a5975677c4a96fa7bd5c5a9621828c9196f0d
                • Instruction ID: c0bf0f6e3c995b86e5d37f3bab6c8fc16a5e00f5ea1e0a9e1ffc25780fbf7028
                • Opcode Fuzzy Hash: a249ffbe301289f375029df5658a5975677c4a96fa7bd5c5a9621828c9196f0d
                • Instruction Fuzzy Hash: C1313B725002118BDB21AF58CC81BAD7BB4BF91314F5485ADDA459F382EA74D981CBA0
                Function 0165C3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: a9b40fff1bb5f075c151704a52c45c6dc9a9d2e6a26e2661710bfc07e0e75b5c
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: 30210836A00757A6CF25AB95CC00EBEBFB9EF80614F40801EFE958A691E734D940C3A0
                Function 0159E420 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 79debc56e60cb46763e4724e1bd417a76a356160c78e606e97b3bf0899e76918
                • Instruction ID: 7a722a4d9833ac94648cf59c2d7772d47f6112a24c54acd3caee172c5360faa2
                • Opcode Fuzzy Hash: 79debc56e60cb46763e4724e1bd417a76a356160c78e606e97b3bf0899e76918
                • Instruction Fuzzy Hash: 1F31C431A0011D9BDF35DB18CC42FEE77B9FB55740F0104A1E649AF290D674AE808FA2
                Function 015D4588 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction ID: 920051e0f3de64bd65dac81885e08b730f523f1dfea034c7bd05b9a82af0c5db
                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction Fuzzy Hash: B7216075A00649EFCB25CF58C980A8EBBA5FF48714F108465EE169F681D671EA05CB90
                Function 015D44B0 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bc8183334af5fc13e82c728e91a2da6b4acf6e2f59caf2285aed7a9afbb1b2df
                • Instruction ID: 324cf4d7baa471552bd595e9a8675ca520f4765509ec162feb3996c7892333fa
                • Opcode Fuzzy Hash: bc8183334af5fc13e82c728e91a2da6b4acf6e2f59caf2285aed7a9afbb1b2df
                • Instruction Fuzzy Hash: 9121BF726047469BCB22CF5CC880B6B77E4FB88760F444929F959AFA41D730E900CBA2
                Function 0159E388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: bc4c36d92915baebed1a525a749438d16b86a1830427bf09c50693734822ebae
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: E4319A31600605EFEB21CFA8C985F6AB7F9FF85354F1449A9E5568B290E730EE01CB51
                Function 0161E609 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eae44a1d263f6b4acd9cf390cc3a0cbb68506ea1e6d417198b38f2f842f4e84d
                • Instruction ID: 159fe1d2c58aa189ba5eaf3bf3a91ec4a8c01d7117d4c1273478906a43569618
                • Opcode Fuzzy Hash: eae44a1d263f6b4acd9cf390cc3a0cbb68506ea1e6d417198b38f2f842f4e84d
                • Instruction Fuzzy Hash: 1E319F75A00216DFCB19CF1CCC849AEB7B5FF84304B59485AEC099B399E732EA51CB90
                Function 015A8D59 Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                • Instruction ID: 7f6fc35d3430037e55db20cf892e3041a8af66ef1d9e77d99fe84c060c3ab595
                • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                • Instruction Fuzzy Hash: A62106316026429BE72B9B2CCD68B6A7BF4BF40790F1A08A8DD429B7D2E374D8418250
                Function 016206F1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da2a8c498cb0794506297ff1c64bf2c7fd6770442e784782ea29fb3d39ea5c03
                • Instruction ID: 9ce0f35d7d15d37ef7db493dbe01255a975af0649124a708f83ce423b932678c
                • Opcode Fuzzy Hash: da2a8c498cb0794506297ff1c64bf2c7fd6770442e784782ea29fb3d39ea5c03
                • Instruction Fuzzy Hash: 0A217C7190062AABCF25DF59CC81ABEB7F8FF48740B500069F941AB250D778AD52CFA1
                Function 0162019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 69570960d704c04754cacf2225dd56d7959fe216716b4d0b6be2a863a5e3b449
                • Instruction ID: f9a4409c852afa2916c071d0c3c6345fca30df66ab42f5c56f7d873fdaa1206b
                • Opcode Fuzzy Hash: 69570960d704c04754cacf2225dd56d7959fe216716b4d0b6be2a863a5e3b449
                • Instruction Fuzzy Hash: E5218D71A00A55AFD715DFA8CC84A69B7A8FF88740F14406AF904DB7A0D734ED40CB54
                Function 01620283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e045e69206ef1ab5c53649269f04afd6d1fa599247ed4c1ef291b0fac181ecb
                • Instruction ID: 60030cf31161c57830a94da7341b0e547464f8cb319e8b6d4d1c2ed5746b904f
                • Opcode Fuzzy Hash: 1e045e69206ef1ab5c53649269f04afd6d1fa599247ed4c1ef291b0fac181ecb
                • Instruction Fuzzy Hash: FC21FF72904A569FD311EF99CC84B9BBBECBFD1240F08485AFD808B251D734C904CAA2
                Function 015C2835 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 540ec7e507643951be4f22f3c907a328aeccd591c1dcfeca1d9cf82b8d86d57b
                • Instruction ID: 66c82562f5d5ba9badd7c90eaffdcccc930b0f35a87b477888d3d22b4d74518e
                • Opcode Fuzzy Hash: 540ec7e507643951be4f22f3c907a328aeccd591c1dcfeca1d9cf82b8d86d57b
                • Instruction Fuzzy Hash: 6121DA326457829FF3275BACCD54B5A3BD4BB41FA4F280768F920AF7D2D768C8018251
                Function 015DA30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e85251c4370d68214ba77ca2de43f4ccce33a377a0d222a0d5a5aede750756e5
                • Instruction ID: 0e78538b6d4883cd7ede3c462a2c16d8369195ebdd081da4274aadb14f56ba2a
                • Opcode Fuzzy Hash: e85251c4370d68214ba77ca2de43f4ccce33a377a0d222a0d5a5aede750756e5
                • Instruction Fuzzy Hash: 69219A392006019FCB29DF29CD40B5677F6BF48704F248468A509CF761E771E842CB94
                Function 0165A49A Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b15e263eff4098258660daf00c13a2c0d948cfbeac031bf10c09c7b8e58d5bfb
                • Instruction ID: ed990f1d22ebdded13bd8b7410603c18931f40802620b83ca045cd63bca5f691
                • Opcode Fuzzy Hash: b15e263eff4098258660daf00c13a2c0d948cfbeac031bf10c09c7b8e58d5bfb
                • Instruction Fuzzy Hash: A8110A72380A12BFD36259959C41F2B7A99DBD4B64F510169FB58CB280EB70DC018795
                Function 01620946 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6604eee508d0e92ae5e401a5dd5ea4bf7a449b6c25787507c80ad200f8fd015d
                • Instruction ID: 5df5be7f7d79d078f261e3b5fa64113fbb024b86b64d82625b71ae97e62fe9f6
                • Opcode Fuzzy Hash: 6604eee508d0e92ae5e401a5dd5ea4bf7a449b6c25787507c80ad200f8fd015d
                • Instruction Fuzzy Hash: B221E7B1E40259ABCB14DFAAD984AAEFBF9FF98600F10012EE405A7354D7709941CF54
                Function 016380A8 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction ID: 860aee4af5cf643d74c74ae56158f5020a9d23d37a208d40cb0fce2a7a979131
                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction Fuzzy Hash: AA216772A0020AAFDB129F98CC40BEEBBBAFFC8311F204859F900A7251D774D9518B50
                Function 015D0124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: a6da1651c7a1e394e31ec7a29046dd627d58a0f8792ab1782e5c97af94bab1dd
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: 2711B272601606AFD7229FA8CC41F9ABBB9FB80764F104429F6049F190D671ED44CB64
                Function 015A8770 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 17763023774f9dd080e6fc800b716470841f74c9029d5e74c65c8136519e3ead
                • Instruction ID: ff7d3b2ec34508c37cbe890fe3470858e79616f574b624858ea4be043aa56d82
                • Opcode Fuzzy Hash: 17763023774f9dd080e6fc800b716470841f74c9029d5e74c65c8136519e3ead
                • Instruction Fuzzy Hash: 8211BF327406119BDB15CF5DC580A2EBFE9BF8A712B9980ADEE089F204D6B2D911C790
