Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
huuG7N3jOv.exe

Overview

General Information

Sample name:huuG7N3jOv.exe
renamed because original name is a hash value
Original sample name:916253d80d573744e31c15e708210d8642d08aeb4b97aba5c9f3e0d920dbb07f.exe
Analysis ID:1589001
MD5:60e504970223d064556d36ac006c3419
SHA1:97b61f1771b1cc207c2d022d77184d703b982c16
SHA256:916253d80d573744e31c15e708210d8642d08aeb4b97aba5c9f3e0d920dbb07f
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • huuG7N3jOv.exe (PID: 7516 cmdline: "C:\Users\user\Desktop\huuG7N3jOv.exe" MD5: 60E504970223D064556D36AC006C3419)
    • huuG7N3jOv.exe (PID: 7908 cmdline: "C:\Users\user\Desktop\huuG7N3jOv.exe" MD5: 60E504970223D064556D36AC006C3419)
    • huuG7N3jOv.exe (PID: 7916 cmdline: "C:\Users\user\Desktop\huuG7N3jOv.exe" MD5: 60E504970223D064556D36AC006C3419)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.1949195121.00000000015A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      Process Memory Space: huuG7N3jOv.exe PID: 7516JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.huuG7N3jOv.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.huuG7N3jOv.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: huuG7N3jOv.exeReversingLabs: Detection: 75%
            Source: huuG7N3jOv.exeVirustotal: Detection: 74%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.huuG7N3jOv.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.huuG7N3jOv.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.1949195121.00000000015A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: huuG7N3jOv.exeJoe Sandbox ML: detected
            Source: huuG7N3jOv.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: huuG7N3jOv.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: VjAkx.pdb source: huuG7N3jOv.exe
            Source: Binary string: wntdll.pdbUGP source: huuG7N3jOv.exe, 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: huuG7N3jOv.exe, huuG7N3jOv.exe, 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: VjAkx.pdbSHA256 source: huuG7N3jOv.exe
            Source: global trafficTCP traffic: 192.168.2.9:63936 -> 162.159.36.2:53
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.huuG7N3jOv.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.huuG7N3jOv.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.1949195121.00000000015A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0042CCB3 NtClose,5_2_0042CCB3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_01672DF0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_01672C70
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016735C0 NtCreateMutant,LdrInitializeThunk,5_2_016735C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01674340 NtSetContextThread,5_2_01674340
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01674650 NtSuspendThread,5_2_01674650
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672B60 NtClose,5_2_01672B60
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672BE0 NtQueryValueKey,5_2_01672BE0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672BF0 NtAllocateVirtualMemory,5_2_01672BF0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672BA0 NtEnumerateValueKey,5_2_01672BA0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672B80 NtQueryInformationFile,5_2_01672B80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672AF0 NtWriteFile,5_2_01672AF0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672AD0 NtReadFile,5_2_01672AD0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672AB0 NtWaitForSingleObject,5_2_01672AB0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672D30 NtUnmapViewOfSection,5_2_01672D30
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672D00 NtSetInformationFile,5_2_01672D00
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672D10 NtMapViewOfSection,5_2_01672D10
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672DD0 NtDelayExecution,5_2_01672DD0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672DB0 NtEnumerateKey,5_2_01672DB0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672C60 NtCreateKey,5_2_01672C60
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672C00 NtQueryInformationProcess,5_2_01672C00
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672CF0 NtOpenProcess,5_2_01672CF0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672CC0 NtQueryVirtualMemory,5_2_01672CC0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672CA0 NtQueryInformationToken,5_2_01672CA0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672F60 NtCreateProcessEx,5_2_01672F60
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672F30 NtCreateSection,5_2_01672F30
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672FE0 NtCreateFile,5_2_01672FE0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672FA0 NtQuerySection,5_2_01672FA0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672FB0 NtResumeThread,5_2_01672FB0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672F90 NtProtectVirtualMemory,5_2_01672F90
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672E30 NtWriteVirtualMemory,5_2_01672E30
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672EE0 NtQueueApcThread,5_2_01672EE0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672EA0 NtAdjustPrivilegesToken,5_2_01672EA0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672E80 NtReadVirtualMemory,5_2_01672E80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01673010 NtOpenDirectoryObject,5_2_01673010
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01673090 NtSetValueKey,5_2_01673090
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016739B0 NtGetContextThread,5_2_016739B0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01673D70 NtOpenThread,5_2_01673D70
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01673D10 NtOpenProcessToken,5_2_01673D10
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_00E7D5840_2_00E7D584
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_04ECE62E0_2_04ECE62E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_04ECE6300_2_04ECE630
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EE7F700_2_06EE7F70
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EEB4400_2_06EEB440
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EEB4300_2_06EEB430
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EEB0080_2_06EEB008
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EE80130_2_06EE8013
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EEAFF80_2_06EEAFF8
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EE7F610_2_06EE7F61
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EEABCD0_2_06EEABCD
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EEABD00_2_06EEABD0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0042F2535_2_0042F253
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_004022E05_2_004022E0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0041046B5_2_0041046B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_004104735_2_00410473
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_004025F05_2_004025F0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_00416DF35_2_00416DF3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_00416DAC5_2_00416DAC
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0040E6735_2_0040E673
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_004106935_2_00410693
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_00402F255_2_00402F25
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_00402F305_2_00402F30
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0040E7C35_2_0040E7C3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0040E7B75_2_0040E7B7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C81585_2_016C8158
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016301005_2_01630100
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DA1185_2_016DA118
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F81CC5_2_016F81CC
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F41A25_2_016F41A2
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_017001AA5_2_017001AA
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D20005_2_016D2000
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FA3525_2_016FA352
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164E3F05_2_0164E3F0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_017003E65_2_017003E6
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E02745_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C02C05_2_016C02C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016405355_2_01640535
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_017005915_2_01700591
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F24465_2_016F2446
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E44205_2_016E4420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016EE4F65_2_016EE4F6
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016407705_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016647505_2_01664750
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163C7C05_2_0163C7C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165C6E05_2_0165C6E0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016569625_2_01656962
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A05_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0170A9A65_2_0170A9A6
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164A8405_2_0164A840
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016428405_2_01642840
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E8F05_2_0166E8F0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016268B85_2_016268B8
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FAB405_2_016FAB40
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F6BD75_2_016F6BD7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163EA805_2_0163EA80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164AD005_2_0164AD00
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DCD1F5_2_016DCD1F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163ADE05_2_0163ADE0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01658DBF5_2_01658DBF
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640C005_2_01640C00
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630CF25_2_01630CF2
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0CB55_2_016E0CB5
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B4F405_2_016B4F40
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01682F285_2_01682F28
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01660F305_2_01660F30
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E2F305_2_016E2F30
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164CFE05_2_0164CFE0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01632FC85_2_01632FC8
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BEFA05_2_016BEFA0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640E595_2_01640E59
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FEE265_2_016FEE26
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FEEDB5_2_016FEEDB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01652E905_2_01652E90
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FCE935_2_016FCE93
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0167516C5_2_0167516C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162F1725_2_0162F172
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0170B16B5_2_0170B16B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164B1B05_2_0164B1B0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F70E95_2_016F70E9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FF0E05_2_016FF0E0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016EF0CC5_2_016EF0CC
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016470C05_2_016470C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162D34C5_2_0162D34C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F132D5_2_016F132D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0168739A5_2_0168739A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E12ED5_2_016E12ED
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165B2C05_2_0165B2C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016452A05_2_016452A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F75715_2_016F7571
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DD5B05_2_016DD5B0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016314605_2_01631460
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FF43F5_2_016FF43F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FF7B05_2_016FF7B0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F16CC5_2_016F16CC
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016499505_2_01649950
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165B9505_2_0165B950
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D59105_2_016D5910
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AD8005_2_016AD800
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016438E05_2_016438E0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FFB765_2_016FFB76
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B5BF05_2_016B5BF0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0167DBF95_2_0167DBF9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165FB805_2_0165FB80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B3A6C5_2_016B3A6C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FFA495_2_016FFA49
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F7A465_2_016F7A46
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016EDAC65_2_016EDAC6
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DDAAC5_2_016DDAAC
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01685AA05_2_01685AA0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E1AA35_2_016E1AA3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F7D735_2_016F7D73
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01643D405_2_01643D40
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F1D5A5_2_016F1D5A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165FDC05_2_0165FDC0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B9C325_2_016B9C32
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FFCF25_2_016FFCF2
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FFF095_2_016FFF09
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01603FD25_2_01603FD2
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01603FD55_2_01603FD5
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FFFB15_2_016FFFB1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01641F925_2_01641F92
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01649EB05_2_01649EB0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: String function: 0162B970 appears 280 times
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: String function: 016AEA12 appears 86 times
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: String function: 01687E54 appears 101 times
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: String function: 016BF290 appears 105 times
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: String function: 01675130 appears 58 times
            Source: huuG7N3jOv.exe, 00000000.00000000.1355480372.00000000004DE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVjAkx.exe< vs huuG7N3jOv.exe
            Source: huuG7N3jOv.exe, 00000000.00000002.1539341886.00000000028F8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs huuG7N3jOv.exe
            Source: huuG7N3jOv.exe, 00000000.00000002.1545271620.0000000008C50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs huuG7N3jOv.exe
            Source: huuG7N3jOv.exe, 00000000.00000002.1543973683.0000000005470000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs huuG7N3jOv.exe
            Source: huuG7N3jOv.exe, 00000000.00000002.1537519850.000000000090E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs huuG7N3jOv.exe
            Source: huuG7N3jOv.exe, 00000000.00000002.1540308948.00000000038B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs huuG7N3jOv.exe
            Source: huuG7N3jOv.exe, 00000005.00000002.1949330280.000000000172D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs huuG7N3jOv.exe
            Source: huuG7N3jOv.exeBinary or memory string: OriginalFilenameVjAkx.exe< vs huuG7N3jOv.exe
            Source: huuG7N3jOv.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: huuG7N3jOv.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal76.troj.evad.winEXE@5/1@0/0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\huuG7N3jOv.exe.logJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeMutant created: NULL
            Source: huuG7N3jOv.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: huuG7N3jOv.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: huuG7N3jOv.exeReversingLabs: Detection: 75%
            Source: huuG7N3jOv.exeVirustotal: Detection: 74%
            Source: unknownProcess created: C:\Users\user\Desktop\huuG7N3jOv.exe "C:\Users\user\Desktop\huuG7N3jOv.exe"
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess created: C:\Users\user\Desktop\huuG7N3jOv.exe "C:\Users\user\Desktop\huuG7N3jOv.exe"
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess created: C:\Users\user\Desktop\huuG7N3jOv.exe "C:\Users\user\Desktop\huuG7N3jOv.exe"
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess created: C:\Users\user\Desktop\huuG7N3jOv.exe "C:\Users\user\Desktop\huuG7N3jOv.exe"Jump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess created: C:\Users\user\Desktop\huuG7N3jOv.exe "C:\Users\user\Desktop\huuG7N3jOv.exe"Jump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: huuG7N3jOv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: huuG7N3jOv.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: huuG7N3jOv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: VjAkx.pdb source: huuG7N3jOv.exe
            Source: Binary string: wntdll.pdbUGP source: huuG7N3jOv.exe, 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: huuG7N3jOv.exe, huuG7N3jOv.exe, 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: VjAkx.pdbSHA256 source: huuG7N3jOv.exe
            Source: huuG7N3jOv.exeStatic PE information: 0xFB56AAAA [Fri Aug 17 02:30:02 2103 UTC]
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_00E7C69B push cs; iretd 0_2_00E7C6A6
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_00E7C817 push es; iretd 0_2_00E7C826
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_00E7B640 pushfd ; iretd 0_2_00E7B89E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_00E798A2 push ecx; iretd 0_2_00E798A3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_00E798B0 pushfd ; iretd 0_2_00E798BE
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_04EC4C35 pushfd ; retf 0_2_04EC4C41
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_04ECB1AF push eax; mov dword ptr [esp], edx0_2_04ECB1C4
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_04ECF180 push eax; retf 0_2_04ECF1A1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_04ECDCA0 push esp; ret 0_2_04ECDCA1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_04ECFF80 push es; iretd 0_2_04ECFF8E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_04ECFBA8 push cs; iretd 0_2_04ECFBB6
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EC0210 push cs; iretd 0_2_06EC021E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 0_2_06EE04C9 push AA5806EDh; iretd 0_2_06EE04D6
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0040D8D0 pushad ; iretd 5_2_0040D8D1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_004031B0 push eax; ret 5_2_004031B2
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0040D3DE pushad ; retf 5_2_0040D3DF
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_00414C77 push es; iretd 5_2_00414C79
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_00415DE9 push ebp; iretd 5_2_00415E4B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0040E61C push es; retf 5_2_0040E61D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_00405F99 push edi; retf 5_2_00405F9A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0160225F pushad ; ret 5_2_016027F9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016027FA pushad ; ret 5_2_016027F9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016309AD push ecx; mov dword ptr [esp], ecx5_2_016309B6
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0160283D push eax; iretd 5_2_01602858
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01601328 push eax; iretd 5_2_01601369
            Source: huuG7N3jOv.exeStatic PE information: section name: .text entropy: 7.257178365322933
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: huuG7N3jOv.exe PID: 7516, type: MEMORYSTR
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeMemory allocated: E70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeMemory allocated: EA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeMemory allocated: 8DE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeMemory allocated: 9DE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeMemory allocated: 9FF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeMemory allocated: AFF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0167096E rdtsc 5_2_0167096E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeAPI coverage: 0.6 %
            Source: C:\Users\user\Desktop\huuG7N3jOv.exe TID: 7536Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exe TID: 7920Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0167096E rdtsc 5_2_0167096E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_00417D83 LdrLoadDll,5_2_00417D83
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C4144 mov eax, dword ptr fs:[00000030h]5_2_016C4144
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C4144 mov eax, dword ptr fs:[00000030h]5_2_016C4144
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C4144 mov ecx, dword ptr fs:[00000030h]5_2_016C4144
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C4144 mov eax, dword ptr fs:[00000030h]5_2_016C4144
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C4144 mov eax, dword ptr fs:[00000030h]5_2_016C4144
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162C156 mov eax, dword ptr fs:[00000030h]5_2_0162C156
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C8158 mov eax, dword ptr fs:[00000030h]5_2_016C8158
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01636154 mov eax, dword ptr fs:[00000030h]5_2_01636154
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01636154 mov eax, dword ptr fs:[00000030h]5_2_01636154
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01660124 mov eax, dword ptr fs:[00000030h]5_2_01660124
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE10E mov eax, dword ptr fs:[00000030h]5_2_016DE10E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE10E mov ecx, dword ptr fs:[00000030h]5_2_016DE10E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE10E mov eax, dword ptr fs:[00000030h]5_2_016DE10E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE10E mov eax, dword ptr fs:[00000030h]5_2_016DE10E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE10E mov ecx, dword ptr fs:[00000030h]5_2_016DE10E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE10E mov eax, dword ptr fs:[00000030h]5_2_016DE10E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE10E mov eax, dword ptr fs:[00000030h]5_2_016DE10E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE10E mov ecx, dword ptr fs:[00000030h]5_2_016DE10E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE10E mov eax, dword ptr fs:[00000030h]5_2_016DE10E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE10E mov ecx, dword ptr fs:[00000030h]5_2_016DE10E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DA118 mov ecx, dword ptr fs:[00000030h]5_2_016DA118
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DA118 mov eax, dword ptr fs:[00000030h]5_2_016DA118
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DA118 mov eax, dword ptr fs:[00000030h]5_2_016DA118
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DA118 mov eax, dword ptr fs:[00000030h]5_2_016DA118
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F0115 mov eax, dword ptr fs:[00000030h]5_2_016F0115
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_017061E5 mov eax, dword ptr fs:[00000030h]5_2_017061E5
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016601F8 mov eax, dword ptr fs:[00000030h]5_2_016601F8
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F61C3 mov eax, dword ptr fs:[00000030h]5_2_016F61C3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F61C3 mov eax, dword ptr fs:[00000030h]5_2_016F61C3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE1D0 mov eax, dword ptr fs:[00000030h]5_2_016AE1D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE1D0 mov eax, dword ptr fs:[00000030h]5_2_016AE1D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE1D0 mov ecx, dword ptr fs:[00000030h]5_2_016AE1D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE1D0 mov eax, dword ptr fs:[00000030h]5_2_016AE1D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE1D0 mov eax, dword ptr fs:[00000030h]5_2_016AE1D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01670185 mov eax, dword ptr fs:[00000030h]5_2_01670185
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016EC188 mov eax, dword ptr fs:[00000030h]5_2_016EC188
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016EC188 mov eax, dword ptr fs:[00000030h]5_2_016EC188
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D4180 mov eax, dword ptr fs:[00000030h]5_2_016D4180
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D4180 mov eax, dword ptr fs:[00000030h]5_2_016D4180
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B019F mov eax, dword ptr fs:[00000030h]5_2_016B019F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B019F mov eax, dword ptr fs:[00000030h]5_2_016B019F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B019F mov eax, dword ptr fs:[00000030h]5_2_016B019F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B019F mov eax, dword ptr fs:[00000030h]5_2_016B019F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162A197 mov eax, dword ptr fs:[00000030h]5_2_0162A197
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162A197 mov eax, dword ptr fs:[00000030h]5_2_0162A197
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162A197 mov eax, dword ptr fs:[00000030h]5_2_0162A197
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165C073 mov eax, dword ptr fs:[00000030h]5_2_0165C073
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01632050 mov eax, dword ptr fs:[00000030h]5_2_01632050
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B6050 mov eax, dword ptr fs:[00000030h]5_2_016B6050
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162A020 mov eax, dword ptr fs:[00000030h]5_2_0162A020
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162C020 mov eax, dword ptr fs:[00000030h]5_2_0162C020
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C6030 mov eax, dword ptr fs:[00000030h]5_2_016C6030
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B4000 mov ecx, dword ptr fs:[00000030h]5_2_016B4000
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D2000 mov eax, dword ptr fs:[00000030h]5_2_016D2000
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D2000 mov eax, dword ptr fs:[00000030h]5_2_016D2000
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D2000 mov eax, dword ptr fs:[00000030h]5_2_016D2000
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D2000 mov eax, dword ptr fs:[00000030h]5_2_016D2000
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D2000 mov eax, dword ptr fs:[00000030h]5_2_016D2000
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D2000 mov eax, dword ptr fs:[00000030h]5_2_016D2000
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D2000 mov eax, dword ptr fs:[00000030h]5_2_016D2000
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D2000 mov eax, dword ptr fs:[00000030h]5_2_016D2000
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164E016 mov eax, dword ptr fs:[00000030h]5_2_0164E016
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164E016 mov eax, dword ptr fs:[00000030h]5_2_0164E016
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164E016 mov eax, dword ptr fs:[00000030h]5_2_0164E016
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164E016 mov eax, dword ptr fs:[00000030h]5_2_0164E016
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0162A0E3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016380E9 mov eax, dword ptr fs:[00000030h]5_2_016380E9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B60E0 mov eax, dword ptr fs:[00000030h]5_2_016B60E0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162C0F0 mov eax, dword ptr fs:[00000030h]5_2_0162C0F0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016720F0 mov ecx, dword ptr fs:[00000030h]5_2_016720F0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B20DE mov eax, dword ptr fs:[00000030h]5_2_016B20DE
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C80A8 mov eax, dword ptr fs:[00000030h]5_2_016C80A8
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F60B8 mov eax, dword ptr fs:[00000030h]5_2_016F60B8
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F60B8 mov ecx, dword ptr fs:[00000030h]5_2_016F60B8
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163208A mov eax, dword ptr fs:[00000030h]5_2_0163208A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D437C mov eax, dword ptr fs:[00000030h]5_2_016D437C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B2349 mov eax, dword ptr fs:[00000030h]5_2_016B2349
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B035C mov eax, dword ptr fs:[00000030h]5_2_016B035C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B035C mov eax, dword ptr fs:[00000030h]5_2_016B035C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B035C mov eax, dword ptr fs:[00000030h]5_2_016B035C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B035C mov ecx, dword ptr fs:[00000030h]5_2_016B035C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B035C mov eax, dword ptr fs:[00000030h]5_2_016B035C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B035C mov eax, dword ptr fs:[00000030h]5_2_016B035C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FA352 mov eax, dword ptr fs:[00000030h]5_2_016FA352
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D8350 mov ecx, dword ptr fs:[00000030h]5_2_016D8350
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A30B mov eax, dword ptr fs:[00000030h]5_2_0166A30B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A30B mov eax, dword ptr fs:[00000030h]5_2_0166A30B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A30B mov eax, dword ptr fs:[00000030h]5_2_0166A30B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162C310 mov ecx, dword ptr fs:[00000030h]5_2_0162C310
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01650310 mov ecx, dword ptr fs:[00000030h]5_2_01650310
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016403E9 mov eax, dword ptr fs:[00000030h]5_2_016403E9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016403E9 mov eax, dword ptr fs:[00000030h]5_2_016403E9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016403E9 mov eax, dword ptr fs:[00000030h]5_2_016403E9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016403E9 mov eax, dword ptr fs:[00000030h]5_2_016403E9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016403E9 mov eax, dword ptr fs:[00000030h]5_2_016403E9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016403E9 mov eax, dword ptr fs:[00000030h]5_2_016403E9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016403E9 mov eax, dword ptr fs:[00000030h]5_2_016403E9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016403E9 mov eax, dword ptr fs:[00000030h]5_2_016403E9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164E3F0 mov eax, dword ptr fs:[00000030h]5_2_0164E3F0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164E3F0 mov eax, dword ptr fs:[00000030h]5_2_0164E3F0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164E3F0 mov eax, dword ptr fs:[00000030h]5_2_0164E3F0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016663FF mov eax, dword ptr fs:[00000030h]5_2_016663FF
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016EC3CD mov eax, dword ptr fs:[00000030h]5_2_016EC3CD
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A3C0 mov eax, dword ptr fs:[00000030h]5_2_0163A3C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A3C0 mov eax, dword ptr fs:[00000030h]5_2_0163A3C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A3C0 mov eax, dword ptr fs:[00000030h]5_2_0163A3C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A3C0 mov eax, dword ptr fs:[00000030h]5_2_0163A3C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A3C0 mov eax, dword ptr fs:[00000030h]5_2_0163A3C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A3C0 mov eax, dword ptr fs:[00000030h]5_2_0163A3C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016383C0 mov eax, dword ptr fs:[00000030h]5_2_016383C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016383C0 mov eax, dword ptr fs:[00000030h]5_2_016383C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016383C0 mov eax, dword ptr fs:[00000030h]5_2_016383C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016383C0 mov eax, dword ptr fs:[00000030h]5_2_016383C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B63C0 mov eax, dword ptr fs:[00000030h]5_2_016B63C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE3DB mov eax, dword ptr fs:[00000030h]5_2_016DE3DB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE3DB mov eax, dword ptr fs:[00000030h]5_2_016DE3DB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE3DB mov ecx, dword ptr fs:[00000030h]5_2_016DE3DB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DE3DB mov eax, dword ptr fs:[00000030h]5_2_016DE3DB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D43D4 mov eax, dword ptr fs:[00000030h]5_2_016D43D4
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D43D4 mov eax, dword ptr fs:[00000030h]5_2_016D43D4
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162E388 mov eax, dword ptr fs:[00000030h]5_2_0162E388
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162E388 mov eax, dword ptr fs:[00000030h]5_2_0162E388
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162E388 mov eax, dword ptr fs:[00000030h]5_2_0162E388
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165438F mov eax, dword ptr fs:[00000030h]5_2_0165438F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165438F mov eax, dword ptr fs:[00000030h]5_2_0165438F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01628397 mov eax, dword ptr fs:[00000030h]5_2_01628397
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01628397 mov eax, dword ptr fs:[00000030h]5_2_01628397
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01628397 mov eax, dword ptr fs:[00000030h]5_2_01628397
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01634260 mov eax, dword ptr fs:[00000030h]5_2_01634260
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01634260 mov eax, dword ptr fs:[00000030h]5_2_01634260
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01634260 mov eax, dword ptr fs:[00000030h]5_2_01634260
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162826B mov eax, dword ptr fs:[00000030h]5_2_0162826B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E0274 mov eax, dword ptr fs:[00000030h]5_2_016E0274
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B8243 mov eax, dword ptr fs:[00000030h]5_2_016B8243
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B8243 mov ecx, dword ptr fs:[00000030h]5_2_016B8243
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162A250 mov eax, dword ptr fs:[00000030h]5_2_0162A250
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01636259 mov eax, dword ptr fs:[00000030h]5_2_01636259
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016EA250 mov eax, dword ptr fs:[00000030h]5_2_016EA250
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016EA250 mov eax, dword ptr fs:[00000030h]5_2_016EA250
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162823B mov eax, dword ptr fs:[00000030h]5_2_0162823B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016402E1 mov eax, dword ptr fs:[00000030h]5_2_016402E1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016402E1 mov eax, dword ptr fs:[00000030h]5_2_016402E1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016402E1 mov eax, dword ptr fs:[00000030h]5_2_016402E1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A2C3 mov eax, dword ptr fs:[00000030h]5_2_0163A2C3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A2C3 mov eax, dword ptr fs:[00000030h]5_2_0163A2C3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A2C3 mov eax, dword ptr fs:[00000030h]5_2_0163A2C3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A2C3 mov eax, dword ptr fs:[00000030h]5_2_0163A2C3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A2C3 mov eax, dword ptr fs:[00000030h]5_2_0163A2C3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016402A0 mov eax, dword ptr fs:[00000030h]5_2_016402A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016402A0 mov eax, dword ptr fs:[00000030h]5_2_016402A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C62A0 mov eax, dword ptr fs:[00000030h]5_2_016C62A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C62A0 mov ecx, dword ptr fs:[00000030h]5_2_016C62A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C62A0 mov eax, dword ptr fs:[00000030h]5_2_016C62A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C62A0 mov eax, dword ptr fs:[00000030h]5_2_016C62A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C62A0 mov eax, dword ptr fs:[00000030h]5_2_016C62A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C62A0 mov eax, dword ptr fs:[00000030h]5_2_016C62A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E284 mov eax, dword ptr fs:[00000030h]5_2_0166E284
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E284 mov eax, dword ptr fs:[00000030h]5_2_0166E284
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B0283 mov eax, dword ptr fs:[00000030h]5_2_016B0283
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B0283 mov eax, dword ptr fs:[00000030h]5_2_016B0283
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B0283 mov eax, dword ptr fs:[00000030h]5_2_016B0283
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166656A mov eax, dword ptr fs:[00000030h]5_2_0166656A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166656A mov eax, dword ptr fs:[00000030h]5_2_0166656A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166656A mov eax, dword ptr fs:[00000030h]5_2_0166656A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638550 mov eax, dword ptr fs:[00000030h]5_2_01638550
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638550 mov eax, dword ptr fs:[00000030h]5_2_01638550
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640535 mov eax, dword ptr fs:[00000030h]5_2_01640535
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640535 mov eax, dword ptr fs:[00000030h]5_2_01640535
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640535 mov eax, dword ptr fs:[00000030h]5_2_01640535
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640535 mov eax, dword ptr fs:[00000030h]5_2_01640535
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640535 mov eax, dword ptr fs:[00000030h]5_2_01640535
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640535 mov eax, dword ptr fs:[00000030h]5_2_01640535
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E53E mov eax, dword ptr fs:[00000030h]5_2_0165E53E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E53E mov eax, dword ptr fs:[00000030h]5_2_0165E53E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E53E mov eax, dword ptr fs:[00000030h]5_2_0165E53E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E53E mov eax, dword ptr fs:[00000030h]5_2_0165E53E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E53E mov eax, dword ptr fs:[00000030h]5_2_0165E53E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C6500 mov eax, dword ptr fs:[00000030h]5_2_016C6500
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01704500 mov eax, dword ptr fs:[00000030h]5_2_01704500
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01704500 mov eax, dword ptr fs:[00000030h]5_2_01704500
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01704500 mov eax, dword ptr fs:[00000030h]5_2_01704500
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01704500 mov eax, dword ptr fs:[00000030h]5_2_01704500
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01704500 mov eax, dword ptr fs:[00000030h]5_2_01704500
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01704500 mov eax, dword ptr fs:[00000030h]5_2_01704500
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01704500 mov eax, dword ptr fs:[00000030h]5_2_01704500
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E5E7 mov eax, dword ptr fs:[00000030h]5_2_0165E5E7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E5E7 mov eax, dword ptr fs:[00000030h]5_2_0165E5E7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E5E7 mov eax, dword ptr fs:[00000030h]5_2_0165E5E7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E5E7 mov eax, dword ptr fs:[00000030h]5_2_0165E5E7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E5E7 mov eax, dword ptr fs:[00000030h]5_2_0165E5E7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E5E7 mov eax, dword ptr fs:[00000030h]5_2_0165E5E7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E5E7 mov eax, dword ptr fs:[00000030h]5_2_0165E5E7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E5E7 mov eax, dword ptr fs:[00000030h]5_2_0165E5E7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016325E0 mov eax, dword ptr fs:[00000030h]5_2_016325E0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166C5ED mov eax, dword ptr fs:[00000030h]5_2_0166C5ED
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166C5ED mov eax, dword ptr fs:[00000030h]5_2_0166C5ED
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E5CF mov eax, dword ptr fs:[00000030h]5_2_0166E5CF
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E5CF mov eax, dword ptr fs:[00000030h]5_2_0166E5CF
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016365D0 mov eax, dword ptr fs:[00000030h]5_2_016365D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A5D0 mov eax, dword ptr fs:[00000030h]5_2_0166A5D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A5D0 mov eax, dword ptr fs:[00000030h]5_2_0166A5D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B05A7 mov eax, dword ptr fs:[00000030h]5_2_016B05A7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B05A7 mov eax, dword ptr fs:[00000030h]5_2_016B05A7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B05A7 mov eax, dword ptr fs:[00000030h]5_2_016B05A7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016545B1 mov eax, dword ptr fs:[00000030h]5_2_016545B1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016545B1 mov eax, dword ptr fs:[00000030h]5_2_016545B1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01632582 mov eax, dword ptr fs:[00000030h]5_2_01632582
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01632582 mov ecx, dword ptr fs:[00000030h]5_2_01632582
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01664588 mov eax, dword ptr fs:[00000030h]5_2_01664588
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E59C mov eax, dword ptr fs:[00000030h]5_2_0166E59C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BC460 mov ecx, dword ptr fs:[00000030h]5_2_016BC460
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165A470 mov eax, dword ptr fs:[00000030h]5_2_0165A470
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165A470 mov eax, dword ptr fs:[00000030h]5_2_0165A470
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165A470 mov eax, dword ptr fs:[00000030h]5_2_0165A470
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E443 mov eax, dword ptr fs:[00000030h]5_2_0166E443
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E443 mov eax, dword ptr fs:[00000030h]5_2_0166E443
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E443 mov eax, dword ptr fs:[00000030h]5_2_0166E443
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E443 mov eax, dword ptr fs:[00000030h]5_2_0166E443
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E443 mov eax, dword ptr fs:[00000030h]5_2_0166E443
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E443 mov eax, dword ptr fs:[00000030h]5_2_0166E443
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E443 mov eax, dword ptr fs:[00000030h]5_2_0166E443
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166E443 mov eax, dword ptr fs:[00000030h]5_2_0166E443
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016EA456 mov eax, dword ptr fs:[00000030h]5_2_016EA456
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162645D mov eax, dword ptr fs:[00000030h]5_2_0162645D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165245A mov eax, dword ptr fs:[00000030h]5_2_0165245A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162E420 mov eax, dword ptr fs:[00000030h]5_2_0162E420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162E420 mov eax, dword ptr fs:[00000030h]5_2_0162E420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162E420 mov eax, dword ptr fs:[00000030h]5_2_0162E420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162C427 mov eax, dword ptr fs:[00000030h]5_2_0162C427
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B6420 mov eax, dword ptr fs:[00000030h]5_2_016B6420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B6420 mov eax, dword ptr fs:[00000030h]5_2_016B6420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B6420 mov eax, dword ptr fs:[00000030h]5_2_016B6420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B6420 mov eax, dword ptr fs:[00000030h]5_2_016B6420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B6420 mov eax, dword ptr fs:[00000030h]5_2_016B6420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B6420 mov eax, dword ptr fs:[00000030h]5_2_016B6420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B6420 mov eax, dword ptr fs:[00000030h]5_2_016B6420
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A430 mov eax, dword ptr fs:[00000030h]5_2_0166A430
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01668402 mov eax, dword ptr fs:[00000030h]5_2_01668402
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01668402 mov eax, dword ptr fs:[00000030h]5_2_01668402
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01668402 mov eax, dword ptr fs:[00000030h]5_2_01668402
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016304E5 mov ecx, dword ptr fs:[00000030h]5_2_016304E5
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016364AB mov eax, dword ptr fs:[00000030h]5_2_016364AB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016644B0 mov ecx, dword ptr fs:[00000030h]5_2_016644B0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BA4B0 mov eax, dword ptr fs:[00000030h]5_2_016BA4B0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016EA49A mov eax, dword ptr fs:[00000030h]5_2_016EA49A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638770 mov eax, dword ptr fs:[00000030h]5_2_01638770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640770 mov eax, dword ptr fs:[00000030h]5_2_01640770
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166674D mov esi, dword ptr fs:[00000030h]5_2_0166674D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166674D mov eax, dword ptr fs:[00000030h]5_2_0166674D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166674D mov eax, dword ptr fs:[00000030h]5_2_0166674D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630750 mov eax, dword ptr fs:[00000030h]5_2_01630750
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BE75D mov eax, dword ptr fs:[00000030h]5_2_016BE75D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672750 mov eax, dword ptr fs:[00000030h]5_2_01672750
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672750 mov eax, dword ptr fs:[00000030h]5_2_01672750
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B4755 mov eax, dword ptr fs:[00000030h]5_2_016B4755
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166C720 mov eax, dword ptr fs:[00000030h]5_2_0166C720
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166C720 mov eax, dword ptr fs:[00000030h]5_2_0166C720
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166273C mov eax, dword ptr fs:[00000030h]5_2_0166273C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166273C mov ecx, dword ptr fs:[00000030h]5_2_0166273C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166273C mov eax, dword ptr fs:[00000030h]5_2_0166273C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AC730 mov eax, dword ptr fs:[00000030h]5_2_016AC730
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166C700 mov eax, dword ptr fs:[00000030h]5_2_0166C700
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630710 mov eax, dword ptr fs:[00000030h]5_2_01630710
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01660710 mov eax, dword ptr fs:[00000030h]5_2_01660710
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016527ED mov eax, dword ptr fs:[00000030h]5_2_016527ED
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016527ED mov eax, dword ptr fs:[00000030h]5_2_016527ED
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016527ED mov eax, dword ptr fs:[00000030h]5_2_016527ED
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BE7E1 mov eax, dword ptr fs:[00000030h]5_2_016BE7E1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016347FB mov eax, dword ptr fs:[00000030h]5_2_016347FB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016347FB mov eax, dword ptr fs:[00000030h]5_2_016347FB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163C7C0 mov eax, dword ptr fs:[00000030h]5_2_0163C7C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B07C3 mov eax, dword ptr fs:[00000030h]5_2_016B07C3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016307AF mov eax, dword ptr fs:[00000030h]5_2_016307AF
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E47A0 mov eax, dword ptr fs:[00000030h]5_2_016E47A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D678E mov eax, dword ptr fs:[00000030h]5_2_016D678E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F866E mov eax, dword ptr fs:[00000030h]5_2_016F866E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F866E mov eax, dword ptr fs:[00000030h]5_2_016F866E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A660 mov eax, dword ptr fs:[00000030h]5_2_0166A660
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A660 mov eax, dword ptr fs:[00000030h]5_2_0166A660
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01662674 mov eax, dword ptr fs:[00000030h]5_2_01662674
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164C640 mov eax, dword ptr fs:[00000030h]5_2_0164C640
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164E627 mov eax, dword ptr fs:[00000030h]5_2_0164E627
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01666620 mov eax, dword ptr fs:[00000030h]5_2_01666620
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01668620 mov eax, dword ptr fs:[00000030h]5_2_01668620
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163262C mov eax, dword ptr fs:[00000030h]5_2_0163262C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE609 mov eax, dword ptr fs:[00000030h]5_2_016AE609
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164260B mov eax, dword ptr fs:[00000030h]5_2_0164260B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164260B mov eax, dword ptr fs:[00000030h]5_2_0164260B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164260B mov eax, dword ptr fs:[00000030h]5_2_0164260B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164260B mov eax, dword ptr fs:[00000030h]5_2_0164260B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164260B mov eax, dword ptr fs:[00000030h]5_2_0164260B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164260B mov eax, dword ptr fs:[00000030h]5_2_0164260B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0164260B mov eax, dword ptr fs:[00000030h]5_2_0164260B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01672619 mov eax, dword ptr fs:[00000030h]5_2_01672619
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE6F2 mov eax, dword ptr fs:[00000030h]5_2_016AE6F2
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE6F2 mov eax, dword ptr fs:[00000030h]5_2_016AE6F2
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE6F2 mov eax, dword ptr fs:[00000030h]5_2_016AE6F2
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE6F2 mov eax, dword ptr fs:[00000030h]5_2_016AE6F2
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B06F1 mov eax, dword ptr fs:[00000030h]5_2_016B06F1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B06F1 mov eax, dword ptr fs:[00000030h]5_2_016B06F1
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A6C7 mov ebx, dword ptr fs:[00000030h]5_2_0166A6C7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A6C7 mov eax, dword ptr fs:[00000030h]5_2_0166A6C7
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166C6A6 mov eax, dword ptr fs:[00000030h]5_2_0166C6A6
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016666B0 mov eax, dword ptr fs:[00000030h]5_2_016666B0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01634690 mov eax, dword ptr fs:[00000030h]5_2_01634690
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01634690 mov eax, dword ptr fs:[00000030h]5_2_01634690
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01656962 mov eax, dword ptr fs:[00000030h]5_2_01656962
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01656962 mov eax, dword ptr fs:[00000030h]5_2_01656962
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01656962 mov eax, dword ptr fs:[00000030h]5_2_01656962
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0167096E mov eax, dword ptr fs:[00000030h]5_2_0167096E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0167096E mov edx, dword ptr fs:[00000030h]5_2_0167096E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0167096E mov eax, dword ptr fs:[00000030h]5_2_0167096E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D4978 mov eax, dword ptr fs:[00000030h]5_2_016D4978
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D4978 mov eax, dword ptr fs:[00000030h]5_2_016D4978
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BC97C mov eax, dword ptr fs:[00000030h]5_2_016BC97C
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B0946 mov eax, dword ptr fs:[00000030h]5_2_016B0946
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B892A mov eax, dword ptr fs:[00000030h]5_2_016B892A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C892B mov eax, dword ptr fs:[00000030h]5_2_016C892B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE908 mov eax, dword ptr fs:[00000030h]5_2_016AE908
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AE908 mov eax, dword ptr fs:[00000030h]5_2_016AE908
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BC912 mov eax, dword ptr fs:[00000030h]5_2_016BC912
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01628918 mov eax, dword ptr fs:[00000030h]5_2_01628918
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01628918 mov eax, dword ptr fs:[00000030h]5_2_01628918
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BE9E0 mov eax, dword ptr fs:[00000030h]5_2_016BE9E0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016629F9 mov eax, dword ptr fs:[00000030h]5_2_016629F9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016629F9 mov eax, dword ptr fs:[00000030h]5_2_016629F9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C69C0 mov eax, dword ptr fs:[00000030h]5_2_016C69C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A9D0 mov eax, dword ptr fs:[00000030h]5_2_0163A9D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A9D0 mov eax, dword ptr fs:[00000030h]5_2_0163A9D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A9D0 mov eax, dword ptr fs:[00000030h]5_2_0163A9D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A9D0 mov eax, dword ptr fs:[00000030h]5_2_0163A9D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A9D0 mov eax, dword ptr fs:[00000030h]5_2_0163A9D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163A9D0 mov eax, dword ptr fs:[00000030h]5_2_0163A9D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016649D0 mov eax, dword ptr fs:[00000030h]5_2_016649D0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FA9D3 mov eax, dword ptr fs:[00000030h]5_2_016FA9D3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016429A0 mov eax, dword ptr fs:[00000030h]5_2_016429A0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016309AD mov eax, dword ptr fs:[00000030h]5_2_016309AD
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016309AD mov eax, dword ptr fs:[00000030h]5_2_016309AD
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B89B3 mov esi, dword ptr fs:[00000030h]5_2_016B89B3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B89B3 mov eax, dword ptr fs:[00000030h]5_2_016B89B3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016B89B3 mov eax, dword ptr fs:[00000030h]5_2_016B89B3
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BE872 mov eax, dword ptr fs:[00000030h]5_2_016BE872
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BE872 mov eax, dword ptr fs:[00000030h]5_2_016BE872
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C6870 mov eax, dword ptr fs:[00000030h]5_2_016C6870
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C6870 mov eax, dword ptr fs:[00000030h]5_2_016C6870
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01642840 mov ecx, dword ptr fs:[00000030h]5_2_01642840
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01660854 mov eax, dword ptr fs:[00000030h]5_2_01660854
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01634859 mov eax, dword ptr fs:[00000030h]5_2_01634859
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01634859 mov eax, dword ptr fs:[00000030h]5_2_01634859
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01652835 mov eax, dword ptr fs:[00000030h]5_2_01652835
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01652835 mov eax, dword ptr fs:[00000030h]5_2_01652835
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01652835 mov eax, dword ptr fs:[00000030h]5_2_01652835
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01652835 mov ecx, dword ptr fs:[00000030h]5_2_01652835
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01652835 mov eax, dword ptr fs:[00000030h]5_2_01652835
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01652835 mov eax, dword ptr fs:[00000030h]5_2_01652835
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166A830 mov eax, dword ptr fs:[00000030h]5_2_0166A830
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D483A mov eax, dword ptr fs:[00000030h]5_2_016D483A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D483A mov eax, dword ptr fs:[00000030h]5_2_016D483A
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BC810 mov eax, dword ptr fs:[00000030h]5_2_016BC810
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FA8E4 mov eax, dword ptr fs:[00000030h]5_2_016FA8E4
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166C8F9 mov eax, dword ptr fs:[00000030h]5_2_0166C8F9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166C8F9 mov eax, dword ptr fs:[00000030h]5_2_0166C8F9
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165E8C0 mov eax, dword ptr fs:[00000030h]5_2_0165E8C0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630887 mov eax, dword ptr fs:[00000030h]5_2_01630887
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BC89D mov eax, dword ptr fs:[00000030h]5_2_016BC89D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0162CB7E mov eax, dword ptr fs:[00000030h]5_2_0162CB7E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E4B4B mov eax, dword ptr fs:[00000030h]5_2_016E4B4B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E4B4B mov eax, dword ptr fs:[00000030h]5_2_016E4B4B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C6B40 mov eax, dword ptr fs:[00000030h]5_2_016C6B40
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C6B40 mov eax, dword ptr fs:[00000030h]5_2_016C6B40
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016FAB40 mov eax, dword ptr fs:[00000030h]5_2_016FAB40
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016D8B42 mov eax, dword ptr fs:[00000030h]5_2_016D8B42
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DEB50 mov eax, dword ptr fs:[00000030h]5_2_016DEB50
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165EB20 mov eax, dword ptr fs:[00000030h]5_2_0165EB20
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165EB20 mov eax, dword ptr fs:[00000030h]5_2_0165EB20
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F8B28 mov eax, dword ptr fs:[00000030h]5_2_016F8B28
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016F8B28 mov eax, dword ptr fs:[00000030h]5_2_016F8B28
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AEB1D mov eax, dword ptr fs:[00000030h]5_2_016AEB1D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AEB1D mov eax, dword ptr fs:[00000030h]5_2_016AEB1D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AEB1D mov eax, dword ptr fs:[00000030h]5_2_016AEB1D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AEB1D mov eax, dword ptr fs:[00000030h]5_2_016AEB1D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AEB1D mov eax, dword ptr fs:[00000030h]5_2_016AEB1D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AEB1D mov eax, dword ptr fs:[00000030h]5_2_016AEB1D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AEB1D mov eax, dword ptr fs:[00000030h]5_2_016AEB1D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AEB1D mov eax, dword ptr fs:[00000030h]5_2_016AEB1D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016AEB1D mov eax, dword ptr fs:[00000030h]5_2_016AEB1D
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638BF0 mov eax, dword ptr fs:[00000030h]5_2_01638BF0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638BF0 mov eax, dword ptr fs:[00000030h]5_2_01638BF0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638BF0 mov eax, dword ptr fs:[00000030h]5_2_01638BF0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165EBFC mov eax, dword ptr fs:[00000030h]5_2_0165EBFC
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BCBF0 mov eax, dword ptr fs:[00000030h]5_2_016BCBF0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01650BCB mov eax, dword ptr fs:[00000030h]5_2_01650BCB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01650BCB mov eax, dword ptr fs:[00000030h]5_2_01650BCB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01650BCB mov eax, dword ptr fs:[00000030h]5_2_01650BCB
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630BCD mov eax, dword ptr fs:[00000030h]5_2_01630BCD
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630BCD mov eax, dword ptr fs:[00000030h]5_2_01630BCD
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630BCD mov eax, dword ptr fs:[00000030h]5_2_01630BCD
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DEBD0 mov eax, dword ptr fs:[00000030h]5_2_016DEBD0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640BBE mov eax, dword ptr fs:[00000030h]5_2_01640BBE
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640BBE mov eax, dword ptr fs:[00000030h]5_2_01640BBE
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E4BB0 mov eax, dword ptr fs:[00000030h]5_2_016E4BB0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016E4BB0 mov eax, dword ptr fs:[00000030h]5_2_016E4BB0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166CA6F mov eax, dword ptr fs:[00000030h]5_2_0166CA6F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166CA6F mov eax, dword ptr fs:[00000030h]5_2_0166CA6F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166CA6F mov eax, dword ptr fs:[00000030h]5_2_0166CA6F
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016DEA60 mov eax, dword ptr fs:[00000030h]5_2_016DEA60
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016ACA72 mov eax, dword ptr fs:[00000030h]5_2_016ACA72
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016ACA72 mov eax, dword ptr fs:[00000030h]5_2_016ACA72
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01636A50 mov eax, dword ptr fs:[00000030h]5_2_01636A50
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01636A50 mov eax, dword ptr fs:[00000030h]5_2_01636A50
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01636A50 mov eax, dword ptr fs:[00000030h]5_2_01636A50
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01636A50 mov eax, dword ptr fs:[00000030h]5_2_01636A50
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01636A50 mov eax, dword ptr fs:[00000030h]5_2_01636A50
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01636A50 mov eax, dword ptr fs:[00000030h]5_2_01636A50
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01636A50 mov eax, dword ptr fs:[00000030h]5_2_01636A50
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640A5B mov eax, dword ptr fs:[00000030h]5_2_01640A5B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01640A5B mov eax, dword ptr fs:[00000030h]5_2_01640A5B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166CA24 mov eax, dword ptr fs:[00000030h]5_2_0166CA24
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0165EA2E mov eax, dword ptr fs:[00000030h]5_2_0165EA2E
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01654A35 mov eax, dword ptr fs:[00000030h]5_2_01654A35
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01654A35 mov eax, dword ptr fs:[00000030h]5_2_01654A35
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166CA38 mov eax, dword ptr fs:[00000030h]5_2_0166CA38
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016BCA11 mov eax, dword ptr fs:[00000030h]5_2_016BCA11
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166AAEE mov eax, dword ptr fs:[00000030h]5_2_0166AAEE
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0166AAEE mov eax, dword ptr fs:[00000030h]5_2_0166AAEE
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01686ACC mov eax, dword ptr fs:[00000030h]5_2_01686ACC
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01686ACC mov eax, dword ptr fs:[00000030h]5_2_01686ACC
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01686ACC mov eax, dword ptr fs:[00000030h]5_2_01686ACC
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630AD0 mov eax, dword ptr fs:[00000030h]5_2_01630AD0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01664AD0 mov eax, dword ptr fs:[00000030h]5_2_01664AD0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01664AD0 mov eax, dword ptr fs:[00000030h]5_2_01664AD0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638AA0 mov eax, dword ptr fs:[00000030h]5_2_01638AA0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638AA0 mov eax, dword ptr fs:[00000030h]5_2_01638AA0
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01686AA4 mov eax, dword ptr fs:[00000030h]5_2_01686AA4
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163EA80 mov eax, dword ptr fs:[00000030h]5_2_0163EA80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163EA80 mov eax, dword ptr fs:[00000030h]5_2_0163EA80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163EA80 mov eax, dword ptr fs:[00000030h]5_2_0163EA80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163EA80 mov eax, dword ptr fs:[00000030h]5_2_0163EA80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163EA80 mov eax, dword ptr fs:[00000030h]5_2_0163EA80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163EA80 mov eax, dword ptr fs:[00000030h]5_2_0163EA80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163EA80 mov eax, dword ptr fs:[00000030h]5_2_0163EA80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163EA80 mov eax, dword ptr fs:[00000030h]5_2_0163EA80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_0163EA80 mov eax, dword ptr fs:[00000030h]5_2_0163EA80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01704A80 mov eax, dword ptr fs:[00000030h]5_2_01704A80
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01668A90 mov edx, dword ptr fs:[00000030h]5_2_01668A90
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_016C8D6B mov eax, dword ptr fs:[00000030h]5_2_016C8D6B
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630D59 mov eax, dword ptr fs:[00000030h]5_2_01630D59
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630D59 mov eax, dword ptr fs:[00000030h]5_2_01630D59
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01630D59 mov eax, dword ptr fs:[00000030h]5_2_01630D59
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638D59 mov eax, dword ptr fs:[00000030h]5_2_01638D59
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638D59 mov eax, dword ptr fs:[00000030h]5_2_01638D59
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeCode function: 5_2_01638D59 mov eax, dword ptr fs:[00000030h]5_2_01638D59
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeMemory written: C:\Users\user\Desktop\huuG7N3jOv.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess created: C:\Users\user\Desktop\huuG7N3jOv.exe "C:\Users\user\Desktop\huuG7N3jOv.exe"Jump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeProcess created: C:\Users\user\Desktop\huuG7N3jOv.exe "C:\Users\user\Desktop\huuG7N3jOv.exe"Jump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeQueries volume information: C:\Users\user\Desktop\huuG7N3jOv.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\huuG7N3jOv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.huuG7N3jOv.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.huuG7N3jOv.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.1949195121.00000000015A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.huuG7N3jOv.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.huuG7N3jOv.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.1949195121.00000000015A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1589001 Sample: huuG7N3jOv.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 76 16 Multi AV Scanner detection for submitted file 2->16 18 Yara detected FormBook 2->18 20 Yara detected AntiVM3 2->20 22 2 other signatures 2->22 6 huuG7N3jOv.exe 3 2->6         started        process3 file4 14 C:\Users\user\AppData\...\huuG7N3jOv.exe.log, ASCII 6->14 dropped 24 Injects a PE file into a foreign processes 6->24 10 huuG7N3jOv.exe 6->10         started        12 huuG7N3jOv.exe 6->12         started        signatures5 process6

