Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe

Overview

General Information

Sample name:SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
Analysis ID:1500930
MD5:870e59c51a8f4c9b4461dee1d15d1599
SHA1:227c9c74d5ad5cbcfb1838ce4248e485518fb95e
SHA256:6139902e3873552385dfc103fe1db9ba336bbce8d3db180cbfb588352c055776
Tags:exe
Infos:

Detection

FormBook
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f957:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17c56:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe PID: 7396JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2f957:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x17c56:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ed57:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17056:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeAvira: detected
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeReversingLabs: Detection: 34%
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 4x nop then jmp 06F03FE5h0_2_06F0393D
          Source: Amcache.hve.14.drString found in binary or memory: http://upx.sf.net

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0042CCA7 NtClose,10_2_0042CCA7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_02E02DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E04340 NtSetContextThread,10_2_02E04340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E04650 NtSuspendThread,10_2_02E04650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02AF0 NtWriteFile,10_2_02E02AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02AD0 NtReadFile,10_2_02E02AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02AB0 NtWaitForSingleObject,10_2_02E02AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02BE0 NtQueryValueKey,10_2_02E02BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02BF0 NtAllocateVirtualMemory,10_2_02E02BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02BA0 NtEnumerateValueKey,10_2_02E02BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02B80 NtQueryInformationFile,10_2_02E02B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02B60 NtClose,10_2_02E02B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02EE0 NtQueueApcThread,10_2_02E02EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02EA0 NtAdjustPrivilegesToken,10_2_02E02EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02E80 NtReadVirtualMemory,10_2_02E02E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02E30 NtWriteVirtualMemory,10_2_02E02E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02FE0 NtCreateFile,10_2_02E02FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02FA0 NtQuerySection,10_2_02E02FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02FB0 NtResumeThread,10_2_02E02FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02F90 NtProtectVirtualMemory,10_2_02E02F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02F60 NtCreateProcessEx,10_2_02E02F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02F30 NtCreateSection,10_2_02E02F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02CF0 NtOpenProcess,10_2_02E02CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02CC0 NtQueryVirtualMemory,10_2_02E02CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02CA0 NtQueryInformationToken,10_2_02E02CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02C60 NtCreateKey,10_2_02E02C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02C70 NtFreeVirtualMemory,10_2_02E02C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02C00 NtQueryInformationProcess,10_2_02E02C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02DD0 NtDelayExecution,10_2_02E02DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02DB0 NtEnumerateKey,10_2_02E02DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02D30 NtUnmapViewOfSection,10_2_02E02D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02D00 NtSetInformationFile,10_2_02E02D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02D10 NtMapViewOfSection,10_2_02E02D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E03090 NtSetValueKey,10_2_02E03090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E03010 NtOpenDirectoryObject,10_2_02E03010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E035C0 NtCreateMutant,10_2_02E035C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E039B0 NtGetContextThread,10_2_02E039B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E03D70 NtOpenThread,10_2_02E03D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E03D10 NtOpenProcessToken,10_2_02E03D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_04D8DFB80_2_04D8DFB8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_04D86C800_2_04D86C80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_04D86C710_2_04D86C71
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_04D8DFA80_2_04D8DFA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_04D848C40_2_04D848C4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_0537C5780_2_0537C578
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_0537F5400_2_0537F540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_0537F1080_2_0537F108
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_053700060_2_05370006
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_053700400_2_05370040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_0537F9780_2_0537F978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_06F015D00_2_06F015D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_06F011980_2_06F01198
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0040E8FE10_2_0040E8FE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0041088710_2_00410887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0040E90710_2_0040E907