                Function 015DAAEE Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction ID: 83f41f9e42c6bd903310b2174c21e37ce937572f5f63cc2fff2a781ef6f81d77
                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction Fuzzy Hash: A4217972600641DFE7368F4DC540A6AFBE6FB94B10F14887DE54A9B650C770EC02CB80
                Function 015A80E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d0cae27c8254ab9bf28c6830893b38fd49fefe49db38b9cb2279ba6844766a56
                • Instruction ID: 7253e293eb7a35236514c5cec2df27230d19879c8ea41f8017e5d6beee84612d
                • Opcode Fuzzy Hash: d0cae27c8254ab9bf28c6830893b38fd49fefe49db38b9cb2279ba6844766a56
                • Instruction Fuzzy Hash: 60214975A40206DFCB14CFA8C591AAEBBF5FB88319F64416DD105AB311DB71AD06CB90
                Function 015D674D Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 078a5b868511751fe878e64aa229ccdf80455d51c9cea16a8d74a4a73359ac45
                • Instruction ID: a4548f4635d751f8143eae288f7c7e363bedef180d67b253ad77f3a9721389b4
                • Opcode Fuzzy Hash: 078a5b868511751fe878e64aa229ccdf80455d51c9cea16a8d74a4a73359ac45
                • Instruction Fuzzy Hash: C9215C75610A01EFD735CF69C881B66B7E8FF84250F45882DE59ACB250EB70B851CBA0
                Function 01636870 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d7aee059dac856a1e94cb09ff5a1de51c052589b6d4a2dfa419ef599e55f80b9
                • Instruction ID: 2abf677bcd1a391eb5dc614e2eb960afa778e2dbc454c7659d3b6fd3ae9271d9
                • Opcode Fuzzy Hash: d7aee059dac856a1e94cb09ff5a1de51c052589b6d4a2dfa419ef599e55f80b9
                • Instruction Fuzzy Hash: 5B119172240516FFD722DB99CD40F9A77A8FFD9B50F114069F2059B291DA70EA01C7A0
                Function 015CE8C0 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42774133771fc529b348b5d75b7309a739a3d3c0935ca3a73daf945e44dc9b36
                • Instruction ID: e6b4379e8e0291857d445394d10488378d42be89fcba5cbc0b4f03034a3626f3
                • Opcode Fuzzy Hash: 42774133771fc529b348b5d75b7309a739a3d3c0935ca3a73daf945e44dc9b36
                • Instruction Fuzzy Hash: 8B11E5322001159FCF1ADE69CC92AAF765AFBD5670B25452DE9228F290EA309802C290
                Function 015D66B0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 984ca0a200d0226761e8581ebfe246916340ef30057fa3f889220f0432e0a844
                • Instruction ID: d64bd4abe6df74e0654c5782ef026478fe08c3742baa7565d416fece3f7508ef
                • Opcode Fuzzy Hash: 984ca0a200d0226761e8581ebfe246916340ef30057fa3f889220f0432e0a844
                • Instruction Fuzzy Hash: 60118C76A0120A9BCB35CF9DD980E5EBBF8BF98650B064079D9059F311E634DD02CBA0
                Function 0166A8E4 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction ID: 9b0aefe5257e3a2461cf81100c02ba29ac9ec6ff00b3d24d29a0c97de55fcfba
                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction Fuzzy Hash: 7811B236A10915AFDB19CB68CC05A9DBBBAEF84210F158269EC55A7380E671AD51CB80
                Function 015A0AD0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction ID: bcc27ec81c213d07cebf66c3a1efce9f6755ee4e32c77398c86c2dfd7a0db1fb
                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction Fuzzy Hash: 362106B5A40B059FD3A0CF29C580B56BBF4FB48B10F50492EE98ACBB40E371E814CB90
                Function 0162E7E1 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction ID: 9e71e28ebb3bc48fa7760128135fef216a3d6b8723e90db6526e3151f727e571
                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction Fuzzy Hash: 9E119131600A21EFE7219F48CC40B5A7BE5EB45754F178438E98A9B260D7BADC40DF90
                Function 015C27ED Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cccaf78c9ec032422d6063457df5a64b358a780865715910b91878b458d03eb
                • Instruction ID: 017bef1a34c0a886b0ae3d87588f11b11547622f947188a1614d8771a93b7d27
                • Opcode Fuzzy Hash: 5cccaf78c9ec032422d6063457df5a64b358a780865715910b91878b458d03eb
                • Instruction Fuzzy Hash: 8B012B322457466FE31B9AADDC84F6B7B8CFF80B90F050468F9019F280D624DC00C271
                Function 015A4690 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 17a57b70dcb68e9859e669e3a90c322f7ad6806874d47956a3fc135da1698587
                • Instruction ID: f65fbb82e54613ae24e06cab446a25bf58c90b4aed70039d9775f7fe882973db
                • Opcode Fuzzy Hash: 17a57b70dcb68e9859e669e3a90c322f7ad6806874d47956a3fc135da1698587
                • Instruction Fuzzy Hash: 0611CE36280681AFDB26CF9DD880B5E7FA8FB85664F484519F9048F250C7B0E801CF60
                Function 015D6620 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 617b7b69ea1492d3c8f78e0ea2698763759015e14070f751c360e37aa7064997
                • Instruction ID: 797bb49a370490047b07cc6b51e98b6e756c2bae1820c6feab6f36414975898e
                • Opcode Fuzzy Hash: 617b7b69ea1492d3c8f78e0ea2698763759015e14070f751c360e37aa7064997
                • Instruction Fuzzy Hash: F4113C76A00616ABDB32DF9DD980B5EFBB8FF84650F550459DA05AF204D770A902CBA0
                Function 015CEA2E Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ff94fff047d3704c9ffb28ba6644029a15732ffb4d6d7e624ff720db838d1a6
                • Instruction ID: 730ef091dbc2a1978bc5a9cd01ad3f76cbe6292e2c21caf0288ef485c11062c5
                • Opcode Fuzzy Hash: 1ff94fff047d3704c9ffb28ba6644029a15732ffb4d6d7e624ff720db838d1a6
                • Instruction Fuzzy Hash: E2016D715001069FC7269F19DC49E2ABBEDFB85614F24816FE1068B260D6B0AC46CB94
                Function 015CE53E Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction ID: acaf46eee6d3a793dee977fc30e843d026595ba66ef29df68853ec238687a54e
                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction Fuzzy Hash: 2011A0712416829FE7379B6CCD84B6A3BD4FB51B84F1904E4EE419F782F728C842C250
                Function 0162E75D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction ID: 95117f1fb2ee17d0ef7b5594a205edfc0ce03ad338b7b60f248e25a810caef02
                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction Fuzzy Hash: 8801D236700926AFEB219F58CC00FBA7AA9FB81750F158034EA059F2A0E772DD40CF90
                Function 0159A250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: 4bf47164d7f65d46052e36e218ac9f78501e565f049f32047a4650062d0716d9
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: 5301C4715057229BDF218F199840A667BF5FB9576070089ADF9958F681D731D400CB71
                Function 0161E1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e20105a8012bf8a2cd14b20fc66db9a568ef4d7efbe7f0c735a34900c8ea3073
                • Instruction ID: 7acd9808014d1a1892844f45cf6391ef9cf63226575042e2e3f59d5ab905e385
                • Opcode Fuzzy Hash: e20105a8012bf8a2cd14b20fc66db9a568ef4d7efbe7f0c735a34900c8ea3073
                • Instruction Fuzzy Hash: 37118B32241242EFDB16AF59CD91F5ABBB8FF98B94F240065ED059F661C335ED01CA90
                Function 015A6259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a8164bb5188706104c6517da46d3081f3e2035e7e5e29d7c1405e056cc6376bd
                • Instruction ID: 272730a2ccafa58d9cd4827f847810fe4f0077f9c15e9c4b1e6156de19dd9346
                • Opcode Fuzzy Hash: a8164bb5188706104c6517da46d3081f3e2035e7e5e29d7c1405e056cc6376bd