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            huuG7N3jOv.exe75%ReversingLabsWin32.Backdoor.FormBook
            huuG7N3jOv.exe75%VirustotalBrowse
            huuG7N3jOv.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            s-part-0017.t-0009.t-msedge.net
            		13.107.246.45
            		truefalse
              		high

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1589001
              Start date and time:2025-01-11 08:21:08 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 7m 13s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Run name:Run with higher sleep bypass
              Number of analysed new started processes analysed:9
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:huuG7N3jOv.exe
              renamed because original name is a hash value
              Original Sample Name:916253d80d573744e31c15e708210d8642d08aeb4b97aba5c9f3e0d920dbb07f.exe
              Detection:MAL
              Classification:mal76.troj.evad.winEXE@5/1@0/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 94%
              • Number of executed functions: 42
              • Number of non-executed functions: 268
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
              • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 13.107.246.45, 2.23.242.162, 20.109.210.53
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              s-part-0017.t-0009.t-msedge.netx8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
              • 13.107.246.45
              4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
              • 13.107.246.45
              Yv24LkKBY6.exeGet hashmaliciousUnknownBrowse
              • 13.107.246.45
              11626244731900027402.jsGet hashmaliciousStrela DownloaderBrowse
              • 13.107.246.45
              QQpQgSYkjW.exeGet hashmaliciousFormBookBrowse
              • 13.107.246.45
              ty1nyFUMlo.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
              • 13.107.246.45
              1r3DRyrX0T.exeGet hashmaliciousDarkWatchmanBrowse
              • 13.107.246.45
              TBUjHBNHaD.exeGet hashmaliciousDarkWatchmanBrowse
              • 13.107.246.45
              S7s4XhcN1G.exeGet hashmaliciousDarkWatchmanBrowse
              • 13.107.246.45
              6043249381237528594.jsGet hashmaliciousStrela DownloaderBrowse
              • 13.107.246.45

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\huuG7N3jOv.exe.log

              Download File
              Process:C:\Users\user\Desktop\huuG7N3jOv.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1216
              Entropy (8bit):5.34331486778365
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
              MD5:1330C80CAAC9A0FB172F202485E9B1E8
              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
              Malicious:true
              Reputation:high, very likely benign file
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.250964335237237
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              • Win32 Executable (generic) a (10002005/4) 49.78%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Generic Win/DOS Executable (2004/3) 0.01%
              • DOS Executable Generic (2002/1) 0.01%
              File name:huuG7N3jOv.exe
              File size:962'048 bytes
              MD5:60e504970223d064556d36ac006c3419
              SHA1:97b61f1771b1cc207c2d022d77184d703b982c16
              SHA256:916253d80d573744e31c15e708210d8642d08aeb4b97aba5c9f3e0d920dbb07f
              SHA512:4af6025009339caca299bc8042f1abb2b9cc7fb82c095a5aabff0f3318e2d7dc8b6da3c7506cacb812c3e2042bd69cf168fcaa30fe04bf839939e01889f11edc
              SSDEEP:12288:8rpZsS7cxdTGQGxvCc+/riXC5nfd2NEHeHRQ/rqgcoh3H6BDjbWRhpvH:8rzsXx4rIc+/2yRZrTP3H6W
              TLSH:A315E63D29BE222BA175C3A78BDBF427F134986F3115AC6498D343A94346A4774C327E
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V...............0.................. ........@.. ....................... ............@................................

              File Icon

              Icon Hash:00928e8e8686b000

              Static PE Info

              General

              Entrypoint:0x4ec3a2
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0xFB56AAAA [Fri Aug 17 02:30:02 2103 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xec3500x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xee0000x5ac.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xf00000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0xeaa480x70.text
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xea3a80xea400abef6fe69b17ecd1b8d12fea24b913c3False0.7642211262673426data7.257178365322933IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xee0000x5ac0x600f0af8a246d16f4dcc5803021913bc0d9False0.423828125data4.111290929021405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xf00000xc0x200fc0756935db86f45938ce3b13397de71False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0xee0900x31cdata0.43844221105527637
              RT_MANIFEST0xee3bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jan 11, 2025 08:22:46.511462927 CET6393653192.168.2.9162.159.36.2
              Jan 11, 2025 08:22:46.516285896 CET5363936162.159.36.2192.168.2.9
              Jan 11, 2025 08:22:46.516362906 CET6393653192.168.2.9162.159.36.2
              Jan 11, 2025 08:22:46.521157980 CET5363936162.159.36.2192.168.2.9
              Jan 11, 2025 08:22:46.999591112 CET6393653192.168.2.9162.159.36.2
              Jan 11, 2025 08:22:47.005533934 CET5363936162.159.36.2192.168.2.9
              Jan 11, 2025 08:22:47.005606890 CET6393653192.168.2.9162.159.36.2

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jan 11, 2025 08:22:46.510646105 CET5363902162.159.36.2192.168.2.9
              Jan 11, 2025 08:22:47.008842945 CET53642491.1.1.1192.168.2.9

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jan 11, 2025 08:21:55.851264000 CET1.1.1.1192.168.2.90xd729No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Jan 11, 2025 08:21:55.851264000 CET1.1.1.1192.168.2.90xd729No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:02:22:00
              Start date:11/01/2025
              Path:C:\Users\user\Desktop\huuG7N3jOv.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\huuG7N3jOv.exe"
              Imagebase:0x3f0000
              File size:962'048 bytes
              MD5 hash:60E504970223D064556D36AC006C3419
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:4
              Start time:02:22:18
              Start date:11/01/2025
              Path:C:\Users\user\Desktop\huuG7N3jOv.exe
              Wow64 process (32bit):false
              Commandline:"C:\Users\user\Desktop\huuG7N3jOv.exe"
              Imagebase:0xe0000
              File size:962'048 bytes
              MD5 hash:60E504970223D064556D36AC006C3419
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:5
              Start time:02:22:18
              Start date:11/01/2025
              Path:C:\Users\user\Desktop\huuG7N3jOv.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\huuG7N3jOv.exe"
              Imagebase:0xaf0000
              File size:962'048 bytes
              MD5 hash:60E504970223D064556D36AC006C3419
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1949195121.00000000015A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:9.3%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:101
                Total number of Limit Nodes:4
                execution_graph 50451 6ec5d58 50452 6ec5da6 DrawTextExW 50451->50452 50454 6ec5dfe 50452->50454 50455 4ec3ea8 50456 4ec3eb0 CloseHandle 50455->50456 50457 4ec3f17 50456->50457 50341 6eed468 50342 6eed4a8 ResumeThread 50341->50342 50344 6eed4d9 50342->50344 50462 6eed938 50463 6eed9c1 CreateProcessA 50462->50463 50465 6eedb83 50463->50465 50470 6eed518 50471 6eed55d Wow64SetThreadContext 50470->50471 50473 6eed5a5 50471->50473 50433 6eed5f0 50434 6eed630 VirtualAllocEx 50433->50434 50436 6eed66d 50434->50436 50458 6eed7a0 50459 6eed7eb ReadProcessMemory 50458->50459 50461 6eed82f 50459->50461 50466 6eed6b0 50467 6eed6f8 WriteProcessMemory 50466->50467 50469 6eed74f 50467->50469 50345 e74668 50346 e7467a 50345->50346 50347 e74686 50346->50347 50351 e74779 50346->50351 50356 e73e1c 50347->50356 50349 e746a5 50352 e7479d 50351->50352 50360 e74887 50352->50360 50364 e74888 50352->50364 50357 e73e27 50356->50357 50359 e7707e 50357->50359 50372 e75c5c 50357->50372 50359->50349 50361 e748af 50360->50361 50363 e7498c 50361->50363 50368 e7449c 50361->50368 50366 e748af 50364->50366 50365 e7498c 50365->50365 50366->50365 50367 e7449c CreateActCtxA 50366->50367 50367->50365 50369 e75918 CreateActCtxA 50368->50369 50371 e759db 50369->50371 50373 e75c67 50372->50373 50376 e75c7c 50373->50376 50375 e77275 50375->50359 50377 e75c87 50376->50377 50380 e75cac 50377->50380 50379 e7735a 50379->50375 50381 e75cb7 50380->50381 50384 e75cdc 50381->50384 50383 e7744d 50383->50379 50385 e75ce7 50384->50385 50387 e7874b 50385->50387 50391 e7adf8 50385->50391 50386 e78789 50386->50383 50387->50386 50395 e7cef8 50387->50395 50400 e7cef7 50387->50400 50405 e7ae30 50391->50405 50408 e7ae1f 50391->50408 50392 e7ae0e 50392->50387 50396 e7cf19 50395->50396 50397 e7cf3d 50396->50397 50417 e7d097 50396->50417 50421 e7d0a8 50396->50421 50397->50386 50401 e7cf19 50400->50401 50402 e7cf3d 50401->50402 50403 e7d097 GetModuleHandleW 50401->50403 50404 e7d0a8 GetModuleHandleW 50401->50404 50402->50386 50403->50402 50404->50402 50412 e7af19 50405->50412 50406 e7ae3f 50406->50392 50409 e7ae30 50408->50409 50411 e7af19 GetModuleHandleW 50409->50411 50410 e7ae3f 50410->50392 50411->50410 50413 e7af5c 50412->50413 50414 e7af39 50412->50414 50413->50406 50414->50413 50415 e7b160 GetModuleHandleW 50414->50415 50416 e7b18d 50415->50416 50416->50406 50418 e7d0b5 50417->50418 50420 e7d0ef 50418->50420 50425 e7bc80 50418->50425 50420->50397 50422 e7d0b5 50421->50422 50423 e7bc80 GetModuleHandleW 50422->50423 50424 e7d0ef 50422->50424 50423->50424 50424->50397 50426 e7bc8b 50425->50426 50428 e7de08 50426->50428 50429 e7d2a4 50426->50429 50428->50428 50430 e7d2af 50429->50430 50431 e75cdc GetModuleHandleW 50430->50431 50432 e7de77 50431->50432 50432->50428 50437 e7d5c8 50438 e7d60e 50437->50438 50442 e7d7a7 50438->50442 50445 e7d7a8 50438->50445 50439 e7d6fb 50448 e7bca0 50442->50448 50446 e7d7d6 50445->50446 50447 e7bca0 DuplicateHandle 50445->50447 50446->50439 50447->50446 50449 e7d810 DuplicateHandle 50448->50449 50450 e7d7d6 50449->50450 50450->50439