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0040312410_2_00403124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_004039E410_2_004039E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0042F24710_2_0042F247
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00401A9410_2_00401A94
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0040144010_2_00401440
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00404CA310_2_00404CA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0041065E10_2_0041065E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0041066710_2_00410667
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00402E1410_2_00402E14
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00416FC710_2_00416FC7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E502C010_2_02E502C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7027410_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E903E610_2_02E903E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDE3F010_2_02DDE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8A35210_2_02E8A352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6200010_2_02E62000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E881CC10_2_02E881CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E901AA10_2_02E901AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E841A210_2_02E841A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E5815810_2_02E58158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC010010_2_02DC0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6A11810_2_02E6A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEC6E010_2_02DEC6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCC7C010_2_02DCC7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF475010_2_02DF4750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD077010_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7E4F610_2_02E7E4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8244610_2_02E82446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7442010_2_02E74420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E9059110_2_02E90591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD053510_2_02DD0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCEA8010_2_02DCEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E86BD710_2_02E86BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8AB4010_2_02E8AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE8F010_2_02DFE8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DB68B810_2_02DB68B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDA84010_2_02DDA840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD284010_2_02DD2840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E9A9A610_2_02E9A9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A010_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE696210_2_02DE6962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8EEDB10_2_02E8EEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE2E9010_2_02DE2E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8CE9310_2_02E8CE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0E5910_2_02DD0E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8EE2610_2_02E8EE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC2FC810_2_02DC2FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDCFE010_2_02DDCFE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4EFA010_2_02E4EFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E44F4010_2_02E44F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E12F2810_2_02E12F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E72F3010_2_02E72F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF0F3010_2_02DF0F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC0CF210_2_02DC0CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70CB510_2_02E70CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0C0010_2_02DD0C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCADE010_2_02DCADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE8DBF10_2_02DE8DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDAD0010_2_02DDAD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6CD1F10_2_02E6CD1F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E712ED10_2_02E712ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEB2C010_2_02DEB2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD52A010_2_02DD52A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E1739A10_2_02E1739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBD34C10_2_02DBD34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8132D10_2_02E8132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E870E910_2_02E870E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8F0E010_2_02E8F0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD70C010_2_02DD70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7F0CC10_2_02E7F0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDB1B010_2_02DDB1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E9B16B10_2_02E9B16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E0516C10_2_02E0516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBF17210_2_02DBF172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E816CC10_2_02E816CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E1563010_2_02E15630