                • Instruction Fuzzy Hash: CC115E7194122AABDF69AB64CC45FED72B8BF44710F5041D4A314AA1E0D7709E81CF84
                Function 01626050 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b15aa00bca2e4e6c67f4bcbb75f9762d84cc8d28bfb06a08b2e1bd1683bf1b3b
                • Instruction ID: 9e927b520291d17b5accd1be2072d51d64a1f5d3d9825db95595506d3c187ebc
                • Opcode Fuzzy Hash: b15aa00bca2e4e6c67f4bcbb75f9762d84cc8d28bfb06a08b2e1bd1683bf1b3b
                • Instruction Fuzzy Hash: 9411177390001AABCB16DB94CC84DDFBBBCFF48254F044166E906E7211EA34AA15CBA0
                Function 015A208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: 8335b5bdbb3a0ddf1b0e3942122e4c58d9f822aaf5592b665518f0b7cad182e4
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: 790124332411118BEF118E6DD880B9E77ABBFC4700F9544AAEE058F246EA71CC81C3A0
                Function 01636500 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f6ef01b1ac72661cd6691ec6f0fa560b712fabc89b18c38ea978e430efffe28c
                • Instruction ID: a4622af3935c08754f92a55222bdcf99594fae71a0c74669cb964a9dca8d953e
                • Opcode Fuzzy Hash: f6ef01b1ac72661cd6691ec6f0fa560b712fabc89b18c38ea978e430efffe28c
                • Instruction Fuzzy Hash: E711E532600146AFC701CF18C800BA1B7B9FB96314F088169E844CB355D731ED41CBA0
                Function 0162C810 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b2bfa8c8967cbe4e920ce8c53aaa9aaca4294d46755df5aa72d95dde565521b
                • Instruction ID: 377565892ee93cbd0f04acf6355d19350e9f47336afdd5fa6978f3f491f4b9a2
                • Opcode Fuzzy Hash: 5b2bfa8c8967cbe4e920ce8c53aaa9aaca4294d46755df5aa72d95dde565521b
                • Instruction Fuzzy Hash: F5111FB1E002199FCB04DF99D545A9EBBF4FF58250F10405AE905EB351D674EA018B94
                Function 0164EA60 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 81bd05bc98b193e296741e99f19e12f5d3ab130021021f691f7e8d4711415cc0
                • Instruction ID: 88ab704b4df7c0c4902da7c0b189e6aafa7bb5442f1ceed8494f6c63aa17e115
                • Opcode Fuzzy Hash: 81bd05bc98b193e296741e99f19e12f5d3ab130021021f691f7e8d4711415cc0
                • Instruction Fuzzy Hash: F301D8311402129BCB32AF25CC84D7BBBB9FF92660B04442EE9455F751C736EC81CBA1
                Function 0159C020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: b9e1b4fc6a77a3e2434c91a0b1730e6fefca9ddefc2a371d2d881cb1ede12561
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: CE01B532100746DFEF229AAAC844AAF77F9FFC5654F04481DA6468F540EA74E441C751
                Function 015E20F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9ecc6207dfdd3330e751fb6a88081aa0f1936970c70dfbe4c27baa3aa0227a06
                • Instruction ID: 89b26e286297be4dcc16934366f9f0941bbe13edc2308c33d4aaf48bc8cca1a4
                • Opcode Fuzzy Hash: 9ecc6207dfdd3330e751fb6a88081aa0f1936970c70dfbe4c27baa3aa0227a06
                • Instruction Fuzzy Hash: 2C116D35E0124DAFCB09EFA4CC55EAE7BF9FB84740F004059E9059B254D635EE11CB90
                Function 015DE5CF Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8f518ea6f16ea7661f856339c93340709cedf22c8c926df4741e12f3a731bf68
                • Instruction ID: be75118d75fde44ea11b44588fa730a00f544e37e9a26c394179166bf2908527
                • Opcode Fuzzy Hash: 8f518ea6f16ea7661f856339c93340709cedf22c8c926df4741e12f3a731bf68
                • Instruction Fuzzy Hash: 38018F71211A02BFD751AF6ACDC4E97BBACFF956A4B040629B1099BA51DB24FC01C6B0
                Function 016369C0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 044b3de66a966e7965fb61d6969a06d60797f7610739e8878de7a76da51e6680
                • Instruction ID: 1ef587c04a649c3ad27194c2ac42c4ffe4581d1f3b8008aa02f0b4f91fdc5567
                • Opcode Fuzzy Hash: 044b3de66a966e7965fb61d6969a06d60797f7610739e8878de7a76da51e6680
                • Instruction Fuzzy Hash: 9A01F032214202EBC324DF6ADC88967BBE8FFD4660F114519ED5987280D7309912C7D1
                Function 0162C460 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5bf4ad412cb3a97d061f523879b65808ed866b3dce7cfb1a41a6f293b4e28513
                • Instruction ID: fbe85eab14a10a4a659da05ee6a22b93e62f02bed81f06423a7b94f5ff478cbf
                • Opcode Fuzzy Hash: 5bf4ad412cb3a97d061f523879b65808ed866b3dce7cfb1a41a6f293b4e28513
                • Instruction Fuzzy Hash: C8115B71A01219EBDB15EF68CC44EAE7BB9FB88340F004059F90197340DA34E911CF90
                Function 0162C97C Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a86e6a3483f43970f3d9747b642af1fe3bb6cb8ff91dc184a8b1d3f3385b2cb6
                • Instruction ID: 94efa08d870f97ee6b730a89508c262f7d033dba1b18560ba41cc4f636258145
                • Opcode Fuzzy Hash: a86e6a3483f43970f3d9747b642af1fe3bb6cb8ff91dc184a8b1d3f3385b2cb6
                • Instruction Fuzzy Hash: 941179B1A083099FC700DF69D84599BBBE8FF98710F00495AF998DB390E630E900CB92
                Function 0162CA11 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bc2d29c4e7b29f5ea7b4b110664ab735342ff8a21ea2db6952fd97926118e9ac
                • Instruction ID: 78631c1bab356d4811633474194a09d27dd2bece401a22687287932b4c128377
                • Opcode Fuzzy Hash: bc2d29c4e7b29f5ea7b4b110664ab735342ff8a21ea2db6952fd97926118e9ac
                • Instruction Fuzzy Hash: 9B1179B1A083099FC700DF69D84594FBBE8FF99750F00895AF958DB3A4E630E900CB92
                Function 01674A80 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction ID: 29bf7ef0fafaba91aa8e51eb80db6308419c08aeca1e92b1e980dcfb3affd67f
                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction Fuzzy Hash: D001D8322006029FD721AA5DDC48F96B7E6FBC5610F044819EA428B754DE70F841CB94
                Function 015BE016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: 21a871ac7679f7432496d433d4966001218ecc8a0e50a9b19202eb3c82cbe235
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: 9E017C322009849FE322861DC988FAA7BE9FB84754F0D08A5FA05CF691D638DC40C622
                Function 0159826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 71a3c740179eb060690500bf87b391a894e6ab6bb911eb8bfe175bec27f2d7a1
                • Instruction ID: 938030d35028612e3d8d2d350ac4f7e4ddcbdb762f57b1580f2669855d05c577
                • Opcode Fuzzy Hash: 71a3c740179eb060690500bf87b391a894e6ab6bb911eb8bfe175bec27f2d7a1
                • Instruction Fuzzy Hash: 04018F31B04909DFDF14EB69DC549AE77EEFF82620B5944A9DA01EF680EE20DD01C792
                Function 0164EB50 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 320aae6c2765bdcbbd83ffec705838de16a1768a45d9a57b65630561ecd63c01
                • Instruction ID: d1b642eb98bca917fd6b02fcbbfbd23b38a8f726a3ac6cc396d046672792496f
                • Opcode Fuzzy Hash: 320aae6c2765bdcbbd83ffec705838de16a1768a45d9a57b65630561ecd63c01
                • Instruction Fuzzy Hash: 7E018F71280702AFD7315E29DE41B56BAACBF95B60F11482EE2069F390D7B5E8418B68
                Function 015A2582 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dee18aad44a70940593188c7938fe15526eceb0ac7f2ef91c024b1ba59d2e1d7
                • Instruction ID: 1f5d26da3f0c0a8080c631fd7e9e829b645cb1142da797a6dc89d63b8cb76b91
                • Opcode Fuzzy Hash: dee18aad44a70940593188c7938fe15526eceb0ac7f2ef91c024b1ba59d2e1d7
                • Instruction Fuzzy Hash: 7AF0A932641711B7C732DB56CD41F5BBAAAFFC4B90F154429A6059F640D630ED01D6B0