                Executed Functions

                Function 06EE7F61 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce2cdce6814f456547960555b5c3ec03b29a3635e47a9d9a6ee0b207260144eb
                • Instruction ID: 5ae64abac3f783a8add8253e2147cb2ab878d011f57084abaaaa52ec499e5fe8
                • Opcode Fuzzy Hash: ce2cdce6814f456547960555b5c3ec03b29a3635e47a9d9a6ee0b207260144eb
                • Instruction Fuzzy Hash: 8F21E2B1D056589BEB18CFABC8047DEFEF7AFC9300F14C16AD408A6264DB7509468F90
                Function 06EE7F70 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b35409bd9bf664e590ba75cffc40dcebde5e54681e140d1e0e9a00774ddd0ff
                • Instruction ID: c700d7e0a30847acb05deea6b90997a08734d71e808f7fc5fb0ffa2c1219d220
                • Opcode Fuzzy Hash: 4b35409bd9bf664e590ba75cffc40dcebde5e54681e140d1e0e9a00774ddd0ff
                • Instruction Fuzzy Hash: 5F21D3B1D016188BEB18CF9BC8043DEFAF7AFC8300F14C16AD509B6264DBB509468F90
                Function 06EE8013 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49743664c2dc198e82e57e6123f0e3909e95a21f96b573bcf1f3edb6d158f824
                • Instruction ID: 7694667caa1f54a9c793d69e1eefcbd1dc5cae32719ae2120252f2c7fc42b8ca
                • Opcode Fuzzy Hash: 49743664c2dc198e82e57e6123f0e3909e95a21f96b573bcf1f3edb6d158f824
                • Instruction Fuzzy Hash: AF1160B1D056188BEB18CF97D9443DEFAB7BFC9304F24D12AC4196A254E77505468B90
                Function 06EED92C Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 0 6eed92c-6eed9cd 2 6eed9cf-6eed9d9 0->2 3 6eeda06-6eeda26 0->3 2->3 4 6eed9db-6eed9dd 2->4 8 6eeda5f-6eeda8e 3->8 9 6eeda28-6eeda32 3->9 6 6eed9df-6eed9e9 4->6 7 6eeda00-6eeda03 4->7 10 6eed9ed-6eed9fc 6->10 11 6eed9eb 6->11 7->3 19 6eedac7-6eedb81 CreateProcessA 8->19 20 6eeda90-6eeda9a 8->20 9->8 12 6eeda34-6eeda36 9->12 10->10 13 6eed9fe 10->13 11->10 14 6eeda38-6eeda42 12->14 15 6eeda59-6eeda5c 12->15 13->7 17 6eeda46-6eeda55 14->17 18 6eeda44 14->18 15->8 17->17 21 6eeda57 17->21 18->17 31 6eedb8a-6eedc10 19->31 32 6eedb83-6eedb89 19->32 20->19 22 6eeda9c-6eeda9e 20->22 21->15 24 6eedaa0-6eedaaa 22->24 25 6eedac1-6eedac4 22->25 26 6eedaae-6eedabd 24->26 27 6eedaac 24->27 25->19 26->26 28 6eedabf 26->28 27->26 28->25 42 6eedc12-6eedc16 31->42 43 6eedc20-6eedc24 31->43 32->31 42->43 46 6eedc18 42->46 44 6eedc26-6eedc2a 43->44 45 6eedc34-6eedc38 43->45 44->45 47 6eedc2c 44->47 48 6eedc3a-6eedc3e 45->48 49 6eedc48-6eedc4c 45->49 46->43 47->45 48->49 50 6eedc40 48->50 51 6eedc5e-6eedc65 49->51 52 6eedc4e-6eedc54 49->52 50->49 53 6eedc7c 51->53 54 6eedc67-6eedc76 51->54 52->51 55 6eedc7d 53->55 54->53 55->55
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06EEDB6E
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: fef19d005f75a537c60ae477aa202ee666de5764f3f70f873c03af1764b90f7d
                • Instruction ID: 0d9a335c9e1704c8a6802baad0248c0bffe52b6664579a7a59675afbe14cd480
                • Opcode Fuzzy Hash: fef19d005f75a537c60ae477aa202ee666de5764f3f70f873c03af1764b90f7d
                • Instruction Fuzzy Hash: 97A16971E007198FEB60CF68CC417EEBBB2BF48314F1495A9D808A7280DB759A85CF91
                Function 06EED938 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 57 6eed938-6eed9cd 59 6eed9cf-6eed9d9 57->59 60 6eeda06-6eeda26 57->60 59->60 61 6eed9db-6eed9dd 59->61 65 6eeda5f-6eeda8e 60->65 66 6eeda28-6eeda32 60->66 63 6eed9df-6eed9e9 61->63 64 6eeda00-6eeda03 61->64 67 6eed9ed-6eed9fc 63->67 68 6eed9eb 63->68 64->60 76 6eedac7-6eedb81 CreateProcessA 65->76 77 6eeda90-6eeda9a 65->77 66->65 69 6eeda34-6eeda36 66->69 67->67 70 6eed9fe 67->70 68->67 71 6eeda38-6eeda42 69->71 72 6eeda59-6eeda5c 69->72 70->64 74 6eeda46-6eeda55 71->74 75 6eeda44 71->75 72->65 74->74 78 6eeda57 74->78 75->74 88 6eedb8a-6eedc10 76->88 89 6eedb83-6eedb89 76->89 77->76 79 6eeda9c-6eeda9e 77->79 78->72 81 6eedaa0-6eedaaa 79->81 82 6eedac1-6eedac4 79->82 83 6eedaae-6eedabd 81->83 84 6eedaac 81->84 82->76 83->83 85 6eedabf 83->85 84->83 85->82 99 6eedc12-6eedc16 88->99 100 6eedc20-6eedc24 88->100 89->88 99->100 103 6eedc18 99->103 101 6eedc26-6eedc2a 100->101 102 6eedc34-6eedc38 100->102 101->102 104 6eedc2c 101->104 105 6eedc3a-6eedc3e 102->105 106 6eedc48-6eedc4c 102->106 103->100 104->102 105->106 107 6eedc40 105->107 108 6eedc5e-6eedc65 106->108 109 6eedc4e-6eedc54 106->109 107->106 110 6eedc7c 108->110 111 6eedc67-6eedc76 108->111 109->108 112 6eedc7d 110->112 111->110 112->112
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06EEDB6E
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: c02f255b91b0b92147aadd9ba104bc8462868ed9c452057039b7bfd06211c4d5
                • Instruction ID: 379f78558a5780fbdab8f98ed7c29a1622a264db16a4929d2ca8741b1f7695fc
                • Opcode Fuzzy Hash: c02f255b91b0b92147aadd9ba104bc8462868ed9c452057039b7bfd06211c4d5
                • Instruction Fuzzy Hash: 94914A71E007198FEB64CF68CC417EEBBB2BF48314F1495A9D809A7280DB759A85CF91
                Function 00E7AF19 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 114 e7af19-e7af37 115 e7af63-e7af67 114->115 116 e7af39-e7af46 call e798a0 114->116 117 e7af7b-e7afbc 115->117 118 e7af69-e7af73 115->118 121 e7af5c 116->121 122 e7af48 116->122 125 e7afbe-e7afc6 117->125 126 e7afc9-e7afd7 117->126 118->117 121->115 169 e7af4e call e7b1c0 122->169 170 e7af4e call e7b1bf 122->170 125->126 128 e7affb-e7affd 126->128 129 e7afd9-e7afde 126->129 127 e7af54-e7af56 127->121 130 e7b098-e7b158 127->130 131 e7b000-e7b007 128->131 132 e7afe0-e7afe7 call e7a270 129->132 133 e7afe9 129->133 164 e7b160-e7b18b GetModuleHandleW 130->164 165 e7b15a-e7b15d 130->165 136 e7b014-e7b01b 131->136 137 e7b009-e7b011 131->137 135 e7afeb-e7aff9 132->135 133->135 135->131 139 e7b01d-e7b025 136->139 140 e7b028-e7b031 call e7a280 136->140 137->136 139->140 145 e7b033-e7b03b 140->145 146 e7b03e-e7b043 140->146 145->146 147 e7b045-e7b04c 146->147 148 e7b061-e7b06e 146->148 147->148 150 e7b04e-e7b05e call e7a290 call e7a2a0 147->150 155 e7b091-e7b097 148->155 156 e7b070-e7b08e 148->156 150->148 156->155 166 e7b194-e7b1a8 164->166 167 e7b18d-e7b193 164->167 165->164 167->166 169->127 170->127
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00E7B17E
                Memory Dump Source
                • Source File: 00000000.00000002.1538803006.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_e70000_huuG7N3jOv.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 18e935736e29ea59608581c71d3929e8c0ab0292ff23e885d0e8d814b3e5a74f
                • Instruction ID: 9e10fadf7229597e45b97e89dfbb1558700508da55c0ed7ce4985caaf83e65f5
                • Opcode Fuzzy Hash: 18e935736e29ea59608581c71d3929e8c0ab0292ff23e885d0e8d814b3e5a74f
                • Instruction Fuzzy Hash: F9814470A00B458FD724DF29D45475ABBF1FF88304F048A2EE49AE7A50DB75E849CBA1
                Function 00E7449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 171 e7449c-e759d9 CreateActCtxA 174 e759e2-e75a3c 171->174 175 e759db-e759e1 171->175 182 e75a3e-e75a41 174->182 183 e75a4b-e75a4f 174->183 175->174 182->183 184 e75a51-e75a5d 183->184 185 e75a60 183->185 184->185 187 e75a61 185->187 187->187
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00E759C9
                Memory Dump Source
                • Source File: 00000000.00000002.1538803006.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_e70000_huuG7N3jOv.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 13989dcb3fb68e3cb749520b1a30973808ec89b7bde4775c9373e56dc879c6e4
                • Instruction ID: b01f7590e17805f54c740706384204d12812a87d053fe9d50f9fe067199e5339
                • Opcode Fuzzy Hash: 13989dcb3fb68e3cb749520b1a30973808ec89b7bde4775c9373e56dc879c6e4
                • Instruction Fuzzy Hash: 2241D371C00719CBEB24CFA9C8447DEBBB5BF85704F20816AD508BB251DBB56946CF50
                Function 00E75917 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 188 e75917-e759d9 CreateActCtxA 190 e759e2-e75a3c 188->190 191 e759db-e759e1 188->191 198 e75a3e-e75a41 190->198 199 e75a4b-e75a4f 190->199 191->190 198->199 200 e75a51-e75a5d 199->200 201 e75a60 199->201 200->201 203 e75a61 201->203 203->203
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00E759C9
                Memory Dump Source
                • Source File: 00000000.00000002.1538803006.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_e70000_huuG7N3jOv.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 6a9c2d518134d67f76b1b47d71a5367ed5dc37d0fff16d44971a197d05bae9d6
                • Instruction ID: 49b706ae066a2373e09ec7c80eb23644f01642a89e3cb9335f135af9eafb7926
                • Opcode Fuzzy Hash: 6a9c2d518134d67f76b1b47d71a5367ed5dc37d0fff16d44971a197d05bae9d6
                • Instruction Fuzzy Hash: D241C1B1C00719CBDB24CFA9C8847CEBBB2BF89704F20856AD508AB255DBB56946CF50
                Function 06EC5D50 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 204 6ec5d50-6ec5da4 206 6ec5daf-6ec5dbe 204->206 207 6ec5da6-6ec5dac 204->207 208 6ec5dc0 206->208 209 6ec5dc3-6ec5dfc DrawTextExW 206->209 207->206 208->209 210 6ec5dfe-6ec5e04 209->210 211 6ec5e05-6ec5e22 209->211 210->211
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06EC5DEF
                Memory Dump Source
                • Source File: 00000000.00000002.1544146210.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ec0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: 95ae79d8caa387270645b0b672a7b91436925875c00ca6bfa8ac33485d77b19e
                • Instruction ID: d8516f243e3bf65208effafad8b6cbced79166c238adf9bcd4d6733b14e99b54
                • Opcode Fuzzy Hash: 95ae79d8caa387270645b0b672a7b91436925875c00ca6bfa8ac33485d77b19e
                • Instruction Fuzzy Hash: 1A3100B5D003099FDB10CF9AD884ADEBBF8FB48224F14842EE818A3210D774A951CFA1
                Function 06EED6A8 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 214 6eed6a8-6eed6fe 216 6eed70e-6eed74d WriteProcessMemory 214->216 217 6eed700-6eed70c 214->217 219 6eed74f-6eed755 216->219 220 6eed756-6eed786 216->220 217->216 219->220
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06EED740
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: 1b60e48649e99f30027cccef70f992c00302b8f217c45fd1b68e884b0dbd305c
                • Instruction ID: d024556379c96347bef446dbe46beedfa8aed7c6fe0071d52555ca25057a991b
                • Opcode Fuzzy Hash: 1b60e48649e99f30027cccef70f992c00302b8f217c45fd1b68e884b0dbd305c
                • Instruction Fuzzy Hash: 3F216976D003499FDB10CFAAC881BEEBBF1FF48310F10842AE958A7240D7799950CBA1
                Function 06EED798 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 224 6eed798-6eed82d ReadProcessMemory 229 6eed82f-6eed835 224->229 230 6eed836-6eed866 224->230 229->230
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06EED820
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 4ae18a5bfbb0e290d3d7bcb311c5e8cae14a2039e6997f61a768a3ac7693643c
                • Instruction ID: 2ad0d2a9b676ab5c3ac733c17ee36c5ba0e75883f96cade2cf3cdc345669e664
                • Opcode Fuzzy Hash: 4ae18a5bfbb0e290d3d7bcb311c5e8cae14a2039e6997f61a768a3ac7693643c
                • Instruction Fuzzy Hash: FA2166B5C003499FDB10CFAAD881BEEBBF4FF48310F14842AE958A7240D7789944CBA5
                Function 06EC5D58 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 234 6ec5d58-6ec5da4 235 6ec5daf-6ec5dbe 234->235 236 6ec5da6-6ec5dac 234->236 237 6ec5dc0 235->237 238 6ec5dc3-6ec5dfc DrawTextExW 235->238 236->235 237->238 239 6ec5dfe-6ec5e04 238->239 240 6ec5e05-6ec5e22 238->240 239->240
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06EC5DEF
                Memory Dump Source
                • Source File: 00000000.00000002.1544146210.0000000006EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ec0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: 5c95b4172fb609cc28df4b431a14b07c667e2c78a3a9225e18b323f41ed83325
                • Instruction ID: eaa6638129fab037302cacaadf1c59b30491997ce1106be707ab2d043fb60c3c
                • Opcode Fuzzy Hash: 5c95b4172fb609cc28df4b431a14b07c667e2c78a3a9225e18b323f41ed83325
                • Instruction Fuzzy Hash: FE21EEB5D003099FDB10CF9AD884ADEFBF4BB48320F14842EE919A7210D374A951CFA0
                Function 06EED6B0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 243 6eed6b0-6eed6fe 245 6eed70e-6eed74d WriteProcessMemory 243->245 246 6eed700-6eed70c 243->246 248 6eed74f-6eed755 245->248 249 6eed756-6eed786 245->249 246->245 248->249
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06EED740
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: bbd53122be46509623f9a41b49a14f9b9a1119ab81a93bcd3e5b0596a0fb6236
                • Instruction ID: fc939f9690a625bb2a2cef2caf4d67b82660723a75602f73f49a50e89df325f2
                • Opcode Fuzzy Hash: bbd53122be46509623f9a41b49a14f9b9a1119ab81a93bcd3e5b0596a0fb6236
                • Instruction Fuzzy Hash: CB213975D003499FDB10CFAAC885BDEBBF5FF48310F14842AE958A7240C7789954CBA5
                Function 06EED511 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 253 6eed511-6eed563 256 6eed565-6eed571 253->256 257 6eed573-6eed576 253->257 256->257 258 6eed57d-6eed5a3 Wow64SetThreadContext 257->258 259 6eed5ac-6eed5dc 258->259 260 6eed5a5-6eed5ab 258->260 260->259
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06EED596
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 7e4710ae9a06d04097e7c09cf316d1c2fd48355225a19d24d3e7099ed2ada50e
                • Instruction ID: cbffb015a3e702fd3bb1034c2abc261e252dc9be866f3959ca41e5ff7f67af90
                • Opcode Fuzzy Hash: 7e4710ae9a06d04097e7c09cf316d1c2fd48355225a19d24d3e7099ed2ada50e
                • Instruction Fuzzy Hash: DF216A75D00309DFDB10DFAAC8857EEBBF4EF48224F148429D558A7240CB789944CFA1
                Function 00E7D808 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 264 e7d808-e7d80c 265 e7d852-e7d8a4 DuplicateHandle 264->265 266 e7d80e-e7d84f 264->266 267 e7d8a6-e7d8ac 265->267 268 e7d8ad-e7d8ca 265->268 266->265 267->268
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00E7D7D6,?,?,?,?,?), ref: 00E7D897
                Memory Dump Source
                • Source File: 00000000.00000002.1538803006.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_e70000_huuG7N3jOv.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 5f5b4af82091c1568383675e9daa3595b3bdb64c7358f8ed9f4f13c12f59068c
                • Instruction ID: 3562596c1ea5b85b54804c78af084afa8477b7f24b14d6b91418115a163a5f67
                • Opcode Fuzzy Hash: 5f5b4af82091c1568383675e9daa3595b3bdb64c7358f8ed9f4f13c12f59068c
                • Instruction Fuzzy Hash: 512135B580024ADFDB10CFA9D984BDEBBF5AF48320F14856AE968A7250C374A941CF65
                Function 00E7BCA0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 271 e7bca0-e7d8a4 DuplicateHandle 273 e7d8a6-e7d8ac 271->273 274 e7d8ad-e7d8ca 271->274 273->274
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00E7D7D6,?,?,?,?,?), ref: 00E7D897
                Memory Dump Source
                • Source File: 00000000.00000002.1538803006.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_e70000_huuG7N3jOv.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 2bd9bf97f2a80d79d5357bc78c330fcdc7c48f64d2d9e5d76e4937476d5c4add
                • Instruction ID: b34d19eb5165b79d75f84ce9b42d65c98a0a77722560f4e9e37081438432b985
                • Opcode Fuzzy Hash: 2bd9bf97f2a80d79d5357bc78c330fcdc7c48f64d2d9e5d76e4937476d5c4add
                • Instruction Fuzzy Hash: 5C2105B5D002489FDB10CF9AD884ADEBBF4EB48310F14842AE918B3310D374A954CFA5
                Function 06EED7A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 287 6eed7a0-6eed82d ReadProcessMemory 290 6eed82f-6eed835 287->290 291 6eed836-6eed866 287->291 290->291
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06EED820
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: d083df89724268b1091cda9d1b017ef9158a69c9dd446d9bdd4ee7715d3fb253
                • Instruction ID: 77d510637d4b751f1d7b14276b36a50990fcdc95a65d69e3e461f6187cd51639
                • Opcode Fuzzy Hash: d083df89724268b1091cda9d1b017ef9158a69c9dd446d9bdd4ee7715d3fb253
                • Instruction Fuzzy Hash: B42125B1C003499FDB10CFAAD881BEEBBF5FF48310F14842AE558A7240C7799940CBA5
                Function 06EED518 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 277 6eed518-6eed563 279 6eed565-6eed571 277->279 280 6eed573-6eed5a3 Wow64SetThreadContext 277->280 279->280 282 6eed5ac-6eed5dc 280->282 283 6eed5a5-6eed5ab 280->283 283->282
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06EED596
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 57445c0ac605a51ee22943c332e484f6fec24f805a234148f5c56c8fec9a9290
                • Instruction ID: d273206e6217a2c7c6c4ca9d105126c7ce73882470d6fa570894deaf2c393464
                • Opcode Fuzzy Hash: 57445c0ac605a51ee22943c332e484f6fec24f805a234148f5c56c8fec9a9290
                • Instruction Fuzzy Hash: F9212775D003098FDB10DFAAC8857EEBBF4EF48224F54842AD559A7240DB789A44CFA5
                Function 06EED5E8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06EED65E
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 5a247c741bd9d448900512db99bb3493d93468c8adf285138265647e4c2eda75
                • Instruction ID: 7d7bb0a7c27bac0fe61a7df59b4ae42383e184a2ccb84eb1dc970c17547ce0ed
                • Opcode Fuzzy Hash: 5a247c741bd9d448900512db99bb3493d93468c8adf285138265647e4c2eda75
                • Instruction Fuzzy Hash: D61167768003499FDB10DFAAD844BEFBBF5EF48320F148429E569A7250C779A940CFA1
                Function 06EED460 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 8ed0eea0cbe5b091e05d503200e673233665a021b362f7484ad8ad4626e55683
                • Instruction ID: 42e2cd54e96430ccb568fa4c2489b56644c9fd816e53d6975d4c129db3eed622
                • Opcode Fuzzy Hash: 8ed0eea0cbe5b091e05d503200e673233665a021b362f7484ad8ad4626e55683
                • Instruction Fuzzy Hash: E2116D75D003498FDB20DFAAC8457DFFBF8EF88224F14841AD519A7640C7796540CBA5
                Function 06EED5F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06EED65E
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: dfb927e2103db2bef99bd4e4158378ed1d794e58fb1d9043808cb0c99cc8e334
                • Instruction ID: dde5e6a41335f913b04000809842aca15e86de80a99c77c92ffc727c5a8cbf93
                • Opcode Fuzzy Hash: dfb927e2103db2bef99bd4e4158378ed1d794e58fb1d9043808cb0c99cc8e334
                • Instruction Fuzzy Hash: 641137768003499FDB10DFAAD845BDEBBF5EF48320F148419E559A7250C775A540CFA1
                Function 06EED468 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 8c7d5f13d8707e96b3dd195d7a3ab170fa2269ee8ac0735ba105806c98bf49ca
                • Instruction ID: 80ae293ce129fc3bd84e92d462235da3308c8c5d46e9e9371a1745abcfba42df
                • Opcode Fuzzy Hash: 8c7d5f13d8707e96b3dd195d7a3ab170fa2269ee8ac0735ba105806c98bf49ca
                • Instruction Fuzzy Hash: B0114C75D003498FDB20DFAAC8457DEFBF4EF88214F24841AD559A7240C7796544CF95
                Function 00E7B118 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00E7B17E
                Memory Dump Source
                • Source File: 00000000.00000002.1538803006.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_e70000_huuG7N3jOv.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: a952e8610c87638516989d18f5111a221110a2392b2890604517436e7ad2c421
                • Instruction ID: 90d16a3e1cc622028b084273d721bba5326e3c9d4ce7b5269aa9b64c3bfd4fd5
                • Opcode Fuzzy Hash: a952e8610c87638516989d18f5111a221110a2392b2890604517436e7ad2c421
                • Instruction Fuzzy Hash: 09110FB5C006498FDB20CF9AC844BDEFBF4AB88324F10846AD428B7210C379A545CFA1
                Function 04EC3EA8 Relevance: 1.3, APIs: 1, Instructions: 51COMMON
                Download Yara Rule
                APIs
                • CloseHandle.KERNELBASE(?), ref: 04EC3F08
                Memory Dump Source
                • Source File: 00000000.00000002.1542704468.0000000004EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_4ec0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: 0c4a0a7943827a9a58cba185a5df2e3cc16eb4a42dfa05ad82b9b7685f55ac92
                • Instruction ID: c9f731f65c8a23927f95ce44f1ee55b593d3e84bcf81c24ad8917977247e455b
                • Opcode Fuzzy Hash: 0c4a0a7943827a9a58cba185a5df2e3cc16eb4a42dfa05ad82b9b7685f55ac92
                • Instruction Fuzzy Hash: 121163B58003498FEB10CF9AC545BDEBBF4EB48320F20842AE968A3340C378A545CFA5
                Function 04EC2CE4 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                Download Yara Rule
                APIs
                • CloseHandle.KERNELBASE(?), ref: 04EC3F08
                Memory Dump Source
                • Source File: 00000000.00000002.1542704468.0000000004EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_4ec0000_huuG7N3jOv.jbxd
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: 0360cc7972e93fef99abbf69906811e15cb4c8633708f0711c92185ccd146108
                • Instruction ID: 01867387f92c321af60ad3cf8afd7bac02b0b6d27f75663c79063c92329fbba9
                • Opcode Fuzzy Hash: 0360cc7972e93fef99abbf69906811e15cb4c8633708f0711c92185ccd146108
                • Instruction Fuzzy Hash: 3E1166B5800749CFDB10CF9AC544BDEBBF4EB48320F10846AE958A7340D378A944CFA5
                Function 00DDD3D8 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1538466420.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ddd000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ac1332f5a9d6ace21b1ab816b87a66948f80994a0b544e06e2056ba5453b449c
                • Instruction ID: 14ffd553dba991a1a61f91066d4b7742fa352e421ff310f04032b526484ca435
                • Opcode Fuzzy Hash: ac1332f5a9d6ace21b1ab816b87a66948f80994a0b544e06e2056ba5453b449c
                • Instruction Fuzzy Hash: 98210371500244DFDF14DF10D9C0B2ABB66FB98324F24C16AE80A0B356C336E856CAB2
                Function 00DED01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1538573988.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ded000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 55db2de65121e694206a1c182a64cb57bbddf384c1284de45cf8dffa05eade1f
                • Instruction ID: a3aaffe93d00f92fa2cbe45a7406a885a499fa2a5bed3645d3d4cae07b096f65
                • Opcode Fuzzy Hash: 55db2de65121e694206a1c182a64cb57bbddf384c1284de45cf8dffa05eade1f
                • Instruction Fuzzy Hash: 4321F271604384DFDB14EF10D9C0B26BB66FB84314F28C569E84A4B286CB36D847CA72
                Function 00DED1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1538573988.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ded000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 632ccb1ef0bd3037e0a21f36f7fea74fea7c6da01dec3c8e448c32e13f6f4438
                • Instruction ID: a845dfae0b05c04fd732806b7cf048e6f9fbf1747efde48bf2f1cec7fba8751e
                • Opcode Fuzzy Hash: 632ccb1ef0bd3037e0a21f36f7fea74fea7c6da01dec3c8e448c32e13f6f4438
                • Instruction Fuzzy Hash: 33213771504380EFDB00EF11C5C0B29BB66FB84314F34C56DD9494B282CB36D806CA71
                Function 00DED005 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1538573988.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ded000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a2b542423cce2754db12ee54e1eb652f61f0fcbb7e27b8dd37c8a004ae8d46f5
                • Instruction ID: 0839846e495a250e6a08c153f652160d0ceb009f85d6a4370e3b7570a56d4f01
                • Opcode Fuzzy Hash: a2b542423cce2754db12ee54e1eb652f61f0fcbb7e27b8dd37c8a004ae8d46f5
                • Instruction Fuzzy Hash: CE215E755093C08FCB12DF24D994715BF72EB46314F2CC5EAD8498B6A7C33A984ACB62
                Function 00DDD3D3 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1538466420.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ddd000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                • Instruction ID: 0bc367c0700a7c71a6b211b27a247b18629828d6f5b3a029b126e51b7d17afa7
                • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                • Instruction Fuzzy Hash: AD11AF76504240DFCF15CF10D5C4B56BF72FB94324F28C6AAD8090B656C33AE856CBA1
                Function 00DED1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1538573988.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ded000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                • Instruction ID: 760834e6e443b9b1899c05263de27f485851499140d4c7c7b3f103f8307c0517
                • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                • Instruction Fuzzy Hash: FB11DD75504280DFCB01DF10C5C0B15FBB2FB84314F28C6AED9494B696C33AD84ACB61
                Function 00DDD731 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1538466420.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ddd000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2df33c336a4ac626af79e33615a88713f7c023b3a0de0aad72be9497f099159d
                • Instruction ID: f96cd9bcfc5994759cbcf3d54e91d662cbf8a4cd5c0f936962ddc3b7f0700ce7
                • Opcode Fuzzy Hash: 2df33c336a4ac626af79e33615a88713f7c023b3a0de0aad72be9497f099159d
                • Instruction Fuzzy Hash: 5201A231504744ABEB108A25CD84B66BB99EF81325F28C59BED4A4A382D679D840CAB2
                Function 00DDD730 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1538466420.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ddd000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8808bc029badf3bdc7330b22747b3ce6e3fef4acbcc4ea2e2bf8a3670d2514c
                • Instruction ID: ccedfac64eb3fc1b8139a9b59890463d6d59971e380ea720b4ac60d2822ebf68
                • Opcode Fuzzy Hash: b8808bc029badf3bdc7330b22747b3ce6e3fef4acbcc4ea2e2bf8a3670d2514c
                • Instruction Fuzzy Hash: FBF0CD32004344AFEB208A16CD84B66FBD8EB80335F28C59AED090E282C2799C44CAB1