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8F7B010_2_02E8F7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC146010_2_02DC1460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8F43F10_2_02E8F43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E995C310_2_02E995C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6D5B010_2_02E6D5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8757110_2_02E87571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7DAC610_2_02E7DAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E15AA010_2_02E15AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E71AA310_2_02E71AA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6DAAC10_2_02E6DAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E43A6C10_2_02E43A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8FA4910_2_02E8FA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E87A4610_2_02E87A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E45BF010_2_02E45BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E0DBF910_2_02E0DBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEFB8010_2_02DEFB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8FB7610_2_02E8FB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD38E010_2_02DD38E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3D80010_2_02E3D800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD995010_2_02DD9950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEB95010_2_02DEB950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6591010_2_02E65910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD9EB010_2_02DD9EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02D93FD210_2_02D93FD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02D93FD510_2_02D93FD5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD1F9210_2_02DD1F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8FFB110_2_02E8FFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8FF0910_2_02E8FF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8FCF210_2_02E8FCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E49C3210_2_02E49C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEFDC010_2_02DEFDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E87D7310_2_02E87D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD3D4010_2_02DD3D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E81D5A10_2_02E81D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: String function: 02E3EA12 appears 86 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: String function: 02E05130 appears 58 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: String function: 02E17E54 appears 111 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: String function: 02DBB970 appears 280 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: String function: 02E4F290 appears 105 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 236
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1398186034.00000000027E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1401284596.0000000006B70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1401708341.00000000087B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1397469720.0000000000A1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1398636005.00000000037E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000002.1401536258.0000000008684000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameummJ.exeB vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 00000000.00000000.1255242679.00000000004FC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameummJ.exeB vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 0000000A.00000002.1897436920.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeBinary or memory string: OriginalFilenameummJ.exeB vs SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, uFrBksj9HU9cLWRBKk.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, uFrBksj9HU9cLWRBKk.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pJsScy6BttYyZ7vEuF.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pJsScy6BttYyZ7vEuF.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pJsScy6BttYyZ7vEuF.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pJsScy6BttYyZ7vEuF.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pJsScy6BttYyZ7vEuF.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pJsScy6BttYyZ7vEuF.csSecurity API names: _0020.AddAccessRule
          Source: classification engineClassification label: mal96.troj.evad.winEXE@4/6@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.logJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeMutant created: NULL
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8116
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\9ed9094b-e382-48e7-b86e-a0e4671bbe98Jump to behavior
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeReversingLabs: Detection: 34%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe, 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pJsScy6BttYyZ7vEuF.cs.Net Code: jSyHRR2n2D System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.28195b8.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.6b70000.4.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pJsScy6BttYyZ7vEuF.cs.Net Code: jSyHRR2n2D System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_004488DB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,10_2_004488DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_026C47B1 push ebp; retf 0_2_026C4815
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_04D8CCEC push E93C04E8h; retf 0_2_04D8CCB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_04D88AEE push 8B5004D8h; iretd 0_2_04D88AF3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_04D8CAA8 push ACF004E8h; retf 0_2_04D8CAB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_053785DE push edx; iretd 0_2_053785DF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 0_2_06F070AD push FFFFFF8Bh; iretd 0_2_06F070AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00402040 push FFFFFFC2h; iretd 10_2_0040205C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00409028 push edx; iretd 10_2_0040903D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0040D909 push 00000049h; retf 10_2_0040D914