                Function 015CC073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: add8df8e0d5d944f6f85c55b9d36e0d1767bb8e9d86abf46d9f5e8a3c23ece53
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: 6CF0C8B2600611AFD324CF4DDC40E57FBEAEBD1A80F048128E509DB220E631ED04CB50
                Function 0159C310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: aabc7c101413cdbb9597dee93b3631389f48214f58db03ae1cfc1a9c5952312c
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: 4CF0F633204A639BDF3216998840B6FAAD9BFD5A64F1A0035E20D9F244CA648D0296D3
                Function 015DCA6F Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction ID: 154156ba5cf307fa2f1be1907db8de61a413231b75c1e5e7532f39dd3a6701df
                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction Fuzzy Hash: 6001AD326416859BD332961DCD05B99BB98FF81750F0D44A9FA049F6A1DBB8C800C312
                Function 016761E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7dbbc5b6442233b5cbb9b9c6f5c7b1f36def7b869c24c8e7a934bfa6bc96057c
                • Instruction ID: 3d15a71f29cb73b3f8da0dfcd0aae23d4638a1cd64214cd2ccdf071139fbb0c9
                • Opcode Fuzzy Hash: 7dbbc5b6442233b5cbb9b9c6f5c7b1f36def7b869c24c8e7a934bfa6bc96057c
                • Instruction Fuzzy Hash: 68012C71A0064AABDB04DFA9D845AEEBBF8BF58710F14405AE505AB280D774AA01CB94
                Function 016263C0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction ID: b576f01f978516a871451e397e38b2e80216cdd4f5c35443263e8398ca0e11cd
                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction Fuzzy Hash: 8DF0127210001EBFEF019F94DD80DEF7B7EFF55698B104165FA1196160D635DD21ABA0
                Function 0162A4B0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3edcc2cd2b41c9880029b2522c248d3b534366e7691f63d0737284f38d4dc0a3
                • Instruction ID: 84503588d4953e0c243ddc23725b5f4f120831135743efc4788cd53e91bedc5b
                • Opcode Fuzzy Hash: 3edcc2cd2b41c9880029b2522c248d3b534366e7691f63d0737284f38d4dc0a3
                • Instruction Fuzzy Hash: 6F018536100619ABCF129E84DC40EDA7F6AFB4C764F068205FE1966A20C736D971EF81
                Function 0159C0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 514bc29c02697c3600db852cbaa52bbd6d5fa362abed3b0f8e2a111ad440953f
                • Instruction ID: 8c8ee5a63a68da382efe2ff3c0148d0e9ad216b7180d8a1b40509064b0223ffd
                • Opcode Fuzzy Hash: 514bc29c02697c3600db852cbaa52bbd6d5fa362abed3b0f8e2a111ad440953f
                • Instruction Fuzzy Hash: 40F059B27042425FFB109619AC06F3336DAF7C4750F65842AEB098F2C1FA70DC01839A
                Function 015D656A Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ecd861690e5327d5a23f6110e5083c8e08ef0c61dd91db9f25f13e99edcf59de
                • Instruction ID: abf48f106cf0a92c0278c7828f4df975491662e813621637fc5843ef0749f5f0
                • Opcode Fuzzy Hash: ecd861690e5327d5a23f6110e5083c8e08ef0c61dd91db9f25f13e99edcf59de
                • Instruction Fuzzy Hash: 3001A470600682DFE3329B2CCD48B6937E8BB40B40F880594FA02DF6DADB68D4428715
                Function 0164437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: 21c6aa0db0b03300340dbd6df347ebdd7238ff0ac77c63798e1c0c5aa0e74e62
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: 3FF0893634192347EB77AA6F9C11B2AA696AFD0D51B05052CA556CB740DF60DC018790
                Function 0162E872 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction ID: aff49091c92f8ce0ed7198841e1389421b235f0034736f54325c50ee88f846a3
                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction Fuzzy Hash: BDF054337519229BD3219A4ECC80F16B768BFD5A60F1A0175E6449F364C7A5EC028BD0
                Function 0162C89D Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 18b638dd68ac60aa90a7902ac8c18634ad5cfe7454a58eecfc74afd7bdb0de4c
                • Instruction ID: 434f7fd27023cb628c7adb6bd67995eac7e868c7189b9c011c14b2b7facb4a24
                • Opcode Fuzzy Hash: 18b638dd68ac60aa90a7902ac8c18634ad5cfe7454a58eecfc74afd7bdb0de4c
                • Instruction Fuzzy Hash: D7F0C2716057059FC314EF28C845E1FBBE4FF98710F40865AB898DB390E634EA01CB96
                Function 015D0854 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction ID: 920186777bd19c2cc30c246f2bdfc1f7e9434594949be26453cf45c632af8884
                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction Fuzzy Hash: 51F0E972610205AFE725DF25CC01F96B7E9FF98340F148478A545DB1A0FAB0ED01C764
                Function 0162C912 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad77cfe9ba1c2896c5c4be0f88891667fb79326d4436dc562f6f0e7c71d51783
                • Instruction ID: e75c6df671d0e0ce167787e8aa8e9dad3440d437a79f7e6f9792227867ac4e03
                • Opcode Fuzzy Hash: ad77cfe9ba1c2896c5c4be0f88891667fb79326d4436dc562f6f0e7c71d51783
                • Instruction Fuzzy Hash: C7F04F70A0124AEFCB04EF69D955A9EBBF4FF58340F008055A955EB385DA74EA01CB50
                Function 015A47FB Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b49ba3933f3b060d0eb895c73d1ac0922f7d40f7ecb9b7906da460497ae894dd
                • Instruction ID: b27fbef60559a15fefcdf9f1a12a82ca4049f177cef62129644b7d9983591450
                • Opcode Fuzzy Hash: b49ba3933f3b060d0eb895c73d1ac0922f7d40f7ecb9b7906da460497ae894dd
                • Instruction Fuzzy Hash: BFF090319966E39FE7228B9CE494B6D7BD4BB00620F8C496AD5598F502C7B4E880C651
                Function 01660115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6da4bc71e599409fd822b15552767d96e12d1c48c356c2880e43d15eb07304f8
                • Instruction ID: 0e677552dfbd305442f409deeda26954a7a426f68f15db30a2e1852e1fb88b91
                • Opcode Fuzzy Hash: 6da4bc71e599409fd822b15552767d96e12d1c48c356c2880e43d15eb07304f8
                • Instruction Fuzzy Hash: 2AF027264157818BCF325F7CEC503D1BB5DA741018F0920A9E8A057305C6749493C364
                Function 015DC5ED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b599122bedc1f2872536f19785da280bea228c25e71cb8ae7e840db4c019bc65
                • Instruction ID: 527ce56c4650b966d3525d56869474d79ef88e4bb6ff9b0fae14482afc6c249e
                • Opcode Fuzzy Hash: b599122bedc1f2872536f19785da280bea228c25e71cb8ae7e840db4c019bc65
                • Instruction Fuzzy Hash: 8AF0E2715226519FE732971CC188B59BBD4BB417A0F1C982DE5068F512C660E880CB50
                Function 015E2619 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction ID: 387fee6d3651f5c8d8df3e4e33502d458b369a356112caba64c01883d760c078
                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction Fuzzy Hash: 5EE0D8727406022BE7169F598CC4F477BAEFFD2B10F04447DB5045F252CAE2DD0986A4
                Function 01636030 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction ID: 5bbe51e42b2efb82ca4bd4897031bf2e0bcfce20ea788c3ca40358ff7a7aa543
                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction Fuzzy Hash: 9BF0A072100204AFE3218F09DE81F52F7F8EB85364F01C025E6089B260D37AEC40CBA0
                Function 015A0710 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction ID: dc4bccab5da73230d06ede4a9e3ff6f5b24dd7bf4b4b60697ecd7314e4d07702
                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction Fuzzy Hash: 0FF0E53A2043459FDB16CF19C440A997FE4FB41390F010458FD428F351D731E981CB55