                Non-executed Functions

                Function 06EEB440 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0a9b608b9dfcb33984e4f129aa0dbad790f91b9373e1359ef6a95d900d9b5980
                • Instruction ID: 31689a8b04e600013bce82ee605e71d7fa2bde0870618b34d1172526167e0ba4
                • Opcode Fuzzy Hash: 0a9b608b9dfcb33984e4f129aa0dbad790f91b9373e1359ef6a95d900d9b5980
                • Instruction Fuzzy Hash: C2E10874E0065A8FDB54DFA9C580AAEFBB2FF89305F248169D414AB355D730AD41CFA0
                Function 06EEB008 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a638378964d5a2155874b0f6ad8e2e328a6138e4c1f192eb0e8b5386278b9f12
                • Instruction ID: 00148377733feeece97bffcf5ec1c9d973fbff1f540f77a99ee03abc962eca87
                • Opcode Fuzzy Hash: a638378964d5a2155874b0f6ad8e2e328a6138e4c1f192eb0e8b5386278b9f12
                • Instruction Fuzzy Hash: 6DE1E674E0025A8FDB54DFA9C680AAEFBB2FF89305F248169D414AB355D731AD41CFA0
                Function 06EEABD0 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bc84e09b8bb29cad2914ae4214a0dafe9b823c0d00de370e7b57820e853e28b0
                • Instruction ID: 38c460d0353b1c88ab9c46a4263f7594f69f1e443c70c6fe5b549007dccb6b72
                • Opcode Fuzzy Hash: bc84e09b8bb29cad2914ae4214a0dafe9b823c0d00de370e7b57820e853e28b0
                • Instruction Fuzzy Hash: 37E10774E0065A8FDB14DFA9C580AAEFBB2FF89305F248169D814AB355D731AD41CFA0
                Function 00E7D584 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1538803006.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_e70000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a40bb21f381211889d9f31e49618497b1b39d0210b9d1151aca3305580a8e7f6
                • Instruction ID: 340687191bdf60515f5d9b54ec8873c38d18ecd9b955ee65ffa519903a410c96
                • Opcode Fuzzy Hash: a40bb21f381211889d9f31e49618497b1b39d0210b9d1151aca3305580a8e7f6
                • Instruction Fuzzy Hash: CFA16936E002098FCF09DFA4C84459EB7F2FF85304B25957AE909BB262DB31E956CB40
                Function 04ECE630 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1542704468.0000000004EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_4ec0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c31edaca87cf6f7c49bf88cf8c365f2d9f4a5a82eccdcbcc1543b3bb68b0848
                • Instruction ID: e0188859dcefb2fc83034c14f5c6e69a2bd052071f89aa4bbf8c6e059792fa4f
                • Opcode Fuzzy Hash: 3c31edaca87cf6f7c49bf88cf8c365f2d9f4a5a82eccdcbcc1543b3bb68b0848
                • Instruction Fuzzy Hash: 50D1F835D20A5ACACB11EB64D995ADDB7B1FF95300F60879AE0093B221FB706AC4CB51
                Function 04ECE62E Relevance: .3, Instructions: 263COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1542704468.0000000004EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_4ec0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d0e501a3ba0b36bbcd13d1701ec688e5a880750d7dfcca2ccc7c41edc168583b
                • Instruction ID: 37e6d83b2a33d2902c8a135739522befb67c6b95916682fc005a39df627d07f7
                • Opcode Fuzzy Hash: d0e501a3ba0b36bbcd13d1701ec688e5a880750d7dfcca2ccc7c41edc168583b
                • Instruction Fuzzy Hash: 83D1F735D20A5ACACB11EB64D991ADDB7B1FF95300F60879AE0093B221FB706AC4CB51
                Function 06EEB430 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 27c006a0c33d4e0e5ccb53183ee0f90efc7981de1c02efb04992554de806ddd6
                • Instruction ID: c312219dc4ec62c7cc0c4b7bfe4e23c03a18ddac8d3c09d00d2b0b9e5b90ac9f
                • Opcode Fuzzy Hash: 27c006a0c33d4e0e5ccb53183ee0f90efc7981de1c02efb04992554de806ddd6
                • Instruction Fuzzy Hash: FC511970E0075A8FDB14CFA9D9805AEFBF2BF89304F24856AD418AB315D7319946CFA1
                Function 06EEAFF8 Relevance: .1, Instructions: 134COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0453886ee7b5f51e57178d7f9d5ff53ba2d4090fec00aafe4099cdd47092651
                • Instruction ID: 080b217e34b22f929ed3095dc853f6716ddc2412640e492c57b2f2815dc386d1
                • Opcode Fuzzy Hash: b0453886ee7b5f51e57178d7f9d5ff53ba2d4090fec00aafe4099cdd47092651
                • Instruction Fuzzy Hash: 2E511974E002598FDB14CFA9CA805AEFBF2EF89304F248169D418A7316D731AD42CFA0
                Function 06EEABCD Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1544244118.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ee0000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9bcff9c615ae8638006b13430bbdab7751db6b5f6a5e0925cb5a241f4e711a3
                • Instruction ID: 6ebb0365bc0dfd9de6a3abc2871a4241bb3be972ba120e8153625693d954082b
                • Opcode Fuzzy Hash: e9bcff9c615ae8638006b13430bbdab7751db6b5f6a5e0925cb5a241f4e711a3
                • Instruction Fuzzy Hash: 4C51F774E006598FDB14DFA9C5809AEFBF2BF89305F24816AD818BB315D7319941CFA1

                Execution Graph

                Execution Coverage:0.8%
                Dynamic/Decrypted Code Coverage:4.8%
                Signature Coverage:8.7%
                Total number of Nodes:104
                Total number of Limit Nodes:8
                execution_graph 92447 42c2c3 92448 42c2e0 92447->92448 92451 1672df0 LdrInitializeThunk 92448->92451 92449 42c308 92451->92449 92456 42fd93 92457 42fda3 92456->92457 92458 42fda9 92456->92458 92461 42edd3 92458->92461 92460 42fdcf 92464 42cfb3 92461->92464 92463 42edee 92463->92460 92465 42cfcd 92464->92465 92466 42cfde RtlAllocateHeap 92465->92466 92466->92463 92503 424fa3 92504 424fbf 92503->92504 92505 424fe7 92504->92505 92506 424ffb 92504->92506 92508 42ccb3 NtClose 92505->92508 92513 42ccb3 92506->92513 92510 424ff0 92508->92510 92509 425004 92516 42ee13 RtlAllocateHeap 92509->92516 92512 42500f 92514 42cccd 92513->92514 92515 42ccde NtClose 92514->92515 92515->92509 92516->92512 92573 425333 92574 42534c 92573->92574 92575 4253d9 92574->92575 92576 425394 92574->92576 92579 4253d4 92574->92579 92577 42ecf3 RtlFreeHeap 92576->92577 92578 4253a1 92577->92578 92580 42ecf3 RtlFreeHeap 92579->92580 92580->92575 92452 417d83 92453 417da7 92452->92453 92454 417de3 LdrLoadDll 92453->92454 92455 417dae 92453->92455 92454->92455 92467 41ea93 92468 41eab9 92467->92468 92471 41ebad 92468->92471 92473 42fec3 92468->92473 92470 41eb4e 92470->92471 92479 42c313 92470->92479 92474 42fe33 92473->92474 92475 42fe90 92474->92475 92476 42edd3 RtlAllocateHeap 92474->92476 92475->92470 92477 42fe6d 92476->92477 92483 42ecf3 92477->92483 92480 42c32d 92479->92480 92489 1672c0a 92480->92489 92481 42c359 92481->92471 92486 42d003 92483->92486 92485 42ed0c 92485->92475 92487 42d01d 92486->92487 92488 42d02e RtlFreeHeap 92487->92488 92488->92485 92490 1672c1f LdrInitializeThunk 92489->92490 92491 1672c11 92489->92491 92490->92481 92491->92481 92517 4019e4 92518 401a01 92517->92518 92521 430263 92518->92521 92524 42e8b3 92521->92524 92525 42e8d9 92524->92525 92534 407353 92525->92534 92527 42e8ef 92533 401a65 92527->92533 92537 41b6a3 92527->92537 92529 42e90e 92530 42d053 ExitProcess 92529->92530 92531 42e923 92529->92531 92530->92531 92548 42d053 92531->92548 92536 407360 92534->92536 92551 416a33 92534->92551 92536->92527 92538 41b6cf 92537->92538 92562 41b593 92538->92562 92541 41b714 92543 41b730 92541->92543 92546 42ccb3 NtClose 92541->92546 92542 41b6fc 92544 41b707 92542->92544 92545 42ccb3 NtClose 92542->92545 92543->92529 92544->92529 92545->92544 92547 41b726 92546->92547 92547->92529 92549 42d06d 92548->92549 92550 42d07e ExitProcess 92549->92550 92550->92533 92552 416a4d 92551->92552 92554 416a66 92552->92554 92555 42d6d3 92552->92555 92554->92536 92557 42d6ed 92555->92557 92556 42d71c 92556->92554 92557->92556 92558 42c313 LdrInitializeThunk 92557->92558 92559 42d776 92558->92559 92560 42ecf3 RtlFreeHeap 92559->92560 92561 42d78c 92560->92561 92561->92554 92563 41b689 92562->92563 92564 41b5ad 92562->92564 92563->92541 92563->92542 92568 42c3b3 92564->92568 92567 42ccb3 NtClose 92567->92563 92569 42c3cd 92568->92569 92572 16735c0 LdrInitializeThunk 92569->92572 92570 41b67d 92570->92567 92572->92570 92492 4142d7 92494 414263 92492->92494 92493 4142cc 92494->92493 92497 41b9b3 RtlFreeHeap LdrInitializeThunk 92494->92497 92496 4142c2 92497->92496

                Executed Functions

                Function 00417D83 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 84 417d83-417dac call 42f8d3 87 417db2-417dc0 call 42fed3 84->87 88 417dae-417db1 84->88 91 417dd0-417de1 call 42e383 87->91 92 417dc2-417dcd call 430173 87->92 97 417de3-417df7 LdrLoadDll 91->97 98 417dfa-417dfd 91->98 92->91 97->98
                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417DF5
                Memory Dump Source
                • Source File: 00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_400000_huuG7N3jOv.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                • Instruction ID: 88b9ef28133dc456cab6c81c5f600716b01c30102915f9fd8f3ec612534eff34
                • Opcode Fuzzy Hash: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                • Instruction Fuzzy Hash: 23011EB5E0020DABDF10DAE5DC42FEEB3789F54308F0081AAE90897241F635EB598B95
                Function 0042CCB3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 109 42ccb3-42ccec call 404623 call 42dea3 NtClose
                APIs
                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCE7
                Memory Dump Source
                • Source File: 00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_400000_huuG7N3jOv.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                • Instruction ID: d46bfabfc098e6d5a2aad821b6b2a61ea91c21e50ceafb7c4f345b9124cf626d
                • Opcode Fuzzy Hash: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                • Instruction Fuzzy Hash: 98E026366006043BC210FA6ADC01FD7776CDFC5B10F000819FA0867242C7B4B90087F4
                Function 01672DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 124 1672df0-1672dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 7e0477e172ce9848950cde5b3489a1e3861ce84bca72ba8978320a2c11cbf859
                • Instruction ID: bd5cc0e7e9cfe75fdde6058408e791a5d1253543e86c197f74e48c7122ba8430
                • Opcode Fuzzy Hash: 7e0477e172ce9848950cde5b3489a1e3861ce84bca72ba8978320a2c11cbf859
                • Instruction Fuzzy Hash: 0790023120140413D11175584944707500E97D0341FD5C512A442465CED6568A52A221
                Function 01672C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 123 1672c70-1672c7c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 87a34193e999f5f5aa0f233858b76de4cabaff4e85dc20ff60a456359a59377c
                • Instruction ID: 28b830a0436ec01d3d503c63043326f2e13dcf2d3c92ba18d43c8cbf200a282b
                • Opcode Fuzzy Hash: 87a34193e999f5f5aa0f233858b76de4cabaff4e85dc20ff60a456359a59377c
                • Instruction Fuzzy Hash: D590023120148802D1107558884474B500A97D0301F99C511A842475CEC69589917221
                Function 016735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 125 16735c0-16735cc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: dc3ad8e5aba94c3f6dfe80e62acf656fc8296abd67b9a02126911d81f65bd692
                • Instruction ID: d240e07392bf4aba2b2a58b59623eabd7aa0899ad997900e13dcd77e36371a5b
                • Opcode Fuzzy Hash: dc3ad8e5aba94c3f6dfe80e62acf656fc8296abd67b9a02126911d81f65bd692
                • Instruction Fuzzy Hash: 3F90023160550402D10075584954707600A97D0301FA5C511A442466CEC7958A5166A2
                Function 0042D003 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 104 42d003-42d044 call 404623 call 42dea3 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D08CFFD5,00000007,00000000,00000004,00000000,004175E7,000000F4), ref: 0042D03F
                Memory Dump Source
                • Source File: 00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_400000_huuG7N3jOv.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                • Instruction ID: 480c2476483c24a98dc1ccd4d3f8387b92b9bc50a10ea559d801330f157754dd
                • Opcode Fuzzy Hash: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                • Instruction Fuzzy Hash: CCE065B66046147FE710EFA9EC41E9B33ACEFC9710F00041AFA08A7241D778B9108AB9
                Function 0042CFB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 99 42cfb3-42cff4 call 404623 call 42dea3 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(?,0041EB4E,?,?,00000000,?,0041EB4E,?,?,?), ref: 0042CFEF
                Memory Dump Source
                • Source File: 00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_400000_huuG7N3jOv.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                • Instruction ID: dc73a00d5b2d417b2c46dafea40d9adc71060332ee157e8bfc2b2fc429177c5c
                • Opcode Fuzzy Hash: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                • Instruction Fuzzy Hash: 2DE06DB66042047BD610EE59EC41E9B33ACDFC9710F000819F908A7241D675BA118BB9
                Function 0042D053 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 114 42d053-42d08c call 404623 call 42dea3 ExitProcess
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.1947639660.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_400000_huuG7N3jOv.jbxd
                Yara matches
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 15264c56b12c26b86eb90c2dabc34e6d55a96133bf5bcb6f2ee9bafa70ba7c0d
                • Instruction ID: 7a9833e9e4d947a3999cb396ff3879e5195884ea37e196f788b44d0b0899353c
                • Opcode Fuzzy Hash: 15264c56b12c26b86eb90c2dabc34e6d55a96133bf5bcb6f2ee9bafa70ba7c0d
                • Instruction Fuzzy Hash: D2E04F722406147BC210FA5ADC02F9B775CDBC5715F10845AFA086B241D7B9791587A8
                Function 01672C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 119 1672c0a-1672c0f 120 1672c11-1672c18 119->120 121 1672c1f-1672c26 LdrInitializeThunk 119->121
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: e2c4ece88aa474fe0faf708e6a9506619505fa41afe0de4064834f09771e173d
                • Instruction ID: a007f69033aac91eea3b2efbabe2b783b310ecca808f24ce46b4089622408628
                • Opcode Fuzzy Hash: e2c4ece88aa474fe0faf708e6a9506619505fa41afe0de4064834f09771e173d
                • Instruction Fuzzy Hash: 25B09B719015C5C5DA51F7644E08717790577D0701F55C165D3030755F4738C1D1E275