                Function 015D49D0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction ID: f4f245272fa04d4b991e0ac4b7d3d2fc3e89e64e9259f03f330188e7b59bb70d
                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction Fuzzy Hash: B1E0D832254146AFD3311A5D8800B7A77E7FBD07A0F160429E2408F954DBF0DC80C7D9
                Function 0164678E Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction ID: bed2a4b6fc0db3993016432ad372967f617dbfae5ce71cfe5124f10fc715c372
                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction Fuzzy Hash: 7CE04872640215BBDB219759CD05F9A7EACEB94E90F154055F601DB194E570DE00D690
                Function 015A25E0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a00c165e6cec3a345d52dd301938dcf61c8cc715b11c2e404de18a9be5f6ffe
                • Instruction ID: 1adee32ff5fcff8088c08e9920a50d57f56ebfcaf06c5cec72ee03cd6d52ba54
                • Opcode Fuzzy Hash: 8a00c165e6cec3a345d52dd301938dcf61c8cc715b11c2e404de18a9be5f6ffe
                • Instruction Fuzzy Hash: C5E092321006559BC721BF69DD01F8A779EFFA0360F014515B1555B190CB70A810C7C4
                Function 0165A456 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction ID: 26104fe0357e83f79c6fe69358b25ef34495389d64cb7d9d9eef86e4ce3f8eb6
                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction Fuzzy Hash: 63E09231011613DFE7766FAACC4CB527EE4FF90711F148D2CA0961A6B0C7B598C1CA40
                Function 01624000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: 3ec668be6c2d0f4b85a59e9435e911feff4f6d2588d34c7dc97ee1e53edd43a2
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: 07E0C2343007158FE715CF1AC440B627BB6BFD5A10F28C068E9488F305EB36E882CB40
                Function 015DCA38 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ef901114994bbdc231e226480180e5c219c3f1333f13d2e0afb8c01a0035494
                • Instruction ID: b333d0315eaa99f7c165270d71b9048a028840f2b930d6aba019d7f70a2d9111
                • Opcode Fuzzy Hash: 5ef901114994bbdc231e226480180e5c219c3f1333f13d2e0afb8c01a0035494
                • Instruction Fuzzy Hash: 53D02B324E10216ECB36E52CBC44FD73A9DBB80720F0188A9F1089E010D595CC81D3C4
                Function 0159823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: a3569a6c7badadfba550a62b703d3b2bcd551490683049ac12d5014ec98dff2f
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: CDE0C232840A1AEFDF322F25DC44F5576E9FF95B10F204C6EE0811E0A887B4AC81CB45
                Function 015A2050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dd30df8a28bced1d5757bbe9f685f3d0b5ec2ac1d75d2e25c94fc8067e7adbe4
                • Instruction ID: c3c67ee4a6b9ce638fd8780c2715232bd3d99436e6e6d8576064eaaf60939b7b
                • Opcode Fuzzy Hash: dd30df8a28bced1d5757bbe9f685f3d0b5ec2ac1d75d2e25c94fc8067e7adbe4
                • Instruction Fuzzy Hash: F1E08C321405616BC311FE9DDD51E8A739EFFE4260F440121B1509B294CA60AC10C794
                Function 015D8A90 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction ID: 1e583e4c7ffdf3521f2bf283bd3ef9ea473712fd5b49f6547371adb2b4f194d4
                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction Fuzzy Hash: B5E04F33111A1487C728DE18D511A6677A4FB45730B09462AA6138B780C574E544C795
                Function 015F6AA4 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction ID: 9241a321ee7d349039a8d4158388a62cf76231bd24053d5c5a923b011b12a85b
                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction Fuzzy Hash: 87D05E36511A50EFC3729F1BEA00C53BBF9FFC4A10709062EA54587924C670E806CBA0
                Function 015DE59C Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction ID: e0b898caad1ad8740e96c2c1e4d8cc11aa7c0bb0a99167da086c079e105c4392
                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction Fuzzy Hash: B8D0A932224620ABD7B2AA1CFC00FC333E8BB88B20F0A0459B008CB154C360AC81CA84
                Function 0161E908 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction ID: 65ff0947c94f020a1e3823fa4443e9bc7008223dea94312c5c2da8cea0e34421
                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction Fuzzy Hash: 27E0EC359506859BDF53DFA9CA40F5EBBB5FB94B40F190454A5086F664C735E900CB40
                Function 0159A0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: 6e4fe60b9846fc5275d82b59ab7bfd0773838163571151d1e532a4aee4f64bec
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: 67D0223222203193CF285695A800FA76905FFC1A90F0A002C340AAB800C2148C42D2F0
                Function 015DA830 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction ID: 45de6d1f75cb4a200f6252188b3be26ae342433235455887294b564e73a16b66
                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction Fuzzy Hash: 31D012371E054DBBCB519FA6DC41F957BA9FBA4BA0F444020B5048B5A0C63AE950D584
                Function 015DCA24 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 358b9887f143b7aa9af23945905a3f3c61212e097758d035e88777ba64098001
                • Instruction ID: bbeff8119dc9e53feac32dc251fbb17f9ac6e4cc59a404f624301bd4c4128ac6
                • Opcode Fuzzy Hash: 358b9887f143b7aa9af23945905a3f3c61212e097758d035e88777ba64098001
                • Instruction Fuzzy Hash: 27D0A730552102CBDF26CF8CCD10D6E36B8FF20640B44006CE70057524D364FC11C740
                Function 015B02A0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction ID: 841c5033d08fa538e7438c1ed48efff6cbb26d30fb15f314d2f468ed78cce8d7
                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction Fuzzy Hash: E7D0C935212E80CFD62BCB0CC9A4B5A73B4BB44B44F810490F501CBBA2D62CD944CA00
                Function 015DC700 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction ID: ccf773aaee35b82dc135d919dfc5d1bf9a855c600ed1934fafc284f1c488c9be
                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction Fuzzy Hash: ACC012322A0648AFC752AA99CD41F427BA9FBA8B40F000021F2048B670C631E820EA84
                Function 015C0310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: 4a50a51bdd3ab35f1d9cf96849b95ef5e5e92891abf196b452599efe26cfb64a
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: 6ED01236100249EFCB01DF85C890D9A772AFBD8F10F109019FD190B6508A31ED63DA50
                Function 015A0750 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction ID: 8516e0ef21a31bb815dcc39fd2cca30af36bc7baba4d8da1b2345110353981ea
                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction Fuzzy Hash: E6C04879701A428FCF16DF2AD6D4F8977E4FB84780F160890E905DFB22E624E801CA10
                Function 015E4340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a01d78f79e5bb9643e21cfa62a4feb286cc97b856b9c5541d4b0664eb1f5b206
                • Instruction ID: d58513a0ca291f395633aa437d8cea2a056142e0857221d7d7388d6ff84fe879
                • Opcode Fuzzy Hash: a01d78f79e5bb9643e21cfa62a4feb286cc97b856b9c5541d4b0664eb1f5b206
                • Instruction Fuzzy Hash: 7A900231605800129540715848845464045F7E1311B59C415E1824954CCB54CA6A5361
                Function 015E4650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8b9865e7a168abd0434784c21f321c54ea8329961a9571e091f2f16662e60d50
                • Instruction ID: 0b6a207645f8f9d11ca742a750b07fbd4d2de228218e3dad05f14060a6f8daaf
                • Opcode Fuzzy Hash: 8b9865e7a168abd0434784c21f321c54ea8329961a9571e091f2f16662e60d50