                Non-executed Functions

                Function 016B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: fc502a2d1394ef46f5637b2d69a9232f6ee8567951f96002fdb5e6176f5f402b
                • Instruction ID: b2c854b8ab92919f2d925c835bc1f5b64657a2a080aceb73f821b14990e221cc
                • Opcode Fuzzy Hash: fc502a2d1394ef46f5637b2d69a9232f6ee8567951f96002fdb5e6176f5f402b
                • Instruction Fuzzy Hash: 5592AC71604342ABE721DF28CC90BABBBE9BB84714F04492DFA95D7350D770E885CB96
                Function 01668620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                Download Yara Rule
                Strings
                • 8, xrefs: 016A52E3
                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016A54E2
                • Thread is in a state in which it cannot own a critical section, xrefs: 016A5543
                • double initialized or corrupted critical section, xrefs: 016A5508
                • undeleted critical section in freed memory, xrefs: 016A542B
                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016A54CE
                • Invalid debug info address of this critical section, xrefs: 016A54B6
                • Critical section address., xrefs: 016A5502
                • corrupted critical section, xrefs: 016A54C2
                • Critical section address, xrefs: 016A5425, 016A54BC, 016A5534
                • Address of the debug info found in the active list., xrefs: 016A54AE, 016A54FA
                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016A540A, 016A5496, 016A5519
                • Thread identifier, xrefs: 016A553A
                • Critical section debug info address, xrefs: 016A541F, 016A552E
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                • API String ID: 0-2368682639
                • Opcode ID: 7cbe1a1da318244bce33da0c59c8c7183c517f80e804b387048e68f117351823
                • Instruction ID: 9cf0a63e1207588f704aebafb40c6f15bb49353e628f57bd73cca629637ef7ae
                • Opcode Fuzzy Hash: 7cbe1a1da318244bce33da0c59c8c7183c517f80e804b387048e68f117351823
                • Instruction Fuzzy Hash: CB8189B1A41358AFDB20CF99CC41BAEBBB9EB48B10F684159F506B7240D375AD41CF60
                Function 016629F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                Download Yara Rule
                Strings
                • RtlpResolveAssemblyStorageMapEntry, xrefs: 016A261F
                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016A24C0
                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 016A2624
                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 016A2602
                • @, xrefs: 016A259B
                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 016A2498
                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 016A2412
                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 016A2409
                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 016A2506
                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016A25EB
                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016A22E4
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                • API String ID: 0-4009184096
                • Opcode ID: 4bc8f7a4a91d92cff85bdbc3239d085a052194b25e9c9cffd1f1e15ff299a18e
                • Instruction ID: 3ec5a52d8ba8d3cd9d2bd3f1bc5fab449d2142f29724f62e3992406b8a0c6485
                • Opcode Fuzzy Hash: 4bc8f7a4a91d92cff85bdbc3239d085a052194b25e9c9cffd1f1e15ff299a18e
                • Instruction Fuzzy Hash: A8028FB1D402299FDB61DB54CC90BDAB7B8AF54304F4041EEEA09A7241EB30AE85CF59
                Function 016D8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                • API String ID: 0-2515994595
                • Opcode ID: a903a4066bd420fac3d388646bfda89039e1657f4e0515be560fa5281d277c4d
                • Instruction ID: dab8a732e7fc90b43b1e82c5c701a1903d326d0fb8fbbd3cb5c7809ab0670399
                • Opcode Fuzzy Hash: a903a4066bd420fac3d388646bfda89039e1657f4e0515be560fa5281d277c4d
                • Instruction Fuzzy Hash: 5551B171A043419BD32ADF188C48BABBBECFF94650F14492DF999C3281E770E605C7A2
                Function 016E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: 9a26340fdc46381f315216cd0675db48f5d6a1259e56fc36be06533219375cab
                • Instruction ID: eaaac44ac4b1b00a7941b8965459f9e9f1ad75f3a52f7a8b98f7b2904ab84643
                • Opcode Fuzzy Hash: 9a26340fdc46381f315216cd0675db48f5d6a1259e56fc36be06533219375cab
                • Instruction Fuzzy Hash: 9DD1CF31602696DFDB22DF68C848AAABBF2FF5A710F188149F4469B351C7B49942CF14
                Function 016B89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                Download Yara Rule
                Strings
                • HandleTraces, xrefs: 016B8C8F
                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 016B8A3D
                • AVRF: -*- final list of providers -*- , xrefs: 016B8B8F
                • VerifierFlags, xrefs: 016B8C50
                • VerifierDlls, xrefs: 016B8CBD
                • VerifierDebug, xrefs: 016B8CA5
                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 016B8A67
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                • API String ID: 0-3223716464
                • Opcode ID: 0e2c69d13752194f3e940fc560b589f692e72acc4ac0acc7ea17a54f5b20c9ae
                • Instruction ID: c3c52c3dc3006e6160760a1cb399635ddb7f4f9139feb34246b6ccd3b205f6ef
                • Opcode Fuzzy Hash: 0e2c69d13752194f3e940fc560b589f692e72acc4ac0acc7ea17a54f5b20c9ae
                • Instruction Fuzzy Hash: 829123B2645722AFD331DF288CD0BEA7BEDAB55724F44445DFA416B281C7309C82CB99
                Function 0163EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                • API String ID: 0-1109411897
                • Opcode ID: b59d3a5d31398b5c3020afeac8632df32d64f1443d4039f52455e30eaf2a3e6e
                • Instruction ID: 3cb2e05a3f917d570d227c1df9af7d60757804af75375537179a4e81489a6727
                • Opcode Fuzzy Hash: b59d3a5d31398b5c3020afeac8632df32d64f1443d4039f52455e30eaf2a3e6e
                • Instruction Fuzzy Hash: E0A23774E0562A8BDF64CF29CD887A9BBB5AF85304F1442E9D90DA7350DB319E82CF50
                Function 016663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: a1b0746c4d8ce3c70bf23d701edc7b1093a5534861527e2f3710b2aa0d05ce05
                • Instruction ID: 141160f429d952b2eec565bdbb76dd1dacfe6da3fba392c35fcb4d3b47b451db
                • Opcode Fuzzy Hash: a1b0746c4d8ce3c70bf23d701edc7b1093a5534861527e2f3710b2aa0d05ce05
                • Instruction Fuzzy Hash: 0E917A70B013159BEB35DF18EC94BAA7BA6FF50B24F58812DE90167381DBB49C42CB94
                Function 0162645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                Download Yara Rule
                Strings
                • apphelp.dll, xrefs: 01626496
                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01689A2A
                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 016899ED
                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01689A01
                • minkernel\ntdll\ldrinit.c, xrefs: 01689A11, 01689A3A
                • LdrpInitShimEngine, xrefs: 016899F4, 01689A07, 01689A30
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: 71aefc4c8b3d7673c3601fb5187014d63af3b4beb3cccf95c3a0882cc055af27
                • Instruction ID: c16092bb19f968a913e3c8ddcd78768e1d057b71cee2b226b65f7e009a0ea02f
                • Opcode Fuzzy Hash: 71aefc4c8b3d7673c3601fb5187014d63af3b4beb3cccf95c3a0882cc055af27
                • Instruction Fuzzy Hash: 7151DF712483059FE720EF24CC91BABB7E5FB84758F044A1DF98697254DB30E905CB96
                Function 01662674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 016A219F
                • RtlGetAssemblyStorageRoot, xrefs: 016A2160, 016A219A, 016A21BA
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 016A21BF
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 016A2178
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 016A2180
                • SXS: %s() passed the empty activation context, xrefs: 016A2165
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: 47b2953cb1204e38cd254324d98e46b581eeb98ee4e738f1336a1ef0f06f00f4
                • Instruction ID: f742d4db103c3e98efe3009e8990b7fcc7388f96110da735c26decde7f87d9a8
                • Opcode Fuzzy Hash: 47b2953cb1204e38cd254324d98e46b581eeb98ee4e738f1336a1ef0f06f00f4
                • Instruction Fuzzy Hash: 55314B36F8021577E7218A998C91F6B7F7DDBA4A41F09406DFB0567245D770AE01CBE0
                Function 0166C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrredirect.c, xrefs: 016A8181, 016A81F5
                • LdrpInitializeImportRedirection, xrefs: 016A8177, 016A81EB
                • Loading import redirection DLL: '%wZ', xrefs: 016A8170
                • minkernel\ntdll\ldrinit.c, xrefs: 0166C6C3
                • Unable to build import redirection Table, Status = 0x%x, xrefs: 016A81E5
                • LdrpInitializeProcess, xrefs: 0166C6C4
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-475462383
                • Opcode ID: f4434d840c7757ab428556f10e3e2e3a5c745d2ce40dde8e071c837ab041d09f
                • Instruction ID: fc8f0fe6f3809db7fe7533e5a246776f2350cabf7d485628395d04b3a8e471aa
                • Opcode Fuzzy Hash: f4434d840c7757ab428556f10e3e2e3a5c745d2ce40dde8e071c837ab041d09f
                • Instruction Fuzzy Hash: F13104716447429BD224EF28DC45E2A77A9FF94B20F04055CFD85AB391E720EC05CBA6
                Function 0167096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 01672DF0: LdrInitializeThunk.NTDLL ref: 01672DFA
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01670BA3
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01670BB6
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01670D60
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01670D74
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                • String ID:
                • API String ID: 1404860816-0
                • Opcode ID: 47da76abc41be5ab037df691bf36d8aa76f094706d73c7b1dfb3c6ecb7cc8064
                • Instruction ID: cac059d1544e5996362dead2e0183b03d6c1e23271225ed025758cd42bcbe7cc
                • Opcode Fuzzy Hash: 47da76abc41be5ab037df691bf36d8aa76f094706d73c7b1dfb3c6ecb7cc8064
                • Instruction Fuzzy Hash: 27424971900715DFDB61CF28CC80BAAB7F5FF45314F1485AAE989AB241E770AA85CF60
                Function 0163A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: 0bd0977bfbc89a516d3ef7d7c3b47aee9d46e74825cb18af96d214319f3af830
                • Instruction ID: 2639f170fb5fd719aa215ae6d13ecdb979c491122e94bd23b8244d3ddc9dbc1f
                • Opcode Fuzzy Hash: 0bd0977bfbc89a516d3ef7d7c3b47aee9d46e74825cb18af96d214319f3af830
                • Instruction Fuzzy Hash: 53C16675108382DBDB11CF98C844B6AB7E4AF84704F04896EF9D6CB391E734C94ADB56
                Function 01668402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                Download Yara Rule
                Strings
                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0166855E
                • minkernel\ntdll\ldrinit.c, xrefs: 01668421
                • LdrpInitializeProcess, xrefs: 01668422
                • @, xrefs: 01668591
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1918872054
                • Opcode ID: 5a94b7345f303f942d0503b48b8cd3c75fcbabe74936a378d6d99d63c2d1868d
                • Instruction ID: 034e3e22dafe4dd8df2a18b862e24a794c91e2bf357194616241309b9c7638d5
                • Opcode Fuzzy Hash: 5a94b7345f303f942d0503b48b8cd3c75fcbabe74936a378d6d99d63c2d1868d
                • Instruction Fuzzy Hash: 70919871508345AFD722EE25CC90FABBBEDEB84744F80092EFA8593251E730D9048B66
                Function 0166273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 016A21D9, 016A22B1
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 016A22B6
                • .Local, xrefs: 016628D8
                • SXS: %s() passed the empty activation context, xrefs: 016A21DE
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: 0ad6c3f77f868d809283b81c6809810301018dc0d6407e507ca4ea732cf541e4
                • Instruction ID: aa8c8df2cbfc49f90b58a7668c156cb5a9be3ddd2601a0091a6d5e23b61110f7
                • Opcode Fuzzy Hash: 0ad6c3f77f868d809283b81c6809810301018dc0d6407e507ca4ea732cf541e4
                • Instruction Fuzzy Hash: FFA1C03194022ADBDB24CF69CC94BA9B7B9BF98314F1542EDD908A7351D7309E81CF94
                Function 01664AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                Download Yara Rule
                Strings
                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 016A342A
                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 016A3437
                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 016A3456
                • RtlDeactivateActivationContext, xrefs: 016A3425, 016A3432, 016A3451
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                • API String ID: 0-1245972979
                • Opcode ID: 01d2b303a1a0176346bd58ffee2a078bf11382f25f40d16d43fd32564f986b4f
                • Instruction ID: b6089991a24e6473212aa42edbfc636ef8dbec207093a63e64b376b38accebcf
                • Opcode Fuzzy Hash: 01d2b303a1a0176346bd58ffee2a078bf11382f25f40d16d43fd32564f986b4f
                • Instruction Fuzzy Hash: 1261FE366017129BD7228F1DCC81B2AB7E9FF80A50F58852DE9569B345CB30EC01CB95
                Function 016364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                Download Yara Rule
                Strings
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016910AE
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0169106B
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01690FE5
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01691028
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: 12eeaba6f1af4b72c9e2da77336c1955ab52c9b181f381bb9d1f41117a0a0919
                • Instruction ID: 9da24680ef55ab4f117a24e2a1a905d8af36b410c9b18ef0167eab36ed91dc7d
                • Opcode Fuzzy Hash: 12eeaba6f1af4b72c9e2da77336c1955ab52c9b181f381bb9d1f41117a0a0919
                • Instruction Fuzzy Hash: BD71CCB1904305AFCB21EF18CC84B9B7BA9EF94764F40446CF9498B286D734D689CBD6
                Function 0165245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • apphelp.dll, xrefs: 01652462
                • LdrpDynamicShimModule, xrefs: 0169A998
                • minkernel\ntdll\ldrinit.c, xrefs: 0169A9A2
                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0169A992
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-176724104
                • Opcode ID: dc6498c9903d4ec21eab57820fc2f1fa9f7380471ed39ae612404877fd9a74ff
                • Instruction ID: 2ad70fdfd9d97c4ae6316be7edb5fb834a3be807c261a6ac4df356eb7812fd25
                • Opcode Fuzzy Hash: dc6498c9903d4ec21eab57820fc2f1fa9f7380471ed39ae612404877fd9a74ff
                • Instruction Fuzzy Hash: D531F371A40201EBDB319F9DDC91A6ABBF9FB84724F25405DFD01A7345C7B45982CB90
                Function 016429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                Download Yara Rule
                Strings
                • HEAP[%wZ]: , xrefs: 01643255
                • HEAP: , xrefs: 01643264
                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0164327D
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                • API String ID: 0-617086771
                • Opcode ID: f1ef7b85c365377b37605d77a037341ef24ece4c4aaddf71a2f90990b071d337
                • Instruction ID: bc8d6cad3b6349b15c91bde117fa05b36b0230c6e7a266d5f9b967fae5def309
                • Opcode Fuzzy Hash: f1ef7b85c365377b37605d77a037341ef24ece4c4aaddf71a2f90990b071d337
                • Instruction Fuzzy Hash: 3392CC71A042599FDB25CF68D8547AEBBF1FF48304F28809DE899AB391D734A942CF50
                Function 01640770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: 71711f20b11251701f7cdc5df1350438474c15501727f32c664751c4f922e52a
                • Instruction ID: d6b6a0e1b8e32fe976f1f2c4ae50a55a06479830518b46043b450857e30ab85b
                • Opcode Fuzzy Hash: 71711f20b11251701f7cdc5df1350438474c15501727f32c664751c4f922e52a
                • Instruction Fuzzy Hash: ECF1BF74700616DFEB16CF68CC94BAAB7B5FF45304F1481A9E6069B381D734E982CB90
                Function 01656962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: $@
                • API String ID: 0-1077428164
                • Opcode ID: 974c339399dc2f5e59bca3ad087799883004f48c1214db7568ebb8d957aba868
                • Instruction ID: 456230dca04a09636e69d997e0c64752c6b369bc94118809bf403d1805aa0f20
                • Opcode Fuzzy Hash: 974c339399dc2f5e59bca3ad087799883004f48c1214db7568ebb8d957aba868
                • Instruction Fuzzy Hash: 41C27C71A083519FEB65CF28CC81BABBBE5AF88754F44892DE98987341D734D805CB92
                Function 0162A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: 4ebf7d0d7b5d58fb58863e72a5b4b9171012043f0bb135e01ad1f343e940868e
                • Instruction ID: 5a103607fb7acfe6f5db095d844314d97ee493f82c4fabe8242cb0feacd81982
                • Opcode Fuzzy Hash: 4ebf7d0d7b5d58fb58863e72a5b4b9171012043f0bb135e01ad1f343e940868e
                • Instruction Fuzzy Hash: D7A19F719116299BDB31EF68CC88BEAB7B8EF44700F1041E9EA09A7250D7359EC5CF54
                Function 01650BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                Download Yara Rule
                Strings
                • Failed to allocated memory for shimmed module list, xrefs: 0169A10F
                • LdrpCheckModule, xrefs: 0169A117
                • minkernel\ntdll\ldrinit.c, xrefs: 0169A121
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                • API String ID: 0-161242083
                • Opcode ID: 0810de22944124d481e16a8fa975439f32a38661e1f71626d6410f245582c061
                • Instruction ID: 24fc9e7f2ad8d8a10db0d5ec0b6cebf8eec4b2c45aee4ba3a2a099389218b13c
                • Opcode Fuzzy Hash: 0810de22944124d481e16a8fa975439f32a38661e1f71626d6410f245582c061
                • Instruction Fuzzy Hash: D071DE71A002069FDF25DFA8CD81AAEB7F5FB48318F14846DE902A7351E734AD82CB54
                Function 01640A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-1334570610
                • Opcode ID: d212b443b3b421693a8627b175ec8dc492d1eece86fec2f8e1b85f32e2dcddf8
                • Instruction ID: 60118828ab1e5a64887917a718a6ea6aa08abab434930c10012835070f2f0da3
                • Opcode Fuzzy Hash: d212b443b3b421693a8627b175ec8dc492d1eece86fec2f8e1b85f32e2dcddf8
                • Instruction Fuzzy Hash: 17617D70600311DFDB29DF28C880BAABBE6FF45704F14855EE95A8B392D771E881CB95
                Function 0166C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                Download Yara Rule
                Strings
                • LdrpInitializePerUserWindowsDirectory, xrefs: 016A82DE
                • Failed to reallocate the system dirs string !, xrefs: 016A82D7
                • minkernel\ntdll\ldrinit.c, xrefs: 016A82E8
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1783798831
                • Opcode ID: ad442f005dee9f8d3d5b998c1c309ca31b8f96aff5f241c864c1921c541c007e
                • Instruction ID: 773f91d72a5221efc1c2aa93c2d36f06890f233946b78515050b4deb9e3c2944
                • Opcode Fuzzy Hash: ad442f005dee9f8d3d5b998c1c309ca31b8f96aff5f241c864c1921c541c007e
                • Instruction Fuzzy Hash: D341DF71544711ABC731EF68DC44B6B7BE9FF48760F04892EFA8993290E774E8018B95
                Function 016EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • @, xrefs: 016EC1F1
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 016EC1C5
                • PreferredUILanguages, xrefs: 016EC212
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: 56c3533dafbe3cc0abf971a1e3ed868a0161f709df9169477aa8a19563a13902
                • Instruction ID: d99623e93f2791ff2da7e3f68c4e16b262ab13ac0559919a9e9304e470b5596b
                • Opcode Fuzzy Hash: 56c3533dafbe3cc0abf971a1e3ed868a0161f709df9169477aa8a19563a13902
                • Instruction Fuzzy Hash: C4418272E01219EFDB11DBD8CC95FEEBBF9AB14700F04816AEA09B7240D7749A44CB54
                Function 016C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: 7c5d548c6b4fda88a2ed047db7b90d520d734df81abdb8e5f06b7359fd1f389d
                • Instruction ID: c6f767f9df05b756ec5a5876de1b6728450e3ee29c47f72c76cf525975d168af
                • Opcode Fuzzy Hash: 7c5d548c6b4fda88a2ed047db7b90d520d734df81abdb8e5f06b7359fd1f389d
                • Instruction Fuzzy Hash: F041E572A00258CBEB26DB99CC60BBDBBB6FF95740F14045DD941EB791DB398901CB14
                Function 016B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrredirect.c, xrefs: 016B4899
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 016B4888
                • LdrpCheckRedirection, xrefs: 016B488F
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: 19ea1486018ac41c95fba4c10003f831fc05026f665418ea511044a1bec42a91
                • Instruction ID: 5bf7627d6ced700a9ac39eeff2fa3c1e0dd1f080b50b4d9480bc834aa17c5c7e
                • Opcode Fuzzy Hash: 19ea1486018ac41c95fba4c10003f831fc05026f665418ea511044a1bec42a91
                • Instruction Fuzzy Hash: 6A41C132A046619BCB21CE5CDCC0AA67BE9EF49650B06056DED8A97353DB30E881CB91
                Function 01640BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: 6637ac4e7b41ac381522e577435a3c395ba2fa1cc61343777d7feeb72ba18d1b
                • Instruction ID: 31b2134ba4a5533491390a767c400e49fba9ab0807a1c703ec37d424fc00d30e
                • Opcode Fuzzy Hash: 6637ac4e7b41ac381522e577435a3c395ba2fa1cc61343777d7feeb72ba18d1b
                • Instruction Fuzzy Hash: 3911E4313165519FDB6ACA18CC40BB6B3AAEF40B15F14812EF607CB251DB30D841CB99
                Function 016B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrinit.c, xrefs: 016B2104
                • LdrpInitializationFailure, xrefs: 016B20FA
                • Process initialization failed with status 0x%08lx, xrefs: 016B20F3
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: b073e5a0e72955d3f8431e99659a3c44b7482b1fe78d67b285bd40ad9cb4f381
                • Instruction ID: 6f91019a3bcca5e258a5f756d6c502f67b437b5d4c5d4d802c29337080164235
                • Opcode Fuzzy Hash: b073e5a0e72955d3f8431e99659a3c44b7482b1fe78d67b285bd40ad9cb4f381
                • Instruction Fuzzy Hash: 79F02834640308ABE734EA4CDCA2FDA3BA9EB40B25F14001CFB0167385D2B0A980C750
                Function 016403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: e983e688c7fff2cacdf01cc165d87aac732fa6792e488dbf0b376a26b919461b
                • Instruction ID: 9d6b3936c728c4c8ae56b96ae997efa148e4b0f251c6c23f7cab5d8254186f32
                • Opcode Fuzzy Hash: e983e688c7fff2cacdf01cc165d87aac732fa6792e488dbf0b376a26b919461b
                • Instruction Fuzzy Hash: AB714772A0115ADFDB01DFA8CD90BAEBBF9BF08304F144069E905A7351EB34E942CB65
                Function 0163A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                Download Yara Rule
                Strings
                • LdrResSearchResource Enter, xrefs: 0163AA13
                • LdrResSearchResource Exit, xrefs: 0163AA25
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                • API String ID: 0-4066393604
                • Opcode ID: df330b2ef7d2fee4beb60bde634db5e422241e20436eba0609c25671a07e5323
                • Instruction ID: 0fa1ac709270d09d5e441fdcdcd98771457bae6eb7ed573d3b981f795b65fcd2
                • Opcode Fuzzy Hash: df330b2ef7d2fee4beb60bde634db5e422241e20436eba0609c25671a07e5323
                • Instruction Fuzzy Hash: C0E15F71A00219ABEF26CEEDCD94BAEBBBABF84310F104529E941E7351D7349942DB50
                Function 016FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: 1ce342ccc6aeea194e62df032ee67d8aef414e86bc38fb7eb15cc68068a358d6
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: F8C1BE312043429BEB25CF68CC45B6BBBE6AFC4318F084A2DF69ACB290D775D505CB95
                Function 016AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: ad96d5974e79df209c32df9112dec11b1f00ef16181401250d1d5d27a5a00908
                • Instruction ID: 8326a6b868267e4433b5570d0579c4bafc604de7daf77a70ffcc54dc5f243c4b
                • Opcode Fuzzy Hash: ad96d5974e79df209c32df9112dec11b1f00ef16181401250d1d5d27a5a00908
                • Instruction Fuzzy Hash: EF613871E006199FDB25DFA88C80AAEBBB9FB44700F55406EE649EB291D732ED01CF54
                Function 016D43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: @$MUI
                • API String ID: 0-17815947
                • Opcode ID: 345fcb049661e7bd986190fdb6178bc08b7d7d487442fe946c6b9cee2d190627
                • Instruction ID: d09fccbffcf3f3065a66969aec7222bbc2be32331080d14c2cfc8f19b7003da9
                • Opcode Fuzzy Hash: 345fcb049661e7bd986190fdb6178bc08b7d7d487442fe946c6b9cee2d190627
                • Instruction Fuzzy Hash: EB512871E0021DAFDF11DFA9CC90AEEBBB9EB44754F100529EA11B7690DB309D45CBA4
                Function 016304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                Download Yara Rule
                Strings
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0163063D
                • kLsE, xrefs: 01630540
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                • API String ID: 0-2547482624
                • Opcode ID: 27dae35864212f11879aa406d2ab7839654ebb498f9482640fb930cddc1b79cd
                • Instruction ID: 3dae5fb748f053ef8359b0c62760f73586066d47014463e4ad959cb0cc32a7aa
                • Opcode Fuzzy Hash: 27dae35864212f11879aa406d2ab7839654ebb498f9482640fb930cddc1b79cd
                • Instruction Fuzzy Hash: 1E51CF715047428FD725EF68C9406A7BBE8AFC5314F10883EFAAA87381E770D549CB96
                Function 0163A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Exit, xrefs: 0163A309
                • RtlpResUltimateFallbackInfo Enter, xrefs: 0163A2FB
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: 5428965f4d193f97f174e1029a1ba7ba321d2402972f883d128dec3776afd0fd
                • Instruction ID: a8b7c0097a96592efff9b4e62e7c5690a146d23659a09b08db64db98031776fe
                • Opcode Fuzzy Hash: 5428965f4d193f97f174e1029a1ba7ba321d2402972f883d128dec3776afd0fd
                • Instruction Fuzzy Hash: D141AB31A00655DBEB158F99CC90BAA7BF9FF84304F1440A9E940DB3A5E3B5D941DB40
                Function 016B07C3 Relevance: 2.6, Strings: 2, Instructions: 114COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: :$u$:$u(
                • API String ID: 0-4234141861
                • Opcode ID: 324f0de8786221238aa2eedf301830b1e905843b86815c82eed00f1592acae1c
                • Instruction ID: 8de55c1a1799f9585d7ec9ef6dd235994f3c4974bb02dd6fd054c34c7e35dd5f
                • Opcode Fuzzy Hash: 324f0de8786221238aa2eedf301830b1e905843b86815c82eed00f1592acae1c
                • Instruction Fuzzy Hash: 88419D725043119FD720DF29CC84B9BBBE8FF88624F108A2EF998D7251D7709945CB92
                Function 0166A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: c31e3e9ef8b8d7db8eb9ae42a8098abc4db223e944c2d9cc38f25030fb49df27
                • Instruction ID: b671366103101e4ffb6c0c7546f47038ea073a86c960f5372b61ab533607fe0b
                • Opcode Fuzzy Hash: c31e3e9ef8b8d7db8eb9ae42a8098abc4db223e944c2d9cc38f25030fb49df27
                • Instruction Fuzzy Hash: CF01DCB2240740AFD322DF64CD49B2677E8E784B25F00893EF659C7190E334E805CB4A
                Function 0163C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 5db5199c7cd349a09ec0266d5f849d79d2d648acb30fd05a4631a7a7f61e5540
                • Instruction ID: af71e995ae404feb70b6570110860a128ae5938dd95ecc2d2df474298467d18a
                • Opcode Fuzzy Hash: 5db5199c7cd349a09ec0266d5f849d79d2d648acb30fd05a4631a7a7f61e5540
                • Instruction Fuzzy Hash: 72824A75E002198FEB25CFA9CC80BEDBBB5BF88710F14816AE959AB351D7309D42CB54
                Function 016B6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 4374437c8d97167ee589c8eff0f7e6ac48dbca17f5a3a6c28198349768e41959
                • Instruction ID: fb63a9c6261497cfc974ca92c2941dc3a86f2d0f26f55fe2f617cc113c02302f
                • Opcode Fuzzy Hash: 4374437c8d97167ee589c8eff0f7e6ac48dbca17f5a3a6c28198349768e41959
                • Instruction Fuzzy Hash: BA918572941229AFEB21DF95CC85FEE7BB9EF14B50F104069F600AB291D774AD40CBA4
                Function 016DE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 9fe62e46cef53bfd8b91568f3d36c7eaff66ef287cc3214ad6a953ea78eaa06f
                • Instruction ID: e92f915324651f91cfbefbf4542cdace715cf3127f2ff690c50742f20b3269ce
                • Opcode Fuzzy Hash: 9fe62e46cef53bfd8b91568f3d36c7eaff66ef287cc3214ad6a953ea78eaa06f
                • Instruction Fuzzy Hash: CF91A131E00619BFDB22AFA5DC84FAFBB7AEF55740F110029F501AB250DB769902CB94
                Function 0166A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: c19b093cc65668df3fb7c2bda08f41ba240b706049aed2819e52657cca8e1d4f
                • Instruction ID: 4774a35f77c2093ab2162b0b37fba115626726805844ceee44654ddbf38f0ac9
                • Opcode Fuzzy Hash: c19b093cc65668df3fb7c2bda08f41ba240b706049aed2819e52657cca8e1d4f
                • Instruction Fuzzy Hash: C0715FB5E0021A8FDF25CF98D9906ADBBB6BF48710F58816EE906A7341E7309D41CF64
                Function 016D4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: .mui
                • API String ID: 0-1199573805
                • Opcode ID: 7da65e867d698ae56f87699b3d766b1849822d8056c8e64562582dd892f8eca2
                • Instruction ID: e8617110821e86373e23091885f3f63297d46852af557c0cba1d4983c24e582b
                • Opcode Fuzzy Hash: 7da65e867d698ae56f87699b3d766b1849822d8056c8e64562582dd892f8eca2
                • Instruction Fuzzy Hash: B151A072D0022A9BDF11DF99DC40AAEBBB5AF14A10F09416EEE11BB754DB349C01CBA5
                Function 0164E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: EXT-
                • API String ID: 0-1948896318
                • Opcode ID: 5c7cf92fe0885a4790975646bc94363885e596d4e797804c1dc703757eb30c23
                • Instruction ID: b28406f6daf3ed81b333ebde76f12b73418c60041516a289f7310ca0ad11921c
                • Opcode Fuzzy Hash: 5c7cf92fe0885a4790975646bc94363885e596d4e797804c1dc703757eb30c23
                • Instruction Fuzzy Hash: E8417F725083129BD711DB69CC80B6BBBE9BF88724F440D2DFA85D7280E779D904C79A
                Function 016AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: cec7d6a6d8e5a641c68eb5a183b8d3d0437aab08e6f0ab24d4f58979ac0f0e4b
                • Instruction ID: 1f0f4764036db614088b283bccc8294db34c3e479ae5527c9164c10b8d6b5c0b