                • Instruction Fuzzy Hash: ED900261601500424540715848044066045F7E2311399C519A1954960CC758C9699369
                Function 015E2B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1bb6a1c62360998ff2eedc19a6f85f9b9c9e4172c0911ef26eb7fbe8610ff72
                • Instruction ID: d569c51058d2ecf3e29643ff625d57e2e3441e78020c9d2aae99f8ab471d03e0
                • Opcode Fuzzy Hash: d1bb6a1c62360998ff2eedc19a6f85f9b9c9e4172c0911ef26eb7fbe8610ff72
                • Instruction Fuzzy Hash: 2C90026120240003450571584414616404AE7E1211B59C425E2414990DC665C9A56225
                Function 015E2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49d0824c6c34bbf2d384dc927bc0f47875b1b7fbc30fefd7c1afaaad60c124d5
                • Instruction ID: c044945311c9e70a8ec7e7972c3ae08a7142e8f6a4ba88eb482f6e82d02e5fca
                • Opcode Fuzzy Hash: 49d0824c6c34bbf2d384dc927bc0f47875b1b7fbc30fefd7c1afaaad60c124d5
                • Instruction Fuzzy Hash: DB90023120140802D5807158440464A0045E7D2311F99C419A1425A54DCB55CB6D77A1
                Function 015E2BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 88798e5ec5b51882c9f9a70f6d7b956685470960b9249be603b81ced63fcf6f5
                • Instruction ID: debb971c7c879b467167c0ac6ff2ec713f34cc232839c15aeda100315fe52be6
                • Opcode Fuzzy Hash: 88798e5ec5b51882c9f9a70f6d7b956685470960b9249be603b81ced63fcf6f5
                • Instruction Fuzzy Hash: 0D90023120544842D54071584404A460055E7D1315F59C415A1464A94DD765CE69B761
                Function 015E2B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f561f297c0d62e335bfa0445fe81aa1f7eea5ff818e17e8153ba2746ea8321d
                • Instruction ID: 5c41ead594921ec8ee1e66c1fa2aa9d020ebbde83de2d06462f5331aae3623ae
                • Opcode Fuzzy Hash: 9f561f297c0d62e335bfa0445fe81aa1f7eea5ff818e17e8153ba2746ea8321d
                • Instruction Fuzzy Hash: 6790023120140802D504715848046860045E7D1311F59C415A7424A55ED7A5C9A57231
                Function 015E2BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a50ca8d515f6226e0b799047274c373dbb8ab7b9c0e0fff5684f1a94a847e6f3
                • Instruction ID: bd1ca904743929f32ae4f581f2e5032fc7693bb0d879b31e0e7b9843d2330574
                • Opcode Fuzzy Hash: a50ca8d515f6226e0b799047274c373dbb8ab7b9c0e0fff5684f1a94a847e6f3
                • Instruction Fuzzy Hash: AF90023160540802D550715844147460045E7D1311F59C415A1424A54DC795CB6977A1
                Function 015E2AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af639566ed5ee3594d1ca8ba4fc939ccdb9caf138992645d99642f6accbe2045
                • Instruction ID: 5fe5ed90c7d822e32005a4f01dff6ab530e006fa2ab38025615d0bd398b5d937
                • Opcode Fuzzy Hash: af639566ed5ee3594d1ca8ba4fc939ccdb9caf138992645d99642f6accbe2045
                • Instruction Fuzzy Hash: 77900225211400030505B55807045070086E7D6361359C425F2415950CD761C9755221
                Function 015E2AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c478525b07cbf437296385a9a03ca72110a865f523e49cc98d561ab024dff1c
                • Instruction ID: dfa289596148c72172eeb2e4fa07ff662a48d986c3543c8c2d1e013a9f9d3c72
                • Opcode Fuzzy Hash: 1c478525b07cbf437296385a9a03ca72110a865f523e49cc98d561ab024dff1c
                • Instruction Fuzzy Hash: DE900225221400020545B558060450B0485F7D7361399C419F2816990CC761C9795321
                Function 015E2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: acfc12ad81d81229b1b6f92d0f336eb6cfd1308c4310275d81b4921e87cf54c9
                • Instruction ID: dd58f21ec59b52031ce87f5913dc17aad6f4156e0f3a5d5b583d08ba80b3dd7d
                • Opcode Fuzzy Hash: acfc12ad81d81229b1b6f92d0f336eb6cfd1308c4310275d81b4921e87cf54c9
                • Instruction Fuzzy Hash: D29002A1201540924900B2588404B0A4545E7E1211B59C41AE2454960CC665C9659235
                Function 015E2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e9076287c5dd130fc5059f7405ea8df75628fc9701ba1ef9f02754a202552fe
                • Instruction ID: c360d13b1aa07eecf759689180e49c5fd820626c9539402066adfb871a3a5da9
                • Opcode Fuzzy Hash: 0e9076287c5dd130fc5059f7405ea8df75628fc9701ba1ef9f02754a202552fe
                • Instruction Fuzzy Hash: 2A90022921340002D5807158540860A0045E7D2212F99D819A1415958CCA55C97D5321
                Function 015E2D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 201c64ee9fb9dd8a6629e3865507532926fae8164b32dc3eafbb3fe24a0df28d
                • Instruction ID: 1630573b802174b7b3c74e1393f28340896bcb95a28589d1b2fc556de0791573
                • Opcode Fuzzy Hash: 201c64ee9fb9dd8a6629e3865507532926fae8164b32dc3eafbb3fe24a0df28d
                • Instruction Fuzzy Hash: E390022120544442D50075585408A060045E7D1215F59D415A2464995DC775C965A231
                Function 015E2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f7b6da07615d885aede9b908f31f9c1ef784f820c56a045e3c221267342fb66
                • Instruction ID: f8d1a74bff9db89bd23e2012b10e3ea3adc276b4297d855ce802f05e4bdaca93
                • Opcode Fuzzy Hash: 7f7b6da07615d885aede9b908f31f9c1ef784f820c56a045e3c221267342fb66
                • Instruction Fuzzy Hash: 1F90022130140003D540715854186064045F7E2311F59D415E1814954CDA55C96A5322
                Function 015E2DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8d1e3aef3fa6c0c960e85f2596305ba08debdc88199295c9512731a16715cfde
                • Instruction ID: b80dbb9a21f128c9a447c68ac2a862c4d73916438f4d5fc71643ed023c7e1f3b
                • Opcode Fuzzy Hash: 8d1e3aef3fa6c0c960e85f2596305ba08debdc88199295c9512731a16715cfde
                • Instruction Fuzzy Hash: A0900221242441525945B15844045074046F7E1251799C416A2814D50CC666D96AD721
                Function 015E2DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 059d8e77bd0761c21c2715869ae28828f313bd634f7e4db1e178a2067cea6b2d
                • Instruction ID: 9622fa0ae5fbc3dcb18f5f910445527bfa2c4304d50526a5c789e25d437f9afd
                • Opcode Fuzzy Hash: 059d8e77bd0761c21c2715869ae28828f313bd634f7e4db1e178a2067cea6b2d
                • Instruction Fuzzy Hash: 4F90023124140402D541715844046060049F7D1251F99C416A1824954EC795CB6AAB61
                Function 015E2C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8f425856d75f902c976536d1418c9dccae26d6f05f3ffe5229524983ec5b2d72
                • Instruction ID: 1278b8da2db693a8db0366ff188dda21bdc2bec349a29221d4e255824f959ef5
                • Opcode Fuzzy Hash: 8f425856d75f902c976536d1418c9dccae26d6f05f3ffe5229524983ec5b2d72
                • Instruction Fuzzy Hash: 4990023120140842D50071584404B460045E7E1311F59C41AA1524A54DC755C9657621
                Function 015E2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d8f6420bdc23e5df7fd6569fc547e67f5c24eb711dbd134dbdf7ee6849cd838
                • Instruction ID: 66a78f29bbf1fccc795b8f6b7463a6d6de38761a84739956f80b839d174a8fb5
                • Opcode Fuzzy Hash: 4d8f6420bdc23e5df7fd6569fc547e67f5c24eb711dbd134dbdf7ee6849cd838
                • Instruction Fuzzy Hash: 9490022160540402D540715854187060055E7D1211F59D415A1424954DC799CB6967A1
                Function 015E2CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 26d1e2fb5f23538e30e83d295f66b93dd9fe3949ddc632b00698e2795b96bba4
                • Instruction ID: 460ff14e2501f4bf663d63dd26bf631d0fba57a67fad69e6fe7f0067281c15ed
                • Opcode Fuzzy Hash: 26d1e2fb5f23538e30e83d295f66b93dd9fe3949ddc632b00698e2795b96bba4
                • Instruction Fuzzy Hash: F190023120140403D500715855087070045E7D1211F59D815A1824958DD796C9656221
                Function 015E2CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7abb66835b867c8b763445104fda1915eb056d18efa8453181a0ed38e5ece5ef
                • Instruction ID: 313da631dc90c17d997dfa02c949b8b6be696d450951c6a56377f47678f56c87
                • Opcode Fuzzy Hash: 7abb66835b867c8b763445104fda1915eb056d18efa8453181a0ed38e5ece5ef
                • Instruction Fuzzy Hash: CB90023120140402D500759854086460045E7E1311F59D415A6424955EC7A5C9A56231
                Function 015E2F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 07b21c9c9f4cab476d044b7a59e57905448de7150d97a026fcf2c245d6d42725
                • Instruction ID: a47c0ab1a1240ec7f3331eff7beae05bf571bcfb2f81fa5740a8d75a6d362347
                • Opcode Fuzzy Hash: 07b21c9c9f4cab476d044b7a59e57905448de7150d97a026fcf2c245d6d42725
                • Instruction Fuzzy Hash: 9290026121140042D504715844047060085E7E2211F59C416A3554954CC669CD755225
                Function 015E2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37ac3e1f4f9a80171be43d2a2abddf4151378c2b9eb048b4e322f8dc68ba4762
                • Instruction ID: 17f1f69718f42ac034ccc462c7b7353c955d158648946190f5b963f55bf28dbc
                • Opcode Fuzzy Hash: 37ac3e1f4f9a80171be43d2a2abddf4151378c2b9eb048b4e322f8dc68ba4762
                • Instruction Fuzzy Hash: 1B90026134140442D50071584414B060045E7E2311F59C419E2464954DC759CD666226
                Function 015E2FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6146b53a90b08ef6d08745c93f030a5986adafe104908404ea0ad90fd539c3b0
                • Instruction ID: 6ae5b225b006c9b8aff1df121d1ff3b3d29e0d885b0966efc88e9848db14d20e
                • Opcode Fuzzy Hash: 6146b53a90b08ef6d08745c93f030a5986adafe104908404ea0ad90fd539c3b0
                • Instruction Fuzzy Hash: 3A900221211C0042D60075684C14B070045E7D1313F59C519A1554954CCA55C9755621
                Function 015E2F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd060379eb2f1bb65f213dadb96c224c123d0bb716caf54e3d2a8180961166e0
                • Instruction ID: cda687ccf70b5fdc325429613bdf85ff642804ccbdd53906eb6502b118c3bc38
                • Opcode Fuzzy Hash: fd060379eb2f1bb65f213dadb96c224c123d0bb716caf54e3d2a8180961166e0
                • Instruction Fuzzy Hash: E890023120180402D5007158481470B0045E7D1312F59C415A2564955DC765C9656671
                Function 015E2FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de2751416e27a85890c2dac091f4e74a46b91892be33028c96814616202a159c
                • Instruction ID: 45cf80b88893e66c4f6b7bf1b928fb144a20d4451cf405e7ab94a075b3325e85
                • Opcode Fuzzy Hash: de2751416e27a85890c2dac091f4e74a46b91892be33028c96814616202a159c
                • Instruction Fuzzy Hash: C6900221601400424540716888449064045FBE2221759C525A1D98950DC699C9795765
                Function 015E2FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6663065a2335922397552c71e41ee26ee9a2778ebf0d339831bad950e05a391a
                • Instruction ID: 851ff09026d3d419d89018b763a224e1d2409b7543577f1431cf08150d3e48ce
                • Opcode Fuzzy Hash: 6663065a2335922397552c71e41ee26ee9a2778ebf0d339831bad950e05a391a
                • Instruction Fuzzy Hash: 6990023120180402D500715848087470045E7D1312F59C415A6564955EC7A5C9A56631
                Function 015E2E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 35a80261d14cd4abbc7b6bf1f8b2f4f55fd28432e12a8f78728290228a03ea2a
                • Instruction ID: 04d5aac6ba1d06dc331bb2c5194a38e57d0a4f26e600823f61eeb9495919b5c0
                • Opcode Fuzzy Hash: 35a80261d14cd4abbc7b6bf1f8b2f4f55fd28432e12a8f78728290228a03ea2a
                • Instruction Fuzzy Hash: 4E90022130140402D502715844146060049E7D2355F99C416E2824955DC765CA67A232
                Function 015E2EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ecbfdca68264873a2784261b44a6c42ad31c0db0d5aa443b6d3b61e9814c945
                • Instruction ID: 73cb450efdaa118c992c9d7a8edef67ab9ca8d804092ff50a0341cb978ca0db9
                • Opcode Fuzzy Hash: 6ecbfdca68264873a2784261b44a6c42ad31c0db0d5aa443b6d3b61e9814c945
                • Instruction Fuzzy Hash: 2390026120180403D540755848046070045E7D1312F59C415A3464955ECB69CD656235
                Function 015E2E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 099f26de2676e9cac673516a4c2a52fd6440c2869945f9bc5eee4e2b922badf3
                • Instruction ID: df5e6c92caff67f8038d4ca0bdf73e1cc1f0d34029727014a295ea2398930705
                • Opcode Fuzzy Hash: 099f26de2676e9cac673516a4c2a52fd6440c2869945f9bc5eee4e2b922badf3
                • Instruction Fuzzy Hash: 5990022160140502D50171584404616004AE7D1251F99C426A2424955ECB65CAA6A231
                Function 015E2EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fdc87de22c98723c0a25403933ba7f987e3a700f6b22cf9a07de228556e39139
                • Instruction ID: 2181060ba03b64e4a85f407e5eb14a0ccd8b2a3505a2c6f6d21b4081caae3fd9
                • Opcode Fuzzy Hash: fdc87de22c98723c0a25403933ba7f987e3a700f6b22cf9a07de228556e39139
                • Instruction Fuzzy Hash: 5F90027120140402D540715844047460045E7D1311F59C415A6464954EC799CEE96765
                Function 015E3010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ec50d3fe3aaa522044bbae71e914dc74e69c1e156baec55f4e38077cbca42883
                • Instruction ID: afa0988c0c8fed295e4140ccb36ce5b5a4b6534d45a32e8ecb390e5dd0cc3959
                • Opcode Fuzzy Hash: ec50d3fe3aaa522044bbae71e914dc74e69c1e156baec55f4e38077cbca42883
                • Instruction Fuzzy Hash: 3990022120184442D54072584804B0F4145E7E2212F99C41DA5556954CCA55C9695721
                Function 015E3090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b7e1e95b324f1bfe9c0a39f048c18015398d376437f8b2c7e0aa5fd98c7297c8
                • Instruction ID: 30ffc61e4513a1bc317213b5e8af9bba14760cfa97542d4ee73aa2ccc25ba936
                • Opcode Fuzzy Hash: b7e1e95b324f1bfe9c0a39f048c18015398d376437f8b2c7e0aa5fd98c7297c8
                • Instruction Fuzzy Hash: 4890022124140802D540715884147070046E7D1611F59C415A1424954DC756CA7967B1
                Function 015E39B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c9ef9925ac3fe4842dd6fe82b206730aea3742623361fc8927f906d588901d2
                • Instruction ID: c8f4c5f070e7d877ee5dc7c750da11c88bb36362a26e58fe1b9c7f64a13724bf
                • Opcode Fuzzy Hash: 3c9ef9925ac3fe4842dd6fe82b206730aea3742623361fc8927f906d588901d2
                • Instruction Fuzzy Hash: 1190022124545102D550715C44046164045F7E1211F59C425A1C14994DC695C9696321
                Function 015E3D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa4fb9d7a42b94340692b2f0d967a6333a276a6d288aba42f8caacadfc329197
                • Instruction ID: 7e6f0f1ad742eb9dc54c70849561dc814ef21d75bece0c2d087825b19316f8cb
                • Opcode Fuzzy Hash: fa4fb9d7a42b94340692b2f0d967a6333a276a6d288aba42f8caacadfc329197
                • Instruction Fuzzy Hash: 6E90023520140402D910715858046460086E7D1311F59D815A1824958DC794C9B5A221