                • Opcode Fuzzy Hash: cec7d6a6d8e5a641c68eb5a183b8d3d0437aab08e6f0ab24d4f58979ac0f0e4b
                • Instruction Fuzzy Hash: 594145B1D0012DABDB21DA50CC84FDEB77DAB45724F4145E9EB08AB140DB709E89CFA8
                Function 016C6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: #
                • API String ID: 0-1885708031
                • Opcode ID: d68f555b791bd1c9d937a557ad4c247823650d21b2692359401b6ef7ebe6ffd7
                • Instruction ID: ddf4a8c50ce3f2dbd36db58de8bc7122594ebbf0360ef201df23c5984cd4ca1a
                • Opcode Fuzzy Hash: d68f555b791bd1c9d937a557ad4c247823650d21b2692359401b6ef7ebe6ffd7
                • Instruction Fuzzy Hash: 8731F431A007599BEB22DF69CC54BFE7BA9EF05B04F14406CE941AB382DB75D805CB58
                Function 016ACA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: BinaryName
                • API String ID: 0-215506332
                • Opcode ID: 543117808bb67bd175354428b6fc8859c8a72245585169e42f6382a56e805cff
                • Instruction ID: 125e99a3acb21a96db74a127478ea4326f2bbc34cda911620358f5980f11e402
                • Opcode Fuzzy Hash: 543117808bb67bd175354428b6fc8859c8a72245585169e42f6382a56e805cff
                • Instruction Fuzzy Hash: 7E31013690051AAFEB16DB58CC51EBFBB74EB80720F4141A9EA11AB250D7319E00DBE0
                Function 016B892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 016B895E
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                • API String ID: 0-702105204
                • Opcode ID: e9c7245aeff5e7fd61456131b10470fca003036800d442f6efe52a116e9f82fd
                • Instruction ID: 1cec6dda366518955fdb8a7d293610d297cd293a0e6cb6bccdb8b854e70388b3
                • Opcode Fuzzy Hash: e9c7245aeff5e7fd61456131b10470fca003036800d442f6efe52a116e9f82fd
                • Instruction Fuzzy Hash: D301F7B16042219FEB347E5D8CC4AE67BAEEF82664F08042CF64107251CB30A8C2C796
                Function 016D2000 Relevance: .8, Instructions: 757COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e87633012166dd20c49f17db1a58602bdb65dd0deb649b17eae3fa58472b9e4d
                • Instruction ID: a9b00f52c9f8d29e60b8c3ff3aba99a6de829a5e5f580ad792a9b5c5198962e3
                • Opcode Fuzzy Hash: e87633012166dd20c49f17db1a58602bdb65dd0deb649b17eae3fa58472b9e4d
                • Instruction Fuzzy Hash: 2142C132A083419FD725CF68CCA1A6BBBE6BF88700F49492DFA9297350D771D845CB52
                Function 016C8158 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 208887d2179c377a6cbefe293083dada3cb367fe57c61cbb8c844699ece8d869
                • Instruction ID: 8aacca73fc28cbb7f28f1997090cda9b53f4487e643c1b5cf9706a2e7746e8fd
                • Opcode Fuzzy Hash: 208887d2179c377a6cbefe293083dada3cb367fe57c61cbb8c844699ece8d869
                • Instruction Fuzzy Hash: 7A424C75A002199FEB24CF69CC41BADBBFAFF48700F15809DE949AB242D7349985CF50
                Function 01642840 Relevance: .6, Instructions: 605COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f31af416b21be86351d24673b0e44b89b9153d6832e72caad606e2c430d23878
                • Instruction ID: e6277d9e791c168f975de1daf192d9f9212b5f27c5df6e36f8f00450be156969
                • Opcode Fuzzy Hash: f31af416b21be86351d24673b0e44b89b9153d6832e72caad606e2c430d23878
                • Instruction Fuzzy Hash: 3132BC70A007568BEF25CF69CC547BEBBFAAF84704F24811DE5869B385D735A842CB90
                Function 016DA118 Relevance: .6, Instructions: 591COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 60317ab11b5ad3414b431a674b927469602e81e6b8c2dc5281745a156e9c6ec4
                • Instruction ID: ef0b24bcc3540aaf891ee9a0fa04432513cb9ed5b257405799f64bfbbb64ce05
                • Opcode Fuzzy Hash: 60317ab11b5ad3414b431a674b927469602e81e6b8c2dc5281745a156e9c6ec4
                • Instruction Fuzzy Hash: FD22D074A086A1CBEB25CFADC894772BBF1AF44300F08855AE986CF386D775D552CB60
                Function 01636A50 Relevance: .5, Instructions: 548COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b4798d611e65b48c05a401c21f1bca7a55842e8720c268d8bace652ecbc37bc6
                • Instruction ID: e96b364365fb4e0a4fc41657fd1d79cc6f4e2ec345624a78d288e3ff41cbf1f6
                • Opcode Fuzzy Hash: b4798d611e65b48c05a401c21f1bca7a55842e8720c268d8bace652ecbc37bc6
                • Instruction Fuzzy Hash: FB329F71A05205DFDB25CF68C880BAABBF5FF88310F248569E956AB391D734E942CF50
                Function 01654A35 Relevance: .4, Instructions: 423COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction ID: f7e38c9d0003ae6a67ee714691c4c30d855bbdcfb746cf644e1059370cd107e6
                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction Fuzzy Hash: 7DF15071E0021A9BDF55CF99DD80BAEBBFAAF48714F058169ED05AB340EB74D881CB50
                Function 016C892B Relevance: .4, Instructions: 386COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d7c4be990480833e5d285b3a74bb00f3c9785d1e00788b823eaad3ed9221d99a
                • Instruction ID: 56db62ff87e23f0c0b97fa7c5d024bc1033ba976de55da559ef5f714ba618a7a
                • Opcode Fuzzy Hash: d7c4be990480833e5d285b3a74bb00f3c9785d1e00788b823eaad3ed9221d99a
                • Instruction Fuzzy Hash: 23D1F271A0061A9BDB25CFACCC41AFEB7FAEF88704F18816DD955A7241D735E902CB60
                Function 016365D0 Relevance: .4, Instructions: 383COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b635203e910ecfaf9b1fa7dfa09a4691f5e841daf97ddab0235524e0d33bc81a
                • Instruction ID: 90697f6ff687c2139d382f7e094ce34bd787a81404b3e21ef4f53b92d2963016
                • Opcode Fuzzy Hash: b635203e910ecfaf9b1fa7dfa09a4691f5e841daf97ddab0235524e0d33bc81a
                • Instruction Fuzzy Hash: D5E17B715083429FC715CF28C890A6ABBE1FFC9314F15896DE99587351DB31EA06CB92
                Function 01628397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d3cac99d4c1d5dde912a2500b253ba7e82a5f35e01de861cf3f0a8fb8ace237
                • Instruction ID: 1054f6a63573bbeb78c5c10992a36a2f5157657e20a3617a0ef9137bc879c87d
                • Opcode Fuzzy Hash: 4d3cac99d4c1d5dde912a2500b253ba7e82a5f35e01de861cf3f0a8fb8ace237
                • Instruction Fuzzy Hash: 1FD1E471A00A269BDB14DF68CC90ABE77E9FF54308F05862DE916DB281E734E951CF60
                Function 016B8243 Relevance: .3, Instructions: 322COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction ID: 01c0ec2323e02016d7234276d637a3e8b1780cf2080aa29193e9d9d995a9e4a1
                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction Fuzzy Hash: 6BB17275A006059FDB24DF99CD80AEBBBBEFF84304F10845DAA0297791DB34E985CB50
                Function 01640535 Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction ID: 243604d6103d9df83428f01753523b5edfd5273f5b358f4958956973dcad8545
                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction Fuzzy Hash: 6BB1E771604656AFDF25DB68CD50BBEBBFAEF84200F144199E652DB381DB30E942CB90
                Function 016383C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b81f990c2b81478c2e95947b2f26689a981966e1e80135a8d397997b60dc81a
                • Instruction ID: 83de35d55b845eca36f8f8f2333df8086ed63da815199a7b165b1437b6d07855
                • Opcode Fuzzy Hash: 0b81f990c2b81478c2e95947b2f26689a981966e1e80135a8d397997b60dc81a
                • Instruction Fuzzy Hash: 8FC14874108381CFDB64CF19C884BAAB7E9BF88314F54496DE98987391D774E909CF92
                Function 0162C427 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c598311edacd0f8fd9899fd5893ff731b4a4bd9fdad69396455eb9047e54fa8c
                • Instruction ID: 14cfdc8949904278688e21894fb82862fa8745292c321ad1b5e771bd7da41530
                • Opcode Fuzzy Hash: c598311edacd0f8fd9899fd5893ff731b4a4bd9fdad69396455eb9047e54fa8c
                • Instruction Fuzzy Hash: 70B16270A006668BDB74DF58CC90BADB3B2AF44704F0485EAD94AA7341EB70DD86CF25
                Function 0165E5E7 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0421543fd1bde89ed7fd4463f587e5c7d4df07cac495ce89f85f7de6532f32a8
                • Instruction ID: a0156f6b6279261bfeb38cb2fe29ad518c228304c29108b5f91a61ab45aa987a
                • Opcode Fuzzy Hash: 0421543fd1bde89ed7fd4463f587e5c7d4df07cac495ce89f85f7de6532f32a8
                • Instruction Fuzzy Hash: 9EA12531E00265EFEF21DF58CC44BAEBFA9AB04754F064195EE50AB381D7789E41CB91
                Function 01670185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14c2a51ad18b57bc4e164e7a0f81c42177529f377b3ce654f6df6c032bc52e57
                • Instruction ID: 3d233140df3b3623e82e340494759ef8e466c96a7eaf89b1707bac31da7b5089
                • Opcode Fuzzy Hash: 14c2a51ad18b57bc4e164e7a0f81c42177529f377b3ce654f6df6c032bc52e57
                • Instruction Fuzzy Hash: 91A1C071B01616DBEB25CF69CD90BAAB7F1FF55318F104129EA0597385EB34E812CBA0
                Function 01704500 Relevance: .3, Instructions: 275COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2bcd48c3e0a21b24f3dd462a608f08ee247c9909873f5f24926c0321e328f8f
                • Instruction ID: 6629a8b2aeeb684b8aafff6312cccd36048de502df610bb7caf181eb840d48a4
                • Opcode Fuzzy Hash: c2bcd48c3e0a21b24f3dd462a608f08ee247c9909873f5f24926c0321e328f8f
                • Instruction Fuzzy Hash: 76A1AA72A04712EFC722DF18CD80B2ABBE9FB48704F15496DF6469B691D334E901CB95
                Function 016B60E0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c00598d79926033ed2598d2e906f17204e854a574bc13e2014af39382e22e6ac
                • Instruction ID: b036f742504b8250802d9100d758fd267db8916a18a64c0e93957f82cfb54482
                • Opcode Fuzzy Hash: c00598d79926033ed2598d2e906f17204e854a574bc13e2014af39382e22e6ac
                • Instruction Fuzzy Hash: 01919071D01216AFDB15CFA8DCC4BEEBFB5AF48710F154169EA11AB341D734E9808BA4
                Function 0164E3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d9c2061815996f6a172b5e3b6fdba882c73afb4b54a0770748fe76ac64d9862a
                • Instruction ID: aee2251b6b0d40b636239a2196f8e6236efeeb6c42600321471af8b6267eec92
                • Opcode Fuzzy Hash: d9c2061815996f6a172b5e3b6fdba882c73afb4b54a0770748fe76ac64d9862a
                • Instruction Fuzzy Hash: 47911531A00616CBEB24DB68CC44BBDBBA6FF94714F15406EED059B340E73AD942C791
                Function 01686ACC Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df8bba237719ae280ace1d1fdec8defe34c43865b008ba0ef8901c04fcb8e5dc
                • Instruction ID: 3f5d27c8f77a305cb3e62128781089fb19746a5b7480db615f0d569bc7c8a34d
                • Opcode Fuzzy Hash: df8bba237719ae280ace1d1fdec8defe34c43865b008ba0ef8901c04fcb8e5dc
                • Instruction Fuzzy Hash: 64819071A006169BDB24DFA9CD40ABEBBF9FB48700F04862EE545E7640E734E951CBA4
                Function 016FAB40 Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction ID: 3aaa01c17e12a6cd16c092039fa9cfb69ee24a290fc9affc1ad97673b075ca75
                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction Fuzzy Hash: D2817276A0020A9FDF19CF98CC90AAEBBB6FF84310F14856DDA199B385D774D902CB54
                Function 0166E284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 023f899a0513efa919d8537aef7d05cacdf3c4d0f4ab7fe220d34efc546b5c41
                • Instruction ID: 393e6c60b4562933d3485ee79b0f3fc3d89c6b14424c17fc370ea61dba14ab45
                • Opcode Fuzzy Hash: 023f899a0513efa919d8537aef7d05cacdf3c4d0f4ab7fe220d34efc546b5c41
                • Instruction Fuzzy Hash: FB814C75A00609AFDB25CFA9C880AEEBBFAFF88354F10842DE555A7250D731AC45CB60
                Function 0164C640 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 585af2ec6678874cbd310f745ab12187f34a01bbf151eda0d5d6b5d7c0c481d5
                • Instruction ID: 9a7ecb5df999cc36417e1a9d3ce92921c17b8a219aa23cbe9de987235eacf147
                • Opcode Fuzzy Hash: 585af2ec6678874cbd310f745ab12187f34a01bbf151eda0d5d6b5d7c0c481d5
                • Instruction Fuzzy Hash: 1771DE75D05269DBCB25CF58CC90BBEBBB9FF59710F14811AE942AB350D7349806CBA0
                Function 016C8D6B Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e246541d2bc19c55fd5bfa42f3f912af649817b035e44d1ca267d9a2f14737a8
                • Instruction ID: 7ddb341d2726a0ee60657f57c5297543e93905c8c85ec683a3d9cf4c4624ba0d
                • Opcode Fuzzy Hash: e246541d2bc19c55fd5bfa42f3f912af649817b035e44d1ca267d9a2f14737a8
                • Instruction Fuzzy Hash: BF71BF709042669FCB25DF5DC840AFABBF9EF49704F048099E994DB302E335EA45CBA0
                Function 016E47A0 Relevance: .2, Instructions: 202COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 075e7dd3d0b8f039ba54a439760ad2caf5f73656a16990843d7498520de941f2
                • Instruction ID: 032eaf3d5388056ce0b6351d08c65f988d390ca17f971fa9637c7dafef288f46
                • Opcode Fuzzy Hash: 075e7dd3d0b8f039ba54a439760ad2caf5f73656a16990843d7498520de941f2
                • Instruction Fuzzy Hash: D3715270902209EFDB20DF6DDD48A5ABBF5FB90720F10825EFA14E7258DB359981CB54
                Function 0164260B Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb59149cb2f05c2ab89539928bb1382513fb4f832e3ab6826a57c19057e4801c
                • Instruction ID: 68cb3f69ecc942c8aad428940e0c0da336720eab0e02d59c6a6ec8df4fca55ab
                • Opcode Fuzzy Hash: cb59149cb2f05c2ab89539928bb1382513fb4f832e3ab6826a57c19057e4801c
                • Instruction Fuzzy Hash: 9571BC316046528FD712DF28D894B2AB7E6FF84310F1485AEF8998B352DB34D846CB95
                Function 016B035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: 54e4985209843babb8135433c41013a316d675ea21fdcf2ca1f9f710dc2bae64
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: 5E716B72E0061AEFDB10DFA9CD84AEEBBB9FF48700F104569E505A7250DB34EA41CB94
                Function 016C62A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5603b70880fc98d58c60bdcc5b2718d2c6ab9d08f3bc8b5e9a0ae4a1bea3a2f9
                • Instruction ID: 6af6c9a9f6ec3e7742bcdaca6c5157ac884e5e90fa3a186aad9ee74dbade70ad
                • Opcode Fuzzy Hash: 5603b70880fc98d58c60bdcc5b2718d2c6ab9d08f3bc8b5e9a0ae4a1bea3a2f9
                • Instruction Fuzzy Hash: A271D032201A01AFE7329F18CC54F76BBA6EF44B24F14852CE256873A1D775E945CB58
                Function 01638AA0 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1b07e16c885f4f9c2f745a171e097daceb8a75306df3509fff6dc2bbed4a9d4c
                • Instruction ID: a5450876052967a865da100d6a7f0cce8e257584c4ba9562a19b04166b0fd5ad
                • Opcode Fuzzy Hash: 1b07e16c885f4f9c2f745a171e097daceb8a75306df3509fff6dc2bbed4a9d4c
                • Instruction Fuzzy Hash: 3D81C571A043469FDF29CF58D894BAD7BB9BF88320F15826DE9016B385C7349D42CB94
                Function 016EA250 Relevance: .2, Instructions: 184COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1e150885b223abdf7c25ec1a7f5927ad44d1ba59b29f764596a36c6898c7d85
                • Instruction ID: 2b9b31c31a1500f29b8994827e2e4e62140016765b27b50fb4aed48316941129
                • Opcode Fuzzy Hash: e1e150885b223abdf7c25ec1a7f5927ad44d1ba59b29f764596a36c6898c7d85
                • Instruction Fuzzy Hash: ED51AE72506612EFD722DEA8CC48A5BB7E9EB85750F014A2DFA40DB250D770ED05C7A2
                Function 016D8350 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e89e166067490f757ffc7f36cd57ced187dbce94fb6ef8e2766df5d0ef147c24
                • Instruction ID: 6e764384e419f8a881ded53ca40303793eb952952cb6f1a94a0fd00c9e1ca8b2
                • Opcode Fuzzy Hash: e89e166067490f757ffc7f36cd57ced187dbce94fb6ef8e2766df5d0ef147c24
                • Instruction Fuzzy Hash: DE51AB70D007059BD720DFAACC88AAAFBFDBF94714F10461ED296976A1C7B0A945CB90
                Function 0166E443 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 57a2136f49f8b029c18ef70eaaba32de29294d1dbf2cf15bddd22996e8e517ed
                • Instruction ID: 08e8c40c7c4bf01caa56b6bb3a8e32192497104fab782e76c098dcca4831842d
                • Opcode Fuzzy Hash: 57a2136f49f8b029c18ef70eaaba32de29294d1dbf2cf15bddd22996e8e517ed
                • Instruction Fuzzy Hash: 99514575200A15DFCB22EFA9CD80EAAB3BEFB14784F50046EE54297260E735AD41CB54
                Function 016D4180 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2641d1a9af0f01ab929fa54e3ace3594a368d6c4166794eb222a8a1dfaaa88ee
                • Instruction ID: 4f16b7e3be346d1f0a8d1171bd72b863a49f38478dd36dc65043ab5d1a873c19
                • Opcode Fuzzy Hash: 2641d1a9af0f01ab929fa54e3ace3594a368d6c4166794eb222a8a1dfaaa88ee
                • Instruction Fuzzy Hash: EE513471A083428FD754DF2EC880A6BBBE6BBC8208F45492DF589C7650EB30DD05CB96
                Function 016545B1 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction ID: 20593363d7ab5acb1f1dda14a282cba0773644562384b0c2e3ddddf82da8b34f
                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction Fuzzy Hash: 4D517171D0021A9BDF55DF94CC40BFEBBB9AF45754F1440AAEA01AB340EB34E985CBA4
                Function 016BE9E0 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction ID: ea90b33e70bac6de943110bda52ef7e69b138ce4d4c8c533018d9e2105a1fde3
                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction Fuzzy Hash: 7C51C931D0021AEFDF219F94CDD0BEEBB79AF00324F154669DA1267291D7329D81C7A4
                Function 016F8B28 Relevance: .2, Instructions: 152COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc759d4e0d3f2b9dc53646b24917d61e4b31fccb2afd8d742b29827d30e79560
                • Instruction ID: a487210be77d2d4a681f452a94d9dfb424e986a72d6142db87bb175161a2652d
                • Opcode Fuzzy Hash: fc759d4e0d3f2b9dc53646b24917d61e4b31fccb2afd8d742b29827d30e79560
                • Instruction Fuzzy Hash: 2A41D3717056159BDB29DB2DCC95B7BBB9EEF90220F04829DEB558B380DB34D802C691
                Function 016BCBF0 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 333837d8de1da3f0d3de70b697d00f7241c1999b4e2586ee92a74dc4b2d37758
                • Instruction ID: 31ab0300a6667a131b4c64098677e33db473eab895cf2fb6cdeb3e426b67a9cc
                • Opcode Fuzzy Hash: 333837d8de1da3f0d3de70b697d00f7241c1999b4e2586ee92a74dc4b2d37758
                • Instruction Fuzzy Hash: EA518176A00215DFCB30DF69CDD099EBBB6FF58354B10851AE905A7301D730AE41CB90
                Function 0166A430 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce3da3309dc42f693c7b470fbe4721cce3de8105a367d2308dea799b5d9db4d0
                • Instruction ID: 6d2c212359ee49551d46785de6155d0acf9d8000c6e4fefc3bfecd58050535bc
                • Opcode Fuzzy Hash: ce3da3309dc42f693c7b470fbe4721cce3de8105a367d2308dea799b5d9db4d0
                • Instruction Fuzzy Hash: 004129716442219BCB35EFA8DC90B2A37A9EB56318F08502DEE02AB341D771DC42CB95
                Function 016FA9D3 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction ID: 98299d844989311d981cd1a9577028bb2e54a241a97a389c687187e8d7cc7d56
                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction Fuzzy Hash: 8D41F8316047169FC725CFA8CD84A6AB7A9FF80210B04462EEE5687340EB31EC1DC7D4
                Function 016601F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c7c33c1a37896fd1e5cdd7c6da3804d572f6b860f2624d23c57c5957afa8ea5
                • Instruction ID: d5054a616adb3030ba8c508659b3d2c8390498ed509ec44ac03d9d500ec2fe5e
                • Opcode Fuzzy Hash: 5c7c33c1a37896fd1e5cdd7c6da3804d572f6b860f2624d23c57c5957afa8ea5
                • Instruction Fuzzy Hash: 7E419C3690125A9BDB15DFA8C840AEEBBB9BF48710F14816EF815F7340D7359D41CBA8
                Function 0165EBFC Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b00dc14b272b77be7e18a2e163bea62f428c2d2ff040f2ea351bb430603ac41
                • Instruction ID: f6effa56f76c739b5c558e487e93d19907c6c004e21e11c89cb2f1a06d0c4caf
                • Opcode Fuzzy Hash: 6b00dc14b272b77be7e18a2e163bea62f428c2d2ff040f2ea351bb430603ac41
                • Instruction Fuzzy Hash: 0241E5722043019FDB64DF28CC84A27BBEAFF84224F11496EE967C7711DB31E9458B54
                Function 01672750 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction ID: 5f4fc117640c359edeb5f4d2e2600be3c9ae38d81590988295fae14e033ff380
                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction Fuzzy Hash: 18515875A01215CFDB15CF98C980AAEF7B2FF84710F6881AAD915E7351D730AE82CB90
                Function 01636154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7ed5cc0c31cc50979a6464306866777d1efdebe70cf6cebea80e51a993e3726
                • Instruction ID: 31eab4af0894e53f7d84070b29d901653e51c47974811997cb9d0d81ed5b01b6
                • Opcode Fuzzy Hash: e7ed5cc0c31cc50979a6464306866777d1efdebe70cf6cebea80e51a993e3726
                • Instruction Fuzzy Hash: 0D512770900656EBDB35CB28CC14BA8BBB5FF51314F1482A9E529973C1D7749A82CF84
                Function 01630BCD Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1beaaf1b60a79aa56c01ff5d64e6479cfeaf5e461620deb99b73162f07aaf927
                • Instruction ID: bbe4653dfef2762f7502446a1cebeff40fe324055a36cd30ca1a76ad8021555a
                • Opcode Fuzzy Hash: 1beaaf1b60a79aa56c01ff5d64e6479cfeaf5e461620deb99b73162f07aaf927
                • Instruction Fuzzy Hash: F841A236A402289BDB21EF68CD40BEA77B5EF85740F0101A9E908AB341D7349E89CF95
                Function 01630D59 Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ac32936ecaa4604d1e2f29a061042ec1f18e31d60a7f8b8dc1f15af7d2a1505
                • Instruction ID: 5cf72a20cec6afe96ef05b8f092d8e9fca539cd83becca83b3bd39fb206f2e9c
                • Opcode Fuzzy Hash: 1ac32936ecaa4604d1e2f29a061042ec1f18e31d60a7f8b8dc1f15af7d2a1505
                • Instruction Fuzzy Hash: 1641E475B003189FEB31EF68CC80B6AB7AAAB95710F00459AF94597381D770ED44CBA5
                Function 016F866E Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction ID: 590a4cee57b171b171a0ca3dbadef6b0d839b95d2da7d8fc740993fa2ed937ea
                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction Fuzzy Hash: 47418476B00215ABDB15DF99CC85ABFBBBEAF88610F1440ADEA04A7341D770DD01C7A0
                Function 01630887 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a24c66e8bcba63e3e64e3b62eb77ebdb76a1257316c419978087ca77257070d1
                • Instruction ID: 3d9d98466ef18ca9fca7760cf18db6be52109e92c546c2136d5509bea4dcf5b8
                • Opcode Fuzzy Hash: a24c66e8bcba63e3e64e3b62eb77ebdb76a1257316c419978087ca77257070d1
                • Instruction Fuzzy Hash: 0141B3716007019FE725DF28CC90A22BBF9FF88314B105A6EF55687A90E730E84ACB94
                Function 0165A470 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 74ff0a1b6653b723bf721e1ed78188ffa44cdf59c00681654c976c1639fbb9df
                • Instruction ID: d31876fb1c007c02083dc7b330daa47bd2c8c90b46fbdc85d9b40515bbe450b3
                • Opcode Fuzzy Hash: 74ff0a1b6653b723bf721e1ed78188ffa44cdf59c00681654c976c1639fbb9df
                • Instruction Fuzzy Hash: 4741ED32940215CFDF61DFA8DC94FAD7BB1FB48324F184259D912AB381DB309902CBA4
                Function 01638BF0 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 89c91b93e2f17614308a515950060ffbdb832af7a5d63c2dc70400ca01e59c41
                • Instruction ID: 5ecb7262c9d1ab99bb26094a4d785bd11553c41b41379ce4794256d5ed32edbe
                • Opcode Fuzzy Hash: 89c91b93e2f17614308a515950060ffbdb832af7a5d63c2dc70400ca01e59c41
                • Instruction Fuzzy Hash: 1541E372900202DBDB35DF58CC84A9ABBBAFBD4714F19822EE9029B755C735D843CB90
                Function 01628918 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f889a93a7e5605335f56621e655ff77a62b75f9b2e410474045d0ac4089f601d
                • Instruction ID: 7e36030c4d257695b776dda45022104210200b351a7ddb40dd436c5619b21f34
                • Opcode Fuzzy Hash: f889a93a7e5605335f56621e655ff77a62b75f9b2e410474045d0ac4089f601d
                • Instruction Fuzzy Hash: 2F415E31A087169ED312EF69CC40A6BB7E9EF88B54F40092EF984D7250E730DE458B97
                Function 0162A020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: 481e1fc681bb3deac1a4bc386d47255d75403dac0c7810149d26c94796505a3e
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: D6414C31A00621DBDB21EE9C8C407BABB72EB50758F15816AE9458B781D77A9D41CF90
                Function 016309AD Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d2405bb151bbbbfdadda3b52227a77e9370bfe87a3c55e18de62e50b23bac294
                • Instruction ID: 06d9ebd85beb469f97a2cadfb8e96dafb7f0b112c091431ba8d8b8bd44155e92
                • Opcode Fuzzy Hash: d2405bb151bbbbfdadda3b52227a77e9370bfe87a3c55e18de62e50b23bac294
                • Instruction Fuzzy Hash: 3D416671A40601EFD321DF18D840B26BBE5FF98314F208A6EE8598B352E771E946CB94
                Function 01660710 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction ID: 0718b306ef737b32657d9e8d04381a825827987dfb5e3d609fcc5242cfac1be0
                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction Fuzzy Hash: E5413675A00605EFDB24CF98C990AAABBF9FF18700B20497DE556D7290D330EA44CF90
                Function 0163262C Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 56211c1f49a2018804e42464a1d6469f571cf0b94928405dcf9a38fe0259d60c
                • Instruction ID: 06a5ca4da214b79538c567dd713a4e820e6f54737eaff8c45c37a31077fe6c81
                • Opcode Fuzzy Hash: 56211c1f49a2018804e42464a1d6469f571cf0b94928405dcf9a38fe0259d60c
                • Instruction Fuzzy Hash: 1441B1B0901711DFCB22EF28CD50A65B7F2FF95310F2082AED5169B3A1DB309942CB51
                Function 0166C8F9 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 53ef3592f99a74d608c3299189820697e0ee0284b84afe4fd1da8267fc5ffb68
                • Instruction ID: 3bad821b279a815412b0f56e0e01beb0630dc7f1d605a30e30f4da6e3cd7dd5b
                • Opcode Fuzzy Hash: 53ef3592f99a74d608c3299189820697e0ee0284b84afe4fd1da8267fc5ffb68
                • Instruction Fuzzy Hash: 783188B1A01705DFDB12CF98C840799BBF5FB09724F2082AED119EB291D3369902CF94
                Function 016B05A7 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 48ea3b11ff6ff92e71d6dd2eedec8f551a98ba2f6296aa86811dea7aa67ca83d
                • Instruction ID: c98d10c79e083b00218a1a054b0a6ba76e698208c82d7fc118d0b719a241c6e8
                • Opcode Fuzzy Hash: 48ea3b11ff6ff92e71d6dd2eedec8f551a98ba2f6296aa86811dea7aa67ca83d
                • Instruction Fuzzy Hash: D241B1726046529BD320DF68CC80AABBBF9BFC8700F14461DF99597790E730E945C7AA
                Function 01634859 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e424b81f4e1bd8a36d0766b6b8ab5fdb6587adb8076fe2bbcb00cc7c71e3aa9b
                • Instruction ID: ce3d2413f3cb25166d9bd6e3b26f6c57bb085319f9675652ab8f576fd9af3527
                • Opcode Fuzzy Hash: e424b81f4e1bd8a36d0766b6b8ab5fdb6587adb8076fe2bbcb00cc7c71e3aa9b
                • Instruction Fuzzy Hash: D5419E306043028FD725DF28DC94B2ABBEAEFC0364F14446DEA558B3A1DB30D951CB91
                Function 016402E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: e018cc6bcf59aca4b196812d8e6ab3f96933fb50ec3441cd951425e0c38d7bb3
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: 23312432A04295AFDB229B6CCC40BDBBFE9EF14350F0485A9F855D7352C7749885CBA4
                Function 016DE3DB Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b750bed9377f62d6fd664ccbe15c8a5156b591bf86f065b1872e6ff3aa666cdc
                • Instruction ID: de54be96e4fa829b7232fd221febb8175529cd16af552a36054451802b947fb1
                • Opcode Fuzzy Hash: b750bed9377f62d6fd664ccbe15c8a5156b591bf86f065b1872e6ff3aa666cdc
                • Instruction Fuzzy Hash: 0A31A631B41716ABD722AF658C41FAF7AA9AB58B50F00006CFA04AF391DAA5DC01C7E4
                Function 016E4B4B Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d043a47306d9a3e1ba8094ddd22b9fce70758b7a42aa1233da627f22800c97aa
                • Instruction ID: dbbd7017235433e2083aeb2472188b44ba46d29c4f8bada2e85586e04dd84988
                • Opcode Fuzzy Hash: d043a47306d9a3e1ba8094ddd22b9fce70758b7a42aa1233da627f22800c97aa
                • Instruction Fuzzy Hash: 4831C1326062018FC731DF29DC84E26B7E6FB84760F19856EF995CB351DB30A891CB95
                Function 01634260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3e1aeee7580a9579e2fa02be48ff14538aac66c83b26e79b05dd940306de8b4c
                • Instruction ID: 147976026a0efec361ca359ac30cc126b517852157680ecab92a319e409508aa
                • Opcode Fuzzy Hash: 3e1aeee7580a9579e2fa02be48ff14538aac66c83b26e79b05dd940306de8b4c
                • Instruction Fuzzy Hash: 96419E31200B45DFDB26CF29CC81B96BBE9AB49714F00846DFA9A8B350CB74E805CB54
                Function 016E4BB0 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c50a48ec822f21704dab495d4f267992cf59f9d94a2208d532693fbd1b4e52c0
                • Instruction ID: b6223e60090b73b7f8c47aac96dd307a8b5d944f117c2d56465784778283dbfe
                • Opcode Fuzzy Hash: c50a48ec822f21704dab495d4f267992cf59f9d94a2208d532693fbd1b4e52c0
                • Instruction Fuzzy Hash: 8A31CD312062019FD720DF28CC84A2AB7E5FB84B20F05866DF959CB390EB30EC55CB91
                Function 016AEB1D Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c35bad115ec1c5d1844a3fd56e7a1be037eaf067d58f9f58fb0e4065f3ef2ac1
                • Instruction ID: 0d1f1ed5264c91432741dad4f881580f4445ba9d5bd48550ab145cc5d91b3b7b
                • Opcode Fuzzy Hash: c35bad115ec1c5d1844a3fd56e7a1be037eaf067d58f9f58fb0e4065f3ef2ac1
                • Instruction Fuzzy Hash: 9D31E1322416929BF322579CCE5CB657BD9BF40B40F5D00A4AB868B7D2DB29DC41CA34
                Function 016F61C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 277f14e92da600c47bcadf760886dfa54b562988fb09d90048fcbe5c17729e01
                • Instruction ID: 378b1b622f9d808fb0fbb6e8fe5c89e14fcb5e98c1cb54cbf04ae4dbd6722aec
                • Opcode Fuzzy Hash: 277f14e92da600c47bcadf760886dfa54b562988fb09d90048fcbe5c17729e01
                • Instruction Fuzzy Hash: 4831C47AA00116EBDB15DFA8CC40BAEB7B6FB44740F45816DEA00AB245D770ED01CBA4
                Function 016D483A Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dd55a2c3b4420839ff509d81082afd0d782570bbf763df8f0ed946ea1d00a64d
                • Instruction ID: 383318fec59f6808223a412297a4a65bd3073459d13269465351c0395437d36f
                • Opcode Fuzzy Hash: dd55a2c3b4420839ff509d81082afd0d782570bbf763df8f0ed946ea1d00a64d
                • Instruction Fuzzy Hash: 41313276E4012DABCB21DF55DC84BDEBBBAAB98350F1401A5E508A7250DB30DE91CF94
                Function 0165EB20 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 091eb1bdaa397f0d0b272b6103b60d05695744abb130a2837b3d2ed0514573d4
                • Instruction ID: e4ddda539635c3eca2f23a9dc5bd53c1b2e4330845f74d7227e3f20034e9984f
                • Opcode Fuzzy Hash: 091eb1bdaa397f0d0b272b6103b60d05695744abb130a2837b3d2ed0514573d4
                • Instruction Fuzzy Hash: 2331C172E00219AFDF71DFA9CD40AAEFBB9EF44350F01446AE916E7250D3719B008BA4
                Function 016F60B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9d78f3f32b0359766b29bacd3ee60678859e6453567d1f84d5b9df72c03c010
                • Instruction ID: 5f99e438a776918fc31fb090f13190e2a21fa65a3f667e3da87ff887a3f80198
                • Opcode Fuzzy Hash: e9d78f3f32b0359766b29bacd3ee60678859e6453567d1f84d5b9df72c03c010
                • Instruction Fuzzy Hash: DD31E571B00616AFDB22DFADCC50B6ABBBAAF44354F10406DE606DB342DB30DC018B90
                Function 016307AF Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e6e39a2940cf7ba911916209e41eec9b116e1b9280f28deb78211b373fe1bd7a
                • Instruction ID: ef3f878d1277655697380dc6f4b0f929a32a30903cfaba2724717bfde90d73e7
                • Opcode Fuzzy Hash: e6e39a2940cf7ba911916209e41eec9b116e1b9280f28deb78211b373fe1bd7a
                • Instruction Fuzzy Hash: F831D776A04752DBCB12DE288C80E6BBBA6AFD4660F02452DFD5697310DB30DC0A87E5
                Function 01638550 Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 12bdf89bcdb422d3f5aa08f3fbb4b42eab4cce83f364ce6f5ddf86ba67024a1c
                • Instruction ID: 0f270ab8f237eb40e13f72ab75834eb82720cb03a76c79d5ec099c1651dfdd78
                • Opcode Fuzzy Hash: 12bdf89bcdb422d3f5aa08f3fbb4b42eab4cce83f364ce6f5ddf86ba67024a1c
                • Instruction Fuzzy Hash: 843178B16093029FE761CF19CC40B6ABBE9EB88710F044A6DF98997391D775E844CBA1
                Function 0166A6C7 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction ID: 48cb99e5fd67f50fa6e0f62cf9d82ce56b4aae9a70a89201e4372d17932a5ee8
                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction Fuzzy Hash: 0C312CB6B00701AFD761CFA9DD40B67BBFCAB08A50F08452DA59AD3751E734E900CB64
                Function 016DEBD0 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5aa3cc7797fd3bc7514181cf65e1f2605b86db5ac5e16654090708498fd17071
                • Instruction ID: da64a5358983c21ce61e4a46db5d47eb281cb8df0734c759a989ce1a95feb58c
                • Opcode Fuzzy Hash: 5aa3cc7797fd3bc7514181cf65e1f2605b86db5ac5e16654090708498fd17071
                • Instruction Fuzzy Hash: F731CCB1A09311CFCB21DF19C94091ABBF2FF89214F0449AEF8989B311D332D945CB92
                Function 0165438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1b353241e2e139b378ad69d18ef3e92791ef27f396abba8e47dd7c6f3e50457
                • Instruction ID: b2a4ff673f0f15ab5ab4abd8f6fa828c62890332b3f63a5d83d08613aa21e4bd
                • Opcode Fuzzy Hash: c1b353241e2e139b378ad69d18ef3e92791ef27f396abba8e47dd7c6f3e50457
                • Instruction Fuzzy Hash: 6631D671B412059FDB60EFA8CD80A6F7BFAEB84304F0085AAD945D7254EB30E985CB90
                Function 0162CB7E Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction ID: 9542c9f1583515696329bc7b61d3a8e9a4d27dfba97b898555c31b1848df1d9d
                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction Fuzzy Hash: D4210B35E406666BDB109BB98C00BAFBB75AF14740F058176DE15F7340E370D9018B94
                Function 0162C156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ddc130720b8e615278550f1a345bdee88f70fc3e3b6d30944e01bc040e04489
                • Instruction ID: 036eebc1e50a74f70dea668576a382e9f87e013dcf5ddf33541826c98d785821
                • Opcode Fuzzy Hash: 5ddc130720b8e615278550f1a345bdee88f70fc3e3b6d30944e01bc040e04489
                • Instruction Fuzzy Hash: 663127715002118BDB35BF68CC41BB97BB5AF50318F5482ADED469B3C2DB349982CBA4
                Function 016EC3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: b43e4e893a3337b8bbdf80c0137c610f18f386800866551ee61ae3518ad3e775
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: C9217B36602656EACB25ABA48C04ABEBBF6EF40700F00811EFEA587691E734DD40C364
                Function 0162E420 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e2fad0e091974fe10aa536a69a21e8bc8f29726f5f23637a326ac0947bc2da0
                • Instruction ID: 68b5f8a1c387cb95b4f6deb2243dae54948c93d61af2a500787564bb6eb82d54
                • Opcode Fuzzy Hash: 8e2fad0e091974fe10aa536a69a21e8bc8f29726f5f23637a326ac0947bc2da0
                • Instruction Fuzzy Hash: 6B31A032A0193C9BDB31DE18CC41BEAB7BAAB15750F0101A5E645AB290D775AE818FA4
                Function 01664588 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction ID: aa602a322b71d46a2869435ccdd22aa729b30548907873262dce1b3752b35928
                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction Fuzzy Hash: 73217131A00619EBCB15CF58C980A8EBBB9FF48714F108069EE15DB242DA71EE05CB90
                Function 016644B0 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e45b81bbf576514e78f2bbfa568c955d0b00e2cc77c1f2f66526725484aab1c
                • Instruction ID: 43a17058556f304675ea5c21f51d0663ea2d848beaf3a28dec6375f0d177a2ec
                • Opcode Fuzzy Hash: 0e45b81bbf576514e78f2bbfa568c955d0b00e2cc77c1f2f66526725484aab1c
                • Instruction Fuzzy Hash: E2218F726087559BCB22DF58CC80B6B77E9FB89760F018519FD549B741DB30E901CBA2
                Function 0162E388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: 94c4c321dc4a6704487ddd804afbff1027075635351e32811b487897f2acd601
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: 2F318931600A14EFDB21DBA8C984F6AB7FAEF45354F1045A9E5528B390E730EE02CB50
                Function 016AE609 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2506372bc49761daa9597eefd4b762bc1e733926cb3a361dadc021b445a84526
                • Instruction ID: 0cb0a74548ac852b076dea8716f87548451e2726cb4a937c61749eb7ab8d2921
                • Opcode Fuzzy Hash: 2506372bc49761daa9597eefd4b762bc1e733926cb3a361dadc021b445a84526
                • Instruction Fuzzy Hash: 2A316975A00215DFCB14CF18C8849AEB7B6EF88314B55885AF8099B391E732EE41CF94
                Function 01638D59 Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                • Instruction ID: 6f3559c38346c976d68a7710babf6faef307e1eebacec26074b8b6c92920c3e4
                • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                • Instruction Fuzzy Hash: 75212B32602641ABEF26D72CCD28BA577FDAF50F50F0901A8ED42877D2E364DC41C250
                Function 016B06F1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8ef8b4eeaab02a8904f5a3f8314582adf58bcab2b574f6cf038ac35f9e1ab06
                • Instruction ID: b9427e712bec7f2a16d1bc846308585d0b98de3a01bde0c36e68d55ec931418c
                • Opcode Fuzzy Hash: b8ef8b4eeaab02a8904f5a3f8314582adf58bcab2b574f6cf038ac35f9e1ab06
                • Instruction Fuzzy Hash: 4F2180719005299BCF21DF59CC81ABEBBF5FF48740B544069F941A7240D738AD42CBA5
                Function 016B019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a13effbad297f952a78c8618f1587f769e30d57fb92b5f5ffc3d060b6f16892
                • Instruction ID: b72450bdd16fb5c11515b90523321ddfa7104bed2302108e01dbf6f95ed8f69d
                • Opcode Fuzzy Hash: 8a13effbad297f952a78c8618f1587f769e30d57fb92b5f5ffc3d060b6f16892
                • Instruction Fuzzy Hash: B9218972600655ABD725DBACCD80BAABBB8FF48740F144069F944DB7A1D734ED40CBA8
                Function 016B0283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 152c14e4d1819ee26b592c338cee5ed1a73e7c70a20558139a40aba51897ee28
                • Instruction ID: d184dc975f28cfaaf8f22aad6612e67a3fcdf731cc28acf30e4dfab9029ca388
                • Opcode Fuzzy Hash: 152c14e4d1819ee26b592c338cee5ed1a73e7c70a20558139a40aba51897ee28
                • Instruction Fuzzy Hash: 6221A1725052469BD711EF69CD88BABBFECAF90240F08445ABE8087351D734D989C7A5
                Function 01652835 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ab87df216a4bfca747ad45058e265ae08da937036c17872e5a384517e10aec7
                • Instruction ID: 9e27b2f8c4385af692e88fa3fb7db62940f1921400a8aa6cb5d09658373bceae
                • Opcode Fuzzy Hash: 1ab87df216a4bfca747ad45058e265ae08da937036c17872e5a384517e10aec7
                • Instruction Fuzzy Hash: 8E213B33705681DBE72257AC8D14B643BD9AF41774F2A0368FE609B7E2D768C8068254
                Function 0166A30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 101773b33276575593aa1ec595051d089fd9f45e2ae8f40688b4b2332676fdfb
                • Instruction ID: c6b7562d839782c4f32b4821d70eac02ef55c0879b3eeea594f54082d4ff67ae
                • Opcode Fuzzy Hash: 101773b33276575593aa1ec595051d089fd9f45e2ae8f40688b4b2332676fdfb
                • Instruction Fuzzy Hash: 07219875240A119BC725DF69CC00B46B7E6AF18B04F2484ACE54ADBB62E371E842CF98
                Function 016EA49A Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 56e73fbea499b5c8f244fc829c767f5d5e3158a282ec50178ce346c2afcec961
                • Instruction ID: f870179a4b64a2f91b899a669b5fabf4616e59f5bcdfac7499d24bd9d419d782
                • Opcode Fuzzy Hash: 56e73fbea499b5c8f244fc829c767f5d5e3158a282ec50178ce346c2afcec961
                • Instruction Fuzzy Hash: 0C110672381B11BFE32256999C09F2776DADBD4B60F210628B749CB284EB60DC018799
                Function 016B0946 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 25f1fccfaef2bf47d06a12b62da0b65640824601ee4582ca953658b173cc6d2f
                • Instruction ID: b4cdd4095ca73dee619fb75555a70b935345c038515609d4d4969a388af5f33f
                • Opcode Fuzzy Hash: 25f1fccfaef2bf47d06a12b62da0b65640824601ee4582ca953658b173cc6d2f
                • Instruction Fuzzy Hash: 6B2105B1E00219ABDB20DFAAD8809AEFBF9FF98610F10012FE405A7240DB749981CF54
                Function 016C80A8 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction ID: 51817f1cee2c74f6d78fead8baa8b9627da07bbbcf5c7bd70adabb8ee88e2b28
                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction Fuzzy Hash: 16216A72A0020AAFDB229F98CC40BAEBBFAEF88711F204459F901A7251D734D9518B54
                Function 01660124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: 4f488279799ea1649c558d5a27e46185606ea60acfae60199876be3a3b03e021
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: E911DD72601605EFE7229E88CC40FAABBBDEB80755F100039FA008B280D675ED44CB64
                Function 01638770 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 074a2f373052bd28d42953459d3f35606a22c1eb61ef79b8490feb953ae50bc3
                • Instruction ID: 929185b5a5214265b090e54c99a316086769ec256d53585cd053c82beb80e9a1
                • Opcode Fuzzy Hash: 074a2f373052bd28d42953459d3f35606a22c1eb61ef79b8490feb953ae50bc3
                • Instruction Fuzzy Hash: 071193717016119B9B12CF5DC8809AABBFAAF86750B15416DFE089F305D7B1E9028790
                Function 0166AAEE Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction ID: 5d5031924e36fd95520072804ab86578d2c6a575894164ae33085252d9302593
                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction Fuzzy Hash: 7B215B72640641DFD7359F89C940A66FBEAEB94B50F15887DE94AAB710C770EC01CF90
                Function 016380E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 30a5a8803b87af765037128274a6abcbbbf3d83490e4b8d9814d25132cd37d48
                • Instruction ID: c1e31c09853077f7316311d8cee4d69b03888fa8abeb3570d95462435089ef16
                • Opcode Fuzzy Hash: 30a5a8803b87af765037128274a6abcbbbf3d83490e4b8d9814d25132cd37d48
                • Instruction Fuzzy Hash: BC218175A00206DFCB14CF98C981AAEBBF9FB88319F24426DE505A7311C771AD06CBD0
                Function 0166674D Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8d8c88de4d3cb34a3a69eee746250203b1df9d1ab53c4c37526dce3f6b8a337
                • Instruction ID: 2b91a82fb9743651f8f266c37774f3671b41e3d049969129338f06e522514254
                • Opcode Fuzzy Hash: f8d8c88de4d3cb34a3a69eee746250203b1df9d1ab53c4c37526dce3f6b8a337
                • Instruction Fuzzy Hash: FA216771600A01EFD7209F69DC80B66BBE9FB84250F44882DE5AAC7250EB74AC41CBA4
                Function 016C6870 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 57399dba185f325282181be5ea4b9b96c83b90511eb7388526908bd6259b80d1
                • Instruction ID: 49a45f7a44edf1c184d1a497e77d10d0c6260933c44e3d5ee7eeec318b9c5bcb
                • Opcode Fuzzy Hash: 57399dba185f325282181be5ea4b9b96c83b90511eb7388526908bd6259b80d1
                • Instruction Fuzzy Hash: 2111C132240555EBC722DB99CD40FEA77A8EF99A60F01402DF2019B351DA70E801C7A8
                Function 0165E8C0 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 637d546836f10b2b7d4066f718c9e9e0c16ce1e2fcf30377acf5160ae6319caa
                • Instruction ID: f4885a0644a373eea040e606384f475deb7a5c2c30afcf67a8274bcefd8deeef
                • Opcode Fuzzy Hash: 637d546836f10b2b7d4066f718c9e9e0c16ce1e2fcf30377acf5160ae6319caa
                • Instruction Fuzzy Hash: FB11E5723041249BCF19DB29DC85A6BB66BEBD5270B258539E922CB390EA319902C294
                Function 016666B0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc1c17d8555016e4fdecaf78e74788a47dd484d201c0e6bb25b220c7eed390e4
                • Instruction ID: a678ddc658e08548fc524edd39da179f6bf487b2811c00cbf2a87bc1a5717f4e
                • Opcode Fuzzy Hash: fc1c17d8555016e4fdecaf78e74788a47dd484d201c0e6bb25b220c7eed390e4
                • Instruction Fuzzy Hash: F111BC76A01255ABCB25CF59E980A6ABFE9AF94610F05807EE9059B310E738DD01CBA4
                Function 016FA8E4 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction ID: bc846267421eb8d509a83fb07fb5529a08a0fb88f807b15ba8c6e9348c3d8f22
                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction Fuzzy Hash: 59110436A10915AFDB19CB58CC05B9DBBF6EF84310F05826DED4597340E631AD01CB80
                Function 01630AD0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction ID: 43d25536bd5a7f4777a356931dc2efb05d10ce0b2dd708afe3e7eb0a45121f52
                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction Fuzzy Hash: F62106B5A00B059FD3A0CF29C840B52BBF4FB48B20F10492EE98AC7B40E371E814CB94
                Function 016BE7E1 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction ID: 18fef9d08f4eff0fe8e0ae11416fb14c438a4026b7aa9602b9b1e6a254adda76
                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction Fuzzy Hash: AA11A331600A01EFE7219F49CC80BD67BE6EF45754F06842CEA0A9B260D772DC80DB94
                Function 016527ED Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a9991dd4d120f9c94cc2da0e2a85d30221666da1df081e248ff8e0fd148e64c7
                • Instruction ID: 91861bdc0ca87057b079e616d457609d88283eb3c81850fbdc1c4591934c1556
                • Opcode Fuzzy Hash: a9991dd4d120f9c94cc2da0e2a85d30221666da1df081e248ff8e0fd148e64c7
                • Instruction Fuzzy Hash: D9012272605685EBE726A2AEDC94F676BDDEF80394F0A0069FD008B341DA24DC05C2B1
                Function 01634690 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e3253fbb80f06240819329d8253be5e2b148922f32de11ea32d2a11bbe0144aa
                • Instruction ID: d3e37417633529d9e1fba60835298b41da2782988d542e58aef69cea9a9e2b8a
                • Opcode Fuzzy Hash: e3253fbb80f06240819329d8253be5e2b148922f32de11ea32d2a11bbe0144aa
                • Instruction Fuzzy Hash: B811AC36200645AFDB26CF59DC44B66BBB9EBC6B64F00411AF9058B390CB71E800CF60
                Function 01666620 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c47bb1424b6dd9d41e4d8ce901e12c96adc73505d73ab938ad05ce3d6c00064
                • Instruction ID: 2ef25f9be536264ccab282258008ac4542fffa311c81a0bf21fbbbfc384278e3
                • Opcode Fuzzy Hash: 2c47bb1424b6dd9d41e4d8ce901e12c96adc73505d73ab938ad05ce3d6c00064
                • Instruction Fuzzy Hash: 93118272A00626ABDB21EF59ED80B5EFBBDEF84750F500459EA05A7301D730AD018B95
                Function 0165EA2E Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de8ea35c504db8a52c0ad564c9312ec35bd5131d1e5ce377d8ec6deed8e6b67d
                • Instruction ID: df2bc428613ef98dca2c87ca1dd57b724207d8161992a401ff5b3579b0e25886
                • Opcode Fuzzy Hash: de8ea35c504db8a52c0ad564c9312ec35bd5131d1e5ce377d8ec6deed8e6b67d
                • Instruction Fuzzy Hash: AF01DE7150410A9FCB25DF28D844F66FBFAEB81324F20816EE8048B261D770AD82CB94
                Function 0165E53E Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction ID: 188635687b041d2a8cba922185c1e6819291399d83354d04c00f2bfe3ebf9abd
                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction Fuzzy Hash: 1B11A5726056C2DBEF23972CCD54B657F98AB41758F1A00E1EE41C7752F72AC942C250
                Function 016BE75D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction ID: cb87a17e814cc91027999952847bc678f89fdf1783168f07a3b63772640f1a36
                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction Fuzzy Hash: 8B01D236700105AFE7219F58CC80FFA7BAAEB81750F058038EA059B360E776DD80CB90
                Function 0162A250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: 9ddced24e6f86fcc2da6240f7603bfa723c7a482c6fe4d71195662f96a1e24d6
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: 3801D671506B329BCB318F99DC40A367BAAEF56760705CA2DFD958BA81D731D801CF60
                Function 016AE1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ad4c83f47c90c6ae0bb52f6c2808478cfd5fa962c0f0ec4b53957f60e7d7044
                • Instruction ID: c7eeef35e4c76bbea8194c627b457ba271d2bb2bcd833228fd1a5677facbb3e1
                • Opcode Fuzzy Hash: 1ad4c83f47c90c6ae0bb52f6c2808478cfd5fa962c0f0ec4b53957f60e7d7044
                • Instruction Fuzzy Hash: D8118E31241241EFDB15EF19CD90F16BBB9FF54B54F100069E9059B661C235ED01CA94
                Function 01636259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0733e71ad4e5d64f2fbd4435aa1b3c8afcc86e4e77702d814f0c8a5b38475b38
                • Instruction ID: 3fed49810e4c55818894e1af112c41bd2c3e81111051c40e6ee8b3b739772884
                • Opcode Fuzzy Hash: 0733e71ad4e5d64f2fbd4435aa1b3c8afcc86e4e77702d814f0c8a5b38475b38
                • Instruction Fuzzy Hash: 3B115A71541229ABDB35AB68CC52FE9B279FF48714F508198A318A61E0DB709E81CF88
                Function 016B6050 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 800f5d73551ab3761e2281e7d0b90c5e9c527a477efa02d3c3d3146dea59437c
                • Instruction ID: 6ff714c420f5df8b6e0851bd2fa03af5dd679b849c755acaa48765ab0a4f989a
                • Opcode Fuzzy Hash: 800f5d73551ab3761e2281e7d0b90c5e9c527a477efa02d3c3d3146dea59437c
                • Instruction Fuzzy Hash: 5C112973900019ABCB21DB95CD84DEFBB7DEF48254F044166E906E7211EA34EA55CBE0
                Function 0163208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: 34937c12d9f4d324f938e62518f45efb066306d83da1f970e226feeab1d11146
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: 470124326002108BEF12AA2DDC90B96B76BBFC4700F1941ADED018F346EB71DC81C3A0
                Function 016C6500 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a51d56c8740cd99477331008fd04497b06bca20dd9587adde978993eb817a99a
                • Instruction ID: 5db2ea2d9f8f5d9f3aea22511771eb38607e4b99f0d9a2e531e5eb3b1e765c61
                • Opcode Fuzzy Hash: a51d56c8740cd99477331008fd04497b06bca20dd9587adde978993eb817a99a
                • Instruction Fuzzy Hash: 4811A1326441469FD711CF58D840BB6BBB9FB6A714F58C159E849CB316D732EC81CBA0
                Function 016BC810 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 19bc32b80da2d0f9c7bfb9242ff0b1d956a5b583ae0103793f6eadc1690c37fa
                • Instruction ID: a5197667d2d876dfa094bb6619f924218e461fb852546ee323afd142c785aeb6
                • Opcode Fuzzy Hash: 19bc32b80da2d0f9c7bfb9242ff0b1d956a5b583ae0103793f6eadc1690c37fa
                • Instruction Fuzzy Hash: CB11ECB1A002199BCB04DFA9D985A9EBBF5FF58250F10406AE905E7351D674EA01CBA4
                Function 016DEA60 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: faa4e8e8b28209610a2d9544d6b6a6473768d48ceb0286c0ebafa9542c97609d
                • Instruction ID: 36263f668186f7d24b44d2ba712a327e32ba778859d2a8081defabbc34c9b0d6
                • Opcode Fuzzy Hash: faa4e8e8b28209610a2d9544d6b6a6473768d48ceb0286c0ebafa9542c97609d
                • Instruction Fuzzy Hash: 4001B1359402229BCB36AB198C50936BBAAFF91660B58442EF9555F311CB229C42CBD2
                Function 0162C020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: fd495dae0d7af3a068794ac7067060f8af7749703b788eb712c40ac0031828c3
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: FF012D32100B059FDB22A669CC00EA777EDFFC5254F04451EE54687680DF75E402CB71
                Function 016720F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5c30f3eeb0659be1c32e1208d03968d18726aaa82d08d8466222f653ef019e1
                • Instruction ID: 748f3a06f7667c7690ba2b06e94b7584e3882f99de529067aed5ecfe8f9d2073
                • Opcode Fuzzy Hash: d5c30f3eeb0659be1c32e1208d03968d18726aaa82d08d8466222f653ef019e1
                • Instruction Fuzzy Hash: D5116935A0020DEBDB15EFA8DC50BAE7BBAFB44244F00405DEA019B390DA35AE12CB90
                Function 0166E5CF Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b4c73a83da17522d6203832f9e6b1635d24e7714a0ffc2d2ee412667d8324c2
                • Instruction ID: b0925d2d57323d06a758b31de30311bd2d267e8636437a3b20a65ccd1fc98f1f
                • Opcode Fuzzy Hash: 2b4c73a83da17522d6203832f9e6b1635d24e7714a0ffc2d2ee412667d8324c2
                • Instruction Fuzzy Hash: 3101F2B1201A12BFC311BB39CD80E13BBADFF947A4B00062EB60583650DB24EC11CAE8
                Function 016C69C0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 598fe68b899754ddee0dfc34671286634016a0f989bd6bde0f7bf86a41a3ea2d
                • Instruction ID: 230bbb560c0ee58dbbc0937e5dfd56843d99276f92c73fe3f0127e8292f19827
                • Opcode Fuzzy Hash: 598fe68b899754ddee0dfc34671286634016a0f989bd6bde0f7bf86a41a3ea2d
                • Instruction Fuzzy Hash: D201D832214212DBD320DFBECC489B6BBA8EF54A60F11412DED5987380E7309902C7D5
                Function 016BC460 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c9c203c210537c5495b376b46c8db0c521841dc24cf0ecb97a4871ee5707fb5e
                • Instruction ID: 947ae2ab407eb64a709afe4737f15ef327a0fd773585d2acfcca290682ab620d
                • Opcode Fuzzy Hash: c9c203c210537c5495b376b46c8db0c521841dc24cf0ecb97a4871ee5707fb5e
                • Instruction Fuzzy Hash: 73115B71A01209EBDB15EF68CC84EEE7BB6EB48250F004059F90197340DA38EE51CB90
                Function 016BC97C Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 93336880acb66887d09a0ff5352564a8dbf5b1b8476f4aad78a497d7d63c43f9
                • Instruction ID: dcdd1ec18e643f17735cf1f3ab2bb36b329e138d0eb92f74069924ead2126cf7
                • Opcode Fuzzy Hash: 93336880acb66887d09a0ff5352564a8dbf5b1b8476f4aad78a497d7d63c43f9
                • Instruction Fuzzy Hash: 4D115BB16183099FC710DF69D841A9BBBE4FF99710F00851EF998D7391E630E901CB96
                Function 016BCA11 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c05c76e4287a1f30473afde106c9f7cbb88dd779c564aff196374cbe7d151392
                • Instruction ID: 2ddb6e16465dec94b30a6e06b5fafb171029091029066158e4513f77befad011
                • Opcode Fuzzy Hash: c05c76e4287a1f30473afde106c9f7cbb88dd779c564aff196374cbe7d151392
                • Instruction Fuzzy Hash: 601179B16083089FC710DF69C881A8BBBE4FF99350F00851EF998D73A4E630E901CB96
                Function 01704A80 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction ID: 087e1242f1fd2b7f3317778864120bea37a26c5e25de02280780b755ef17cf89
                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction Fuzzy Hash: C501B572200701DFDB229A99D844E96F7EAFBC5210F044419EB438B690DA70F980C754
                Function 0164E016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: a2303801f47f0d1df4153d0890cdae8909739a34f8f8c6d616664d1ab3ebf9d0
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: B5017832200A809FE322961DCE48F767BE8FF95B54F0904A6F915CBBA2D72DDC41C625
                Function 0162826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41ea4a740217b51c547b59552a33248ddba19664b98048b6c1db856df0d0cfa8
                • Instruction ID: 5e9d2135b5ed862f3c256072b37c7531cf9d9f73445209db44826a240e06436a
                • Opcode Fuzzy Hash: 41ea4a740217b51c547b59552a33248ddba19664b98048b6c1db856df0d0cfa8
                • Instruction Fuzzy Hash: B401D431602915EBD714EF69EC50AAB77EDEF42220B158029D902A7781EE20DD02CBD1
                Function 016DEB50 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 4b97461702a348313f4d07e7ca425a0beb5db4ddb2758419f27a38f296a3ea74
                • Instruction ID: 2fee7c5e5728f410a456b256700783b8c8b8aafc736107cda4637dd5f1962978
                • Opcode Fuzzy Hash: 4b97461702a348313f4d07e7ca425a0beb5db4ddb2758419f27a38f296a3ea74
                • Instruction Fuzzy Hash: 6301F271780711AFD3315F19DD40F12BAA9EF58B60F11482EF6168F390C7B1A8428B98
                Function 01632582 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c592303cb42d160d1acb9515aaa3495bac375f4051dabb84fcebc6432874d724
                • Instruction ID: 445c67c92942b9b661f2fbdc4167ae16611712dad184a6134effcb9d32d273f2
                • Opcode Fuzzy Hash: c592303cb42d160d1acb9515aaa3495bac375f4051dabb84fcebc6432874d724
                • Instruction Fuzzy Hash: A3F0A433A41B21B7C7319B5A8D54F57BAAAEFD4BA0F15402DA60697740DA30ED01CAA0
                Function 0165C073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: b3b933114c3a4f9073a4bc74c298c8e5941628704c7221efefd39d89eecc978a
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: 6AF0AFB2600611ABD324DF4D9C40E57FBEEDBD1A90F048128A905C7320EA31DD04CB90
                Function 0162C310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: 08aae3c20bc0dd75997ca35eb58eb95274b633a00e8fec4b48b120344ef1e149
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: 64F0FC33244E339BD7321A5D4C40B6FA5968FD5AA4F190439E2099B300CA658D029ED5
                Function 0166CA6F Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction ID: eb96b69271560c481218f514dedcdbbc0f77519ae7c163e2b29ab59fd627248b
                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction Fuzzy Hash: 4401F432201A85ABE322971DCD05F99BF9DEF41750F0840A9FE848B7A1D779CC01C614
                Function 017061E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5a9b7a0258e6df753bb272a3cdb38e8efd8bc1472bc1d53b502dfc99db713785
                • Instruction ID: a345f87a1ef1bdb504d8dea1bdb732a22a9d70009a3a2ba9d0267dce989c53eb
                • Opcode Fuzzy Hash: 5a9b7a0258e6df753bb272a3cdb38e8efd8bc1472bc1d53b502dfc99db713785
                • Instruction Fuzzy Hash: 33018F71A00259DBDB00DFA9D855AEEBBF8FF58310F14405AF500A7380D774EA01CB99
                Function 016B63C0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction ID: e0a93eaaeb54f25089a909761ab938f828d601792a4815c41f9e70ddd21713f7
                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction Fuzzy Hash: 67F01D7220001EBFEF019F95DD80DEF7B7EEB59298B104129FA1192160D635DD21EBA0
                Function 016BA4B0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 19a5bf72bfe6e7c699f13a53f7e22e01d695cedc79824d33bbd568802fbbda89
                • Instruction ID: 4649defbc72ebaee64ec675ee86af29ad6da49fa41c995cfad8320c7133877f2
                • Opcode Fuzzy Hash: 19a5bf72bfe6e7c699f13a53f7e22e01d695cedc79824d33bbd568802fbbda89
                • Instruction Fuzzy Hash: DB014536111259ABCF229E84DC80EDA7F66FB4C764F068115FE1966220C736DAB1EB81
                Function 0162C0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a7dbb5d62576dbce6271e542629b6446e7021ffe1e65a380b49a24d9db6802be
                • Instruction ID: 4124ebe2971d028b6166eb406fd42399f4f0a2cdb7a6b13f3f093579100ca8cd
                • Opcode Fuzzy Hash: a7dbb5d62576dbce6271e542629b6446e7021ffe1e65a380b49a24d9db6802be
                • Instruction Fuzzy Hash: C4F024712046615BF3169A1D9C1ABA73296EBD0652F35802AEB058B3C1EE71EC018BA4
                Function 0166656A Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f24603ea53c09455784002a56959a57c3f0e44e3dd6eafd108e8340ca16f031b
                • Instruction ID: 54dfbab10f3f17177874f3537cd4445fa221e5249c8959bc23f6f9ed73dbb645
                • Opcode Fuzzy Hash: f24603ea53c09455784002a56959a57c3f0e44e3dd6eafd108e8340ca16f031b
                • Instruction Fuzzy Hash: 7601C8712006C19FF3329B2DDD49F653BADBB40B04F884198FA01CBBE6DB68D842C614
                Function 016D437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: 5f4024a2094226eb6e126871c50eb061bbd64b95535a543508f4db4e6fd4be07
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: 60F08935B41A2347EB75AA6F9C10B2AA6969F90A50B07052C9555CBF40DF70DC018790
                Function 016BE872 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction ID: 017837e27cedaa329cb017e682a5c9cc95e97ac0ca56deaf5bb47550345a18c5
                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction Fuzzy Hash: AAF089337519219BD3319A4DDCC0FD6B769EFD5A60F1B0169A6049B360C762EC82C7D4
                Function 016BC89D Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b0ea48b946e02b26aeaae4d0d8d74bc05180eb0aaa8ddb8b62d7a3448d6663b
                • Instruction ID: b193a914b067366fedae60c80a46f69597825b53a50160b5e497aee683433abd
                • Opcode Fuzzy Hash: 9b0ea48b946e02b26aeaae4d0d8d74bc05180eb0aaa8ddb8b62d7a3448d6663b
                • Instruction Fuzzy Hash: 1DF0C2716153059FC310EF28C945A1BBBE5FF98710F40465EB898DB390EA34EA01C796
                Function 01660854 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction ID: f08081a84412b5b8855b01f95b6ff266a9d40645a750b35a05866827975cabe8
                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction Fuzzy Hash: 94F0B472610204AFE724DB25CC01F56B7EEEF98344F25807CA945D72A0FAB0DD01C654
                Function 016BC912 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 99762482b90db872b9c22acf19e5b4f0456d98c630e0d2b8e34e1461d14b920a
                • Instruction ID: bfbd357e097c4ea78069305987f8159018a59fdfa6d688f86146a47fb893dad4
                • Opcode Fuzzy Hash: 99762482b90db872b9c22acf19e5b4f0456d98c630e0d2b8e34e1461d14b920a
                • Instruction Fuzzy Hash: 62F06270A01249DFDB14EF69C955A9EB7B5FF18300F00805AB955EB385DA34EB01CB55
                Function 016347FB Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fae8ddcee10b2b12cf2c3f40d75bd3ad4ba765258cf18fefd357313a5f6a30f3
                • Instruction ID: 97ce43e3a2e6e0ceb5aa53ead049f20083a20cde75d4abb400867201f7158894
                • Opcode Fuzzy Hash: fae8ddcee10b2b12cf2c3f40d75bd3ad4ba765258cf18fefd357313a5f6a30f3
                • Instruction Fuzzy Hash: 15F0B4359167D19FE733CB5CCC44B22FBD49B81764F0A896AD58A87742CF34D881CA50
                Function 016F0115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16360904f7e6577a5d701d2f5b598b60ab52a52d934ae3a5b61af550b6a3b7df
                • Instruction ID: 20ae790101c13b161f3face04553872df37a5df8b955243ce00f1a1ac7e71fe2
                • Opcode Fuzzy Hash: 16360904f7e6577a5d701d2f5b598b60ab52a52d934ae3a5b61af550b6a3b7df