                Function 015E3D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e91ad2f4f834913d89a9dae64b5a23d653481bb42571b09940c7ba87d3636b04
                • Instruction ID: a112544ae882b583cccf405e31b6ccf7a1fd16917cb328c2e90362330899273e
                • Opcode Fuzzy Hash: e91ad2f4f834913d89a9dae64b5a23d653481bb42571b09940c7ba87d3636b04
                • Instruction Fuzzy Hash: 0190023120240142994072585804A4E4145E7E2312B99D819A1415954CCA54C9755321
                Function 015E2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: 77b8beae4a28986b96b67566907d6afa8240a6c534fa2fe420176292c5d37bc4
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 015E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 330c1ad558e58612efa87d7167b275dc8ec98c666b876f25348a944aa08fd141
                • Instruction ID: 1086b1e93a157f635e3547459174d4960ddaed1900142110c391427b14a4d478
                • Opcode Fuzzy Hash: 330c1ad558e58612efa87d7167b275dc8ec98c666b876f25348a944aa08fd141
                • Instruction Fuzzy Hash: 985116B6E04256AFCB15DFAC8C8497EFBFCBB48240B548169F455DB649D334DE4087A0
                Function 01652410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 00cfebeb43dede21c6cbb94e61292669edac3947fdd2d9f2393dcbca8799a58a
                • Instruction ID: 25880c8c99db5c2caf385e76717894a4c3adbd8574b40d1feb5fd1783398754a
                • Opcode Fuzzy Hash: 00cfebeb43dede21c6cbb94e61292669edac3947fdd2d9f2393dcbca8799a58a
                • Instruction Fuzzy Hash: 2D51E675A00646EECB64DF6CCCA097EBBF9EB44204F04845DE9D6D7642E7B4DA408760
                Function 015D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 016146FC
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01614655
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01614787
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01614725
                • ExecuteOptions, xrefs: 016146A0
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01614742
                • Execute=1, xrefs: 01614713
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 3df0f738fcf051c52f9863b83bbb06b36a9b3ba543be2226ed3df548dcc35fc9
                • Instruction ID: 3e3af68dcfec34329da07cc4a737dba287b182ec3f5d4faacc26ed7f564bcd3b
                • Opcode Fuzzy Hash: 3df0f738fcf051c52f9863b83bbb06b36a9b3ba543be2226ed3df548dcc35fc9
                • Instruction Fuzzy Hash: FB510A31A0021A7AEF21EAADDC85FAD7BB8FF59708F140499D505AF181EB709A41CF50
                Function 015EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: e1238378e3c1e77f0c3316ecc386b3fa13d3cec6074cdffeb004e94b30e5a8f9
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: 7581E170E4524A8EEF2D8E6CC8587FEBBF1BF45322F18465AD851AF691C7308840CB51
                Function 016520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: 2905ebc795567ab577073a88ce364ad14b4c7e0c7208a1d6eed577e5a7b97f20
                • Instruction ID: c842170e35986ad51c37ec74d1d55b2c52a8e06e595a5fe0a8b6256c5b42a2e1
                • Opcode Fuzzy Hash: 2905ebc795567ab577073a88ce364ad14b4c7e0c7208a1d6eed577e5a7b97f20
                • Instruction Fuzzy Hash: 1721837AE0011AEBDB60DF79CC50ABF7BECAF54640F44011AEE05D7200E7309A118BA1
                Function 015CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016102E7
                • RTL: Re-Waiting, xrefs: 0161031E
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016102BD
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 0f28f042852cd4302a4662dd521a550588369d1bb20ee0c3d5e97116fe120659
                • Instruction ID: 64febbf7df254bfb85ed83b33eea6c0f49853955504cc92aca84194f2cc415c5
                • Opcode Fuzzy Hash: 0f28f042852cd4302a4662dd521a550588369d1bb20ee0c3d5e97116fe120659
                • Instruction Fuzzy Hash: 81E1CE306047429FDB25CF68C884B6ABBE2BB84B14F144A5EF5A5CB3E1D774D885CB42
                Function 015DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Resource at %p, xrefs: 01617B8E
                • RTL: Re-Waiting, xrefs: 01617BAC
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01617B7F
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: 55d8ce24d3739bd335f2c18d4be00d4987b8a359d75a8f9fb6a0488ec9351db5
                • Instruction ID: 0c8c17f94cb2cd066512bf40a010c79ae9a0a9fe538678b62cf79dd07a5dfe89
                • Opcode Fuzzy Hash: 55d8ce24d3739bd335f2c18d4be00d4987b8a359d75a8f9fb6a0488ec9351db5
                • Instruction Fuzzy Hash: E641C0317017039FDB20DE2DCC40B6AB7E6FB9A710F100A5DE9569B280DB71E5058B91
                Function 015DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0161728C
                Strings
                • RTL: Resource at %p, xrefs: 016172A3
                • RTL: Re-Waiting, xrefs: 016172C1
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01617294
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: 7a7ae82eff832ce83d77fe64e77a2e15cff419c62f3f541ee94ad7b67a8bd797
                • Instruction ID: 914b7eb546666c05b54a7c9063245dda64420d117e68e67eda51351d8d1a3491
                • Opcode Fuzzy Hash: 7a7ae82eff832ce83d77fe64e77a2e15cff419c62f3f541ee94ad7b67a8bd797
                • Instruction Fuzzy Hash: 0641D031600616ABD721DE29CC41FAAB7A6FF95710F14861DF955EB340DB21E8428BD1
                Function 01652300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: 638b12263eea15451a7ae2fd5ed56937fc31de904e378891779fe0fa9dca57eb
                • Instruction ID: 7227dc3ed0f7c235fcaaaf713d5b87da17d1a76bc6233c8913d78b874d4d7806
                • Opcode Fuzzy Hash: 638b12263eea15451a7ae2fd5ed56937fc31de904e378891779fe0fa9dca57eb
                • Instruction Fuzzy Hash: 0B318672A0021ADFDB60DF2DCC50BEE77F8FB44610F440599ED49E7241EB30AA598BA0
                Function 015E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: 9cbd0fc63c2d8edd8896ac6f24e52438fed25dbaed28a09d23758ee899f9d974
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: FF917371E002169EEB2CDF6DC8896BEBBE5FF48720F14451AE975AF2C0E73099408791
                Function 015A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: a79f6badd34e1708eb222fbc6d7d80865972df8e8e48415d7818b05a86daa212
                • Instruction ID: dd3dc1783d25360d4061558543ee3ed48abc0dbf094956145853f80ea9688a05
                • Opcode Fuzzy Hash: a79f6badd34e1708eb222fbc6d7d80865972df8e8e48415d7818b05a86daa212
                • Instruction Fuzzy Hash: C1811C71D4027A9BDB368F54CC54BEEB6B8BF48754F0045EAAA19B7280D7305E84CF64
                Function 0162CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                Download Yara Rule
                APIs
                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0162CFBD
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.1991771105.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_1570000_xCSONUFhmq.jbxd
                Similarity
                • API ID: CallFilterFunc@8
                • String ID: @$@4_w@4_w
                • API String ID: 4062629308-713214301
                • Opcode ID: 2737f365a903608773b1fb9fbdc550a1f623143809d990b76a6a9fd1aeecba48
                • Instruction ID: de6f47e5984932c1fdec86b1bbac151a71a541fb8fabfbce666a50adba24ede1
                • Opcode Fuzzy Hash: 2737f365a903608773b1fb9fbdc550a1f623143809d990b76a6a9fd1aeecba48
                • Instruction Fuzzy Hash: C0416F71900626DFDB219FA9CC80AAEBBF8FF95B50F00412AEA15DF364D7749901CB61