                • Instruction Fuzzy Hash: 54F0273651A6C006CF329F6CAC542D16F97A756124F19108EEAE157307CA748483C724
                Function 0166C5ED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f2205c735e2c18f08b0bb1ca2bf7a281be6f5502a9f5be260450a4362d8ea54f
                • Instruction ID: 195caa7481a6b0bc876093b3560609df34e00848757c49eccf4dc3de58921df7
                • Opcode Fuzzy Hash: f2205c735e2c18f08b0bb1ca2bf7a281be6f5502a9f5be260450a4362d8ea54f
                • Instruction Fuzzy Hash: 49F0E271511E719FE3229B1CCD48B12BBDC9B057A5F08A465D58AC7A52C364FC81CA5C
                Function 01672619 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction ID: ceb49a56f52d0666c7dc25b1356950704b165fc78e077ab50d89529266816552
                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction Fuzzy Hash: 8BE0D8723006012BE722AE598CD0F4777AFEFD2B10F04007EB5045F252CAE2DC0982A8
                Function 016C6030 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction ID: d0d30589f7c9097eff77ca148294fd53cba6cfe9de19ed2498a400c70d0599b0
                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction Fuzzy Hash: FCF030722042049FE3219F49DE44F62B7F9EB15764F45C029E609AB761D379EC40CBA8
                Function 01630710 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction ID: ffcf5e22a00a04e28986d102a92337c337b15f7a43258ae11f71d744a686f5aa
                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction Fuzzy Hash: FDF0ED3A2043419BEB17DF19CC40AA57BF9FB89360B000098F8428B301EB32E982CB94
                Function 016649D0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction ID: 98728ddac538758effa43348bddc9130167edfb59bb9b28630acd40db5e9218d
                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction Fuzzy Hash: A3E0D832244145BBD3312E598C00F6E77AEDBD0BA0F150429EA418B658DF70DC41C7EC
                Function 016D678E Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction ID: 6e008afb686992c1acf1917d64a05e98cab991270f265a0124206b38420de125
                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction Fuzzy Hash: 29E04F72A40114BBDB21AB99CD05FAABEADDBA4EA0F164059F602E7190E570DE00D690
                Function 016325E0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 688328a333bf66fb0cc4c67d34886acff32ca649868c6ca59dd8eb36572f538c
                • Instruction ID: 365c9b335703653249bd07b88797cb6089f69b5ccb6ed580895982a66613d78b
                • Opcode Fuzzy Hash: 688328a333bf66fb0cc4c67d34886acff32ca649868c6ca59dd8eb36572f538c
                • Instruction Fuzzy Hash: 3DE092721006549BC321BF29DD11F9A779BEFA0764F01451DF11557190CB30A810C78C
                Function 016EA456 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction ID: 02af7dd30354f2f8533d9e42ef064a4c0776a8edb2e908b0ed9c42f7ced06278
                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction Fuzzy Hash: E3E09231012A51DFE7326F6ACC4CB52BAE2FF90711F148C2DA09A026B0C77598C0CA44
                Function 016B4000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: a6c9bfd3a50c2c79ca57c4724a8b692e7eddce55d19803db4edaf1423e149d92
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: 6FE0C2343003058FE715CF19C480BA27BB6BFD5A10F28C068A9498F306EB32E882CB40
                Function 0166CA38 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a1a0a534cb4b699a29bc0d679dbb431de2d54c4f3dc70b61b9d18371feac000
                • Instruction ID: 112138e1fbab71664006488f67e544e518f9361cd5a8470bc1843af967f2af0d
                • Opcode Fuzzy Hash: 1a1a0a534cb4b699a29bc0d679dbb431de2d54c4f3dc70b61b9d18371feac000
                • Instruction Fuzzy Hash: 6BD02B324858306BCB75F5197C04FA73A9E9B40360F058861F90892011D514CC8292C8
                Function 0162823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: eae1aae50e4b5a4e5cd64d4fbc0f44f5a436e9accaf9c32d80eb11cf192f2309
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: 2DE08C31002A31EFDB322E16DC10B6276EAFB95B10F10892DE081065A487B0A882DE98
                Function 01632050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3676d677511bde838bb518c9e48a70f3906cda12ee6a3e7360fb86e38bd50c68
                • Instruction ID: 5d1e715c0254e170581073070b873c1fb2ad4b2297493d489857e4405bb8161a
                • Opcode Fuzzy Hash: 3676d677511bde838bb518c9e48a70f3906cda12ee6a3e7360fb86e38bd50c68
                • Instruction Fuzzy Hash: 56E08C321005606BC321FA5DDD10F4A739AEFA5360F004129F15087690CA20AC01C798
                Function 01668A90 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction ID: 44100cee1d8f8aae84bdf6dd4f8afe1d5c74179fc3e7dd3ea3fafa2906303ad1
                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction Fuzzy Hash: B8E08633111B1887C728DE28D911B7677ACEF45720F09463EAA5347781C634E544C794
                Function 01686AA4 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction ID: 7eba7705a8641e168912e56472cc3731eed15a72c4c9c8cd2f8ae7b018f75427
                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction Fuzzy Hash: 27D05E36511A50EFC332AF1BEE00D13FBF9FBC4A10705062EA54683A20C770A806CBA0
                Function 0166E59C Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction ID: ebb9656a2159c40dbbc4b4a851dd8e5c19c4f8c6373ca5b7ab7416c8ef7958a0
                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction Fuzzy Hash: 3ED0A932214620ABD732AA1CFC00FC333E9BB88720F160459B009C7250C360AC81CA88
                Function 016AE908 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction ID: e0a7d6bb79470bc827218bb9d6ec90d5950f4ec41e7f651a56c517971c120047
                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction Fuzzy Hash: F7E0EC359507849BDF12EF59CA40F5ABBB5BB94B40F550058A1085B760C735AD00CB40
                Function 0162A0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: c8cbc8baae95940cc06f062a16187660752d9cadf27ffa9024ff4566a736f0d7
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: 02D0223221243093CB2866956C04F636906AB80AA4F1A002CB80AD3E00C5088C43CAE4
                Function 0166A830 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction ID: 867f644bd121d28f772340290f67df80a2d2e7ef8311e4ea35e6366b3096d2d6
                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction Fuzzy Hash: 55D012371D055DBBCB11AF66DC01F957BA9E764BA0F444020B504875A0C63AE950D588
                Function 0166CA24 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aa93565f825a3a49465a46b161a37e4ff7cf8416ef97e8ccc905d7d0803a2f25
                • Instruction ID: 0bc746268772137f09f86eb6192796db2afc076a65da2ecd5949fa99e15bc951
                • Opcode Fuzzy Hash: aa93565f825a3a49465a46b161a37e4ff7cf8416ef97e8ccc905d7d0803a2f25
                • Instruction Fuzzy Hash: 91D0C934656912DBDF3ADF59CE10E6E7AB9FB14741F8000ACEB4592620E329DC12CB64
                Function 016402A0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction ID: c6cebe14f290ffcf8c76bbbbb21882c47cfb634c77e550c094ccbce3e5c16a35
                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction Fuzzy Hash: 3FD09235212A80CFD71A8B0CC9A4B5633A8BB44A44F814490E501CBB62D768D940CA00
                Function 0166C700 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction ID: 49a8b732ae4d4311777fbc22df1503021ca10e567ce4be3efe6a7195e80a45e0
                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction Fuzzy Hash: D7C08C33290648AFC712EF99CD01F027BAAFBA8B40F000021F3048B670C631FC20EA88
                Function 01650310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: 490821e83c0be8d09d175e0939943517991ec9a9d07121c68306deb5c652815a
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: 6DD01236100249EFCB01DF41C890D9A772BFBD8710F148019FD19076118A31ED62DA50
                Function 01630750 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction ID: ecdcf189bdd1d8bd6a1765171281a49a6be1df17acad76bbfa739048e7e410af
                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction Fuzzy Hash: 81C0487AB01A428FCF16EB2ADB94F8977E4FB58740F151890E845CBB22E724E801CA10
                Function 01674340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b194983e5102d621f69380130870d7635c3b3d92c9eda521a4ae09b4374ace9a
                • Instruction ID: eeedf763dcff16fcd9e2a5dfc8bfa284ec1fc617bcb060d3bdaa820ae98b405f
                • Opcode Fuzzy Hash: b194983e5102d621f69380130870d7635c3b3d92c9eda521a4ae09b4374ace9a
                • Instruction Fuzzy Hash: 3C90023160580012914075584CC4547900AA7E0301B95C111E4424658DCA148A565361
                Function 01674650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eb44bed6e4c2730de9bbf3d60dc1cd4dca3ea91e599b15a13287de6d9c12428
                • Instruction ID: c9300ba49c3956cac9714e46fc7aa20d414218dce56a7c815f3194d31107bbdb
                • Opcode Fuzzy Hash: 7eb44bed6e4c2730de9bbf3d60dc1cd4dca3ea91e599b15a13287de6d9c12428
                • Instruction Fuzzy Hash: 4A90026160150042414075584C44407B00AA7E13013D5C215A4554664DC61889559369
                Function 01672B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b513b63147641eee450573e7b0ef7c5ef69d85a89e71a6ad1e9a9a911e93074f
                • Instruction ID: 257ee6f4691d5aeb9ff7d329ed18a8764970e55b0fdb6b7eb0f2b8adcab13555
                • Opcode Fuzzy Hash: b513b63147641eee450573e7b0ef7c5ef69d85a89e71a6ad1e9a9a911e93074f
                • Instruction Fuzzy Hash: 0690026120240003410575584854617900F97E0301B95C121E5014694EC52589916225
                Function 01672BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 08d2ffb76e9a08ffbb47893944c50cd25d38215939d26cc347dbc7f8de53c9ff
                • Instruction ID: a80693628ec60cb4fbffaf0ab39f6da4801228126da30ac820e053965e5b2e34
                • Opcode Fuzzy Hash: 08d2ffb76e9a08ffbb47893944c50cd25d38215939d26cc347dbc7f8de53c9ff
                • Instruction Fuzzy Hash: 1190023120544842D14075584844A47501A97D0305F95C111A4064798ED6258E55B761
                Function 01672BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e97f8fa14b28ed653979b02e57dd2171118d16e9c6abbd6b29a671f6b7da7f2
                • Instruction ID: 161c9329d1c4f52eca8fe92e4a01e8f39d79e4801ec989fb38002c884e296af9
                • Opcode Fuzzy Hash: 2e97f8fa14b28ed653979b02e57dd2171118d16e9c6abbd6b29a671f6b7da7f2
                • Instruction Fuzzy Hash: CD90023120140802D1807558484464B500A97D1301FD5C115A4025758ECA158B5977A1
                Function 01672BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b46bdb2fcb5f05ecd9c4d096cee5dbb47f6162d05e390ff4cd54d759ec2739da
                • Instruction ID: a5654ef7b3a75807cf3145e52119862a022108052b123e09c38fb867a978a675
                • Opcode Fuzzy Hash: b46bdb2fcb5f05ecd9c4d096cee5dbb47f6162d05e390ff4cd54d759ec2739da
                • Instruction Fuzzy Hash: 1D90023160540802D15075584854747500A97D0301F95C111A4024758EC7558B5577A1
                Function 01672B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4753f1263542eaebfe27dcdf91b9cc9aeeb9d90b62892f9bf8f9c3cf8c4b23f9
                • Instruction ID: 4f815732c45481afe19dea5b93d32396c25bce7ebbaae1de7811c0207d261058
                • Opcode Fuzzy Hash: 4753f1263542eaebfe27dcdf91b9cc9aeeb9d90b62892f9bf8f9c3cf8c4b23f9
                • Instruction Fuzzy Hash: 6990023120140802D10475584C44687500A97D0301F95C111AA024759FD66589917231
                Function 01672AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42f0262212aa4ce6f5af6f1e5964d1c9dcf1901be8f7ed8ab331bc2ea93d25f9
                • Instruction ID: 517a927569f61d359fb80d69c9cdd70be29a529d06e7ff446eea627c8748cb31
                • Opcode Fuzzy Hash: 42f0262212aa4ce6f5af6f1e5964d1c9dcf1901be8f7ed8ab331bc2ea93d25f9
                • Instruction Fuzzy Hash: BE900225221400020145B9580A4450B544AA7D63513D5C115F5416694DC62189655321
                Function 01672AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 479ff57174689443656c00bf498ec208643c97580f2c485b26bb6735f99995be
                • Instruction ID: 6a9a6a1bc0649039d7ec32e33cba2a40b7e3b1c7ba68b9b028c0b2f412b31b32
                • Opcode Fuzzy Hash: 479ff57174689443656c00bf498ec208643c97580f2c485b26bb6735f99995be
                • Instruction Fuzzy Hash: E9900435311400030105FD5C0F44507504FD7D53513D5C131F5015754DD731CD715331
                Function 01672AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f8808d74cd2dc8684f885a6d460c9354d685c5b5e5e69fd88d0b10ab27d4078
                • Instruction ID: eabef11024a6e71d80d87d112d08a9ca4cee670b0cc5acec222086f9465552c5
                • Opcode Fuzzy Hash: 5f8808d74cd2dc8684f885a6d460c9354d685c5b5e5e69fd88d0b10ab27d4078
                • Instruction Fuzzy Hash: E69002A1201540924500B6588844B0B950A97E0301B95C116E5054664DC52589519235
                Function 01672D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a068b12094febf937b09b41596aa7f8f947c254da3c570c4492ebb406a9a2921
                • Instruction ID: 0682bf7eae4f5572cda6e4d2c0063ea794b40139a614a2579c9143c2d4a2aafd
                • Opcode Fuzzy Hash: a068b12094febf937b09b41596aa7f8f947c254da3c570c4492ebb406a9a2921
                • Instruction Fuzzy Hash: 1C90022130140003D14075585858607900AE7E1301F95D111E4414658DD91589565322
                Function 01672D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e4e485dd1863be02e86a2c96b31605d0160588f31ad485baddd051f48a44f7ae
                • Instruction ID: a6e03469eeba2b233aefeb00da89dd78369113b2c898ea7e7a1a0b6af7190357
                • Opcode Fuzzy Hash: e4e485dd1863be02e86a2c96b31605d0160588f31ad485baddd051f48a44f7ae
                • Instruction Fuzzy Hash: 6590022120544442D10079585848A07500A97D0305F95D111A5064699EC6358951A231
                Function 01672D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 959bea471b104eb292e0cba3d385c94166c94815b9db29732340f5149c07dd04
                • Instruction ID: d5cdd4503c70573bbb8a3e3ca27b76e382fce8d7e9d2e37bf713f984424cc4ed
                • Opcode Fuzzy Hash: 959bea471b104eb292e0cba3d385c94166c94815b9db29732340f5149c07dd04
                • Instruction Fuzzy Hash: D490022921340002D1807558584860B500A97D1302FD5D515A401565CDC91589695321
                Function 01672DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d0f17a5d9c5824a95ee19740ea6c0cb5c6bbf56cb5f5a23c9955cfa8d1e7e7af
                • Instruction ID: 06d3bdc7cbf24066c10a64e155d72f2536221fb809f54fb20536ffe95ae02c7b
                • Opcode Fuzzy Hash: d0f17a5d9c5824a95ee19740ea6c0cb5c6bbf56cb5f5a23c9955cfa8d1e7e7af
                • Instruction Fuzzy Hash: FD900221242441525545B5584844507900BA7E03417D5C112A5414A54DC5269956D721
                Function 01672DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a5cfa5e8c3fdf700791a4b7166954038d1b2c3c64592f904e9deebe0a8d61e2f
                • Instruction ID: 50a78cfcb6aae03bee13e8334d018070fec7b5742495cd0d9d2256d399e1d135
                • Opcode Fuzzy Hash: a5cfa5e8c3fdf700791a4b7166954038d1b2c3c64592f904e9deebe0a8d61e2f
                • Instruction Fuzzy Hash: 9D90023124140402D14175584844607500EA7D0341FD5C112A4424658FC6558B56AB61
                Function 01672C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 605cedad5325065dd3913b3fb6591408f3854d776ef77fbe9a15ffaacfafa0fb
                • Instruction ID: 4976eeabfe7060fb218f36c8bc40ecf8f819bbd4cfd84be621f7fa9d23213d9a
                • Opcode Fuzzy Hash: 605cedad5325065dd3913b3fb6591408f3854d776ef77fbe9a15ffaacfafa0fb
                • Instruction Fuzzy Hash: 2A90023120140842D10075584844B47500A97E0301F95C116A4124758EC615C9517621
                Function 01672CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: feeaad9da6aa3739ccdd63d74fd96339da8ffacab8f4f72c933bd8e4731ccb5c
                • Instruction ID: 7ade7bf885483c8db6e385f7e0490137b56dd1cf9ad6f3861e5286792284250c
                • Opcode Fuzzy Hash: feeaad9da6aa3739ccdd63d74fd96339da8ffacab8f4f72c933bd8e4731ccb5c
                • Instruction Fuzzy Hash: 9B90023120140403D10075585948707500A97D0301F95D511A442465CED65689516221
                Function 01672CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 779b224ac11d2acfa84c8a378135a7604fc44e90b68df1fd0d8440c13e52ab23
                • Instruction ID: 94f74a7d80a6c39f218a66f43ef4383e4a98c8a4348284b1231df5b0a5f03cca
                • Opcode Fuzzy Hash: 779b224ac11d2acfa84c8a378135a7604fc44e90b68df1fd0d8440c13e52ab23
                • Instruction Fuzzy Hash: 9C90022160540402D14075585858707501A97D0301F95D111A4024658EC6598B5567A1
                Function 01672CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ac4c6fc04efdbebf36d3de967e8b27fbb94fd81c45ff327762ebf05d40a876c2
                • Instruction ID: feb4dec94f0a4e8fda6e16ca4e2b44ae48874cea2c86d67117f4133a35ed8c32
                • Opcode Fuzzy Hash: ac4c6fc04efdbebf36d3de967e8b27fbb94fd81c45ff327762ebf05d40a876c2
                • Instruction Fuzzy Hash: 5290023120140402D10079985848647500A97E0301F95D111A9024659FC66589916231
                Function 01672F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 306ae65888ccef4e7ca2ba61152ec186fa752055e44c1f97ee5f8e9a6f1ac6db
                • Instruction ID: 9ad92e3a5fcd329a49c892554f7546f610592e1226a187da2a6872e97bfb1f0e
                • Opcode Fuzzy Hash: 306ae65888ccef4e7ca2ba61152ec186fa752055e44c1f97ee5f8e9a6f1ac6db
                • Instruction Fuzzy Hash: 6C90026121140042D10475584844707504A97E1301F95C112A6154658DC5298D615225
                Function 01672F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3518ab50fd3eb5a397da0b3433ff92ade2599e008087cc7fd33816be304f93b5
                • Instruction ID: 794eb2d7d61ab29a8674d13de0d1a5fba605c57125a5e0c8ae983941f66de653
                • Opcode Fuzzy Hash: 3518ab50fd3eb5a397da0b3433ff92ade2599e008087cc7fd33816be304f93b5
                • Instruction Fuzzy Hash: A690026134140442D10075584854B07500AD7E1301F95C115E5064658EC619CD526226
                Function 01672FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9916ea5551c030550c6f9af88c4d100cefc80ea303958a3d668eb8514263db4c
                • Instruction ID: 26435fd92e0ecfe178f1e0953010a5710ba33ad46ccbba231a16d06f188af2fb
                • Opcode Fuzzy Hash: 9916ea5551c030550c6f9af88c4d100cefc80ea303958a3d668eb8514263db4c
                • Instruction Fuzzy Hash: E9900221211C0042D20079684C54B07500A97D0303F95C215A4154658DC91589615621
                Function 01672FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 46c5de03337e6055d575fef467deb0804e06c8e86e24ef2baa08cd54ab733ae8
                • Instruction ID: a15d857a449dec93b169e87e33d3a88ba780cacc5cee16f6d3ed8e1f80ff6ee4
                • Opcode Fuzzy Hash: 46c5de03337e6055d575fef467deb0804e06c8e86e24ef2baa08cd54ab733ae8
                • Instruction Fuzzy Hash: F590023120180402D10075584C48747500A97D0302F95C111A9164659FC665C9916631
                Function 01672FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df66f2603d0aa4bb0a55f43109269cbf0e8de03202dc4aa67cf4eea0b517c6c2
                • Instruction ID: d17426581bb266eb979556f6adc7c9b10b3d17d3d0ea7482f65f957a8fd2e7ce
                • Opcode Fuzzy Hash: df66f2603d0aa4bb0a55f43109269cbf0e8de03202dc4aa67cf4eea0b517c6c2
                • Instruction Fuzzy Hash: 9C90022160140042414075688C84907900ABBE1311795C221A4998654EC55989655765
                Function 01672F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3f5102003ba1f550a54cf3a70da2d6d3ad12a5f0da67ecd48c87ae0d423a406
                • Instruction ID: b98da38bf73af73f7ca65e11356b5bfd241db848c4a81a565655cc8106e7c857
                • Opcode Fuzzy Hash: b3f5102003ba1f550a54cf3a70da2d6d3ad12a5f0da67ecd48c87ae0d423a406
                • Instruction Fuzzy Hash: 3C90023120180402D10075584C5470B500A97D0302F95C111A5164659EC62589516671
                Function 01672E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7acfad9f12deea8cd52dc86431db70b4a5e6beaeab3d753d47883882df3d6909
                • Instruction ID: 0cc81ea747d704926870f6aa2b6fa684ad6a3498c85821d87f13997fbacad429
                • Opcode Fuzzy Hash: 7acfad9f12deea8cd52dc86431db70b4a5e6beaeab3d753d47883882df3d6909
                • Instruction Fuzzy Hash: 3290022130140402D10275584854607500ED7D1345FD5C112E5424659EC6258A53A232
                Function 01672EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 164bba439073ea83d6b5ae97bd788db659c38147de06f722e68ff90fd1003a62
                • Instruction ID: a1ca5e7726922f7c8cb59ba5828ef155108cfdd5e3557dfb49302408323fa529
                • Opcode Fuzzy Hash: 164bba439073ea83d6b5ae97bd788db659c38147de06f722e68ff90fd1003a62
                • Instruction Fuzzy Hash: 4D90026120180403D14079584C44607500A97D0302F95C111A6064659FCA298D516235
                Function 01672EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dc37cc5f09d3d9f1b62aee7bfb22a4c11bf1e4b523e17d6b4c3eb00a2fd3227d
                • Instruction ID: 5c545f90bfe0544ca5874df924cd4be6ec43199e3b76d7cd190dbc5631e99002
                • Opcode Fuzzy Hash: dc37cc5f09d3d9f1b62aee7bfb22a4c11bf1e4b523e17d6b4c3eb00a2fd3227d
                • Instruction Fuzzy Hash: 9090027120140402D14075584844747500A97D0301F95C111A9064658FC6598ED56765
                Function 01672E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5c15e86026e38fcb7dfd56b2fce7a50218eb60b984ebd3e5adfe9d6b3c8a25c
                • Instruction ID: ee0976ee4e2b07ef5b86119e9d04459843d92bd51d837e4067112b5fb911c9e4
                • Opcode Fuzzy Hash: f5c15e86026e38fcb7dfd56b2fce7a50218eb60b984ebd3e5adfe9d6b3c8a25c
                • Instruction Fuzzy Hash: D090022160140502D10175584844617500F97D0341FD5C122A5024659FCA258A92A231
                Function 01673010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ee744c5f2af85ee4f122880138a997cbcb0c60b725141a5e3a883cdd2296ee6d
                • Instruction ID: 07ba15777218980f87767f12e23372568e65ad9c69a89e777e500d98beeba691
                • Opcode Fuzzy Hash: ee744c5f2af85ee4f122880138a997cbcb0c60b725141a5e3a883cdd2296ee6d
                • Instruction Fuzzy Hash: FA90022120184442D14076584C44B0F910A97E1302FD5C119A8156658DC91589555721
                Function 01673090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 87560aa7246a62d696aa29b53802878bf01ff8eda392a68b0a81c350b24ae92e
                • Instruction ID: 76de85af60ce4c779a0da4ee913f9c312bfd08d4f6a03501c50ef41ffd897fd9
                • Opcode Fuzzy Hash: 87560aa7246a62d696aa29b53802878bf01ff8eda392a68b0a81c350b24ae92e
                • Instruction Fuzzy Hash: 9890022124140802D14075588854707500BD7D0701F95C111A4024658EC6168A6567B1
                Function 016739B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1563741cf241755e40ae80c784aca885ac3ec0066add83e5703d1d4987d4245
                • Instruction ID: 113419347780e2b81d1c51d3a333c11b4a9bcae5b3bd111167b71366d4dd7543
                • Opcode Fuzzy Hash: c1563741cf241755e40ae80c784aca885ac3ec0066add83e5703d1d4987d4245
                • Instruction Fuzzy Hash: 6490022124545102D150755C4844617900AB7E0301F95C121A4814698EC55589556321
                Function 01673D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0099b175294bc6abf4f62aaaf14892b005b0fa0fb84272cc07353414c9d107cd
                • Instruction ID: bfcd1968f7c1b9439749c9ce1d23a37be334ba389846f0a1970520ac31808115
                • Opcode Fuzzy Hash: 0099b175294bc6abf4f62aaaf14892b005b0fa0fb84272cc07353414c9d107cd
                • Instruction Fuzzy Hash: 9C90023520140402D51075585C44647504B97D0301F95D511A442465CEC65489A1A221
                Function 01673D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e6594af3809aaa575dbe4eaf15b2ef74e83d841bd201a1e32b059ed61b438454
                • Instruction ID: 33a3b9229b221c429f5b0adb5fa5c57abe895b9fc1e3d2bee5efd0ca96124b8c
                • Opcode Fuzzy Hash: e6594af3809aaa575dbe4eaf15b2ef74e83d841bd201a1e32b059ed61b438454
                • Instruction Fuzzy Hash: 5290023120240142954076585C44A4F910A97E1302BD5D515A4015658DC91489615321
                Function 01672C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: f964f8ecaa444ff9580cb0a20d828d8a3c9c042a0feaba01db0fb43473a962cf
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 01672890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: c40539e092813e65167b4777f34f7fcbe6f0a0657a55a0b2c9cf779889b1fc0f
                • Instruction ID: 1d096a4c89a9d4909213187ff3ae3122c4fbd87f756b43db9fd17eaebb01560a
                • Opcode Fuzzy Hash: c40539e092813e65167b4777f34f7fcbe6f0a0657a55a0b2c9cf779889b1fc0f
                • Instruction Fuzzy Hash: A251D5B6A00116AFDB11DF9D8CA097EFBB8BB08240B54826EE4A5D7741D334DE45CBA4
                Function 016E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 3d5469099336fe431a67f996e9fd7c7202728a030f62232e9864182dc9c0545f
                • Instruction ID: dea8c3f6ba1557017e3f6985aa5e390e95d6b02686b50bf361817b270577f4fd
                • Opcode Fuzzy Hash: 3d5469099336fe431a67f996e9fd7c7202728a030f62232e9864182dc9c0545f
                • Instruction Fuzzy Hash: 2051F671A01655AECB30DF5CCDA497FBBFEEB48200B048A5DE596C7741E7B4EA408B60
                Function 01667630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • Execute=1, xrefs: 016A4713
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 016A4742
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 016A4655
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 016A46FC
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 016A4725
                • ExecuteOptions, xrefs: 016A46A0
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 016A4787
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 4a0417b8f1a7fa76e1cca5fbcb6f2bede953ab4ebbff2832b131d2800855011e
                • Instruction ID: 0cbecb896c0121040c59d9b24075cc206b698afd84c68e885751940889092baf
                • Opcode Fuzzy Hash: 4a0417b8f1a7fa76e1cca5fbcb6f2bede953ab4ebbff2832b131d2800855011e
                • Instruction Fuzzy Hash: B2513A316002197AEF21ABA9DC85FBE7BADEF15308F4800ADD605E7291EB719E418F54
                Function 0167B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: 594b93f204c5c02190634ab92ec5094c060f326ed68416cd4f9b0d894cf1b2af
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: 4D81BE70E052599EEF29CE6CCC917FEBBB2AF45320F1C421AE961A7391C7349841CB65
                Function 016E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: dd67b1a474283c110acb87eed11169fbb80be38e8a5a3d8b84ba28ac01f2ef2a
                • Instruction ID: 3f07eb93475db4ff27151fb356d21707dcfe0971d89e3efba7efb0272cc4e702
                • Opcode Fuzzy Hash: dd67b1a474283c110acb87eed11169fbb80be38e8a5a3d8b84ba28ac01f2ef2a
                • Instruction Fuzzy Hash: A621657AA01119ABDB10DF79CC54AFE7BFEEF54651F04021EEA05E3200E730DA158BA1
                Function 0165F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Re-Waiting, xrefs: 016A031E
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016A02E7
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016A02BD
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: c7f9ca1844579dd2cbda40f3d5196bf9894a7200562966874bcc9677d23ab7b3
                • Instruction ID: ba68afeb5ec485a74deb970ec9fea65cadf0f9c4029dff9bec52f6c991b99ec8
                • Opcode Fuzzy Hash: c7f9ca1844579dd2cbda40f3d5196bf9894a7200562966874bcc9677d23ab7b3
                • Instruction Fuzzy Hash: DCE1CE306047429FD765CF28CC84B2ABBE1BB88314F144AADF9A58B3E1D774E945CB52
                Function 0166BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 016A7B7F
                • RTL: Resource at %p, xrefs: 016A7B8E
                • RTL: Re-Waiting, xrefs: 016A7BAC
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: cd0b199f4c5a9c528bc22aec3397cffab2342101fe211ed93ff915b78e0b3d01
                • Instruction ID: 94e9ea171d3a4ea76b36c75e869ea9becc47574ddf8bd923f7f96c9b6add0603
                • Opcode Fuzzy Hash: cd0b199f4c5a9c528bc22aec3397cffab2342101fe211ed93ff915b78e0b3d01
                • Instruction Fuzzy Hash: 3A41E2313007029FD725DE2DCC40B6AB7EAEF98710F100A2DE956DB790DB72E8058B95
                Function 0166B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016A728C
                Strings
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 016A7294
                • RTL: Resource at %p, xrefs: 016A72A3
                • RTL: Re-Waiting, xrefs: 016A72C1
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: 20302db1ae188887666e34499ad91442adc66f4fd57e03c72a3bbbb839b9073e
                • Instruction ID: 2f47845f2ac00a4568eaffd5558c7033581878f9ee6f6a29a1e78e63af276c61
                • Opcode Fuzzy Hash: 20302db1ae188887666e34499ad91442adc66f4fd57e03c72a3bbbb839b9073e
                • Instruction Fuzzy Hash: 9041D031701606ABD721DE29CC41B6ABBAAFF94710F14862DF955EB340DB31F8428BD5
                Function 016E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: 33dbbcc057d57bbd7ee664438bb9fe1b8fe9f3439de2a3edcdd4c3f3ae6e2cf1
                • Instruction ID: 31d613d151064c6c1ddab185c97a20c1c534cc4a1bfe41b9a60699aa5222d805
                • Opcode Fuzzy Hash: 33dbbcc057d57bbd7ee664438bb9fe1b8fe9f3439de2a3edcdd4c3f3ae6e2cf1
                • Instruction Fuzzy Hash: D1318272A016199FDB20DE2DCC54BEEB7FDEB44610F44465EE949E3200EB30AA458FA0
                Function 01677D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: b2d3fa54562718df6e3e32fd6bc97652ec0aa61de9dd2fee2a18445b739e0491
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: C491A171E0020A9BEB24DF6DCD88ABEBBA5EF44320F14461AE955E73C0D7349D41CB61
                Function 01639126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: be027be2393cb73082fd8f48858574517e1e2a5b520c3b88f1ae69ca877edc40
                • Instruction ID: 84235301f3689de33a8ac26e5df1fca43417daee62713d3fef6f8ac8ace3681f
                • Opcode Fuzzy Hash: be027be2393cb73082fd8f48858574517e1e2a5b520c3b88f1ae69ca877edc40
                • Instruction Fuzzy Hash: C1811B76D002699BDB31CF54CC54BEAB7B8AF48714F0441DAEA19B7280D7709E85CFA4
                Function 016BCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                Download Yara Rule
                APIs
                • @_EH4_CallFilterFunc@8.LIBCMT ref: 016BCFBD
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.1949330280.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_1600000_huuG7N3jOv.jbxd
                Similarity
                • API ID: CallFilterFunc@8
                • String ID: @$@4_w@4_w
                • API String ID: 4062629308-713214301
                • Opcode ID: 4306b3258b9942aaf906901ac9de265c8e077a9c15e8f305bcf685b688fb5aae
                • Instruction ID: 62cf823783a60c1cb4385a6b4d6bc84d195cd3a311f958328e481608ec282eb3
                • Opcode Fuzzy Hash: 4306b3258b9942aaf906901ac9de265c8e077a9c15e8f305bcf685b688fb5aae
                • Instruction Fuzzy Hash: 0F41D075900225DFDB219FA9CC80AAEBBB9FF58B14F00406EEA01DB350D734D942CB64