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_004129C7 push edi; iretd 10_2_004129D7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0040299A push cs; iretd 10_2_0040299D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_004029B3 push 0000000Eh; iretd 10_2_004029B7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_004129BE push edi; iretd 10_2_004129D7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0042EAD7 push esi; ret 10_2_0042EAFF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00402AF5 push edi; iretd 10_2_00402B0B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00419327 push 68868784h; retf 10_2_00419350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00402BC9 push ecx; iretd 10_2_00402BCC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00403C54 push eax; ret 10_2_00403C56
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00403400 push cs; iretd 10_2_00403401
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0040B43A push 0000005Fh; iretd 10_2_0040B44C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00447D15 push ecx; ret 10_2_00447D28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00416E06 push ebp; ret 10_2_00416E07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0040DE92 push 3C5FAE21h; ret 10_2_0040DEB2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00411E9F push edx; iretd 10_2_00411EA9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00401F48 push FFFFFFC1h; iretd 10_2_00401F5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00401F48 push esp; iretd 10_2_00401F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00401F8A push esp; iretd 10_2_00401F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02D9225F pushad ; ret 10_2_02D927F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02D927FA pushad ; ret 10_2_02D927F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02D9283D push eax; iretd 10_2_02D92858
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC09AD push ecx; mov dword ptr [esp], ecx10_2_02DC09B6
          Source: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeStatic PE information: section name: .text entropy: 7.980814067163431
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, Sjg2n1rfg1rgwRTsHA.csHigh entropy of concatenated method names: 'YFdB3X5LPg', 'PDwB2Ayd7W', 'JfjBUlA5Kn', 'dmBB0ACiH8', 'viWB919VNL', 'oefBfMbt7t', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, Ct1x6TFpKd9ORvXgG7.csHigh entropy of concatenated method names: 'pusOeh8Gec', 'tLQOZX6qZA', 'KuLOHyneJx', 'wIZO8IwsNX', 'ITlOgiDkxL', 'jOsOI4FSAy', 'JJ7O4aowJl', 'tEBBy865pM', 'A6wBn1St72', 'GSLBrJBvGi'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, yp6DNBxwcIJTi54C3H.csHigh entropy of concatenated method names: 'Gw9RFUXK4', 'l1vphcZC9', 'gkPKn1qvt', 's2CdJpaN9', 'V5CC8umYi', 'u8eGkG1TU', 'TkjiH2nNqTyNvLJegt', 'emPi01PyJqWNMButIw', 'boTB9soaO', 'xlLVSpLFe'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pJsScy6BttYyZ7vEuF.csHigh entropy of concatenated method names: 'VRQZDiOXxP', 'PavZ8vh6S8', 'gwbZgyWePO', 'T4uZk6buyg', 'wMyZIcAhpT', 'fSMZ4iYfNc', 'pPjZSL6nkN', 'CpMZ6NvQ7y', 'YYAZ1Ermwb', 'dQ3ZT7wTPv'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, GrflPdztJajYxioWF4.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'k5dONUEssJ', 'JgVOPHABqe', 'PsBOtfctll', 'SjuOWeP0QK', 'QsPOBmfGLB', 'rgoOOP8Slj', 'QsTOVqjpdq'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, AIrjvGoD09mHiapsVG.csHigh entropy of concatenated method names: 'dbyS8KYYvH', 'r28Sk1nsV9', 'V5cS4m0nKJ', 'BcF4FgSHfS', 'Gdv4zIoAyY', 'oZxShJ2BKI', 'suSSesOXvo', 'D7ZSxRgv4G', 'wMhSZ4Qy6W', 'mGDSHaZqIB'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, RkLr55i5INQDC9Y2V1.csHigh entropy of concatenated method names: 'X9pWTm1S1B', 'KisW74jhf7', 'ToString', 'bZnW8VlXFv', 'ikVWgc90US', 'C1LWkpfbN3', 'hR6WINUjw8', 'PriW40QK6x', 'svbWSFYvPW', 'ftXW6wBMN6'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, wKtZDynJ5ZVN8LDSBU.csHigh entropy of concatenated method names: 'Sp8B8Sp9tX', 'd1QBgpL4oJ', 'C4VBkw8vrU', 'DtEBIhhep2', 'vTbB4CqrID', 'vX4BS8t7lD', 'uFXB6D1o2W', 'YxXB1redm4', 'R9oBTbclyI', 'tLTB7M98Cn'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, qUbH3w980KqZC4AiIF.csHigh entropy of concatenated method names: 'DlIPbyT1P0', 'whwPMA8AXF', 'Bg7P9ZiT8h', 'JoXPvDF2WN', 'REPP2OFyRC', 'OuHPUlf6bL', 'TIEP06uH32', 'E0FPffCGsN', 'KREPE8QGgC', 'nZSPoFXZgW'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, tVKB2MehoMI39vpFSfF.csHigh entropy of concatenated method names: 'KGtOXQPxm1', 'JLLOlE466X', 'HRvORli6oH', 'OyFOpjYOIU', 'QacO5eD8cJ', 'NvhOKSOGF0', 'MRcOdDNv7l', 'CXROj2gMf7', 'aniOC3x3Lp', 'wHbOGiZpR2'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, cm8RhBE9iuROxmKd5h.csHigh entropy of concatenated method names: 'fcB4wZWMQl', 'XnW4iVDyjF', 'K974uilToE', 'ToString', 'JOJ4JbQ0qP', 'piK4ylF6AD', 'uHoIEN5HkLHXLOeRsup', 'r7AOI15j7Cry9vbhKyL', 'Wq5juX5NngvR1aqiPlR', 'ICcyR65TyIgLnR8s54r'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, iCeJfqHn4LUmYkBf9I.csHigh entropy of concatenated method names: 'KlceSFrBks', 'RHUe69cLWR', 'evKeTK2joU', 'Hjue7BwAJI', 'Yc9eP41Wgk', 'ic3etMkqcY', 'bVkkfcAWLQhDCaA7JD', 'o2BvWay7tdBOxSX17M', 'j0ieeCEP9G', 'MQFeZam46P'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, X8pnHp0SIuPUrgajQX.csHigh entropy of concatenated method names: 'nmd4sOGSTP', 'qHS4Xrhe87', 'Ruk4RhMvvN', 'eNf4pJNc8m', 'lmC4KW2iZ1', 'RWL4dp79Bk', 'DrI4Cw4HKG', 'PHF4GO2rEt', 'lA2C0L5ZxxAiJnQuHU6', 'oD5IOt5UQq79gUHbxIG'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, wuYEL1eZQd5D2DQNQw8.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mOfV9Y7HSb', 'yRoVvPbu6X', 'mt0VwymTLe', 'tgyVi7hgXi', 'JikVubEDlC', 'uMQVJU6jS7', 'ySMVyREud9'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, uFrBksj9HU9cLWRBKk.csHigh entropy of concatenated method names: 'bSmg9mwl1c', 'wXsgvLdoeg', 'upggwuU2xa', 'mwlgiaG6bq', 'gdfguBKkg6', 'CFtgJZaFXA', 'PItgyb0U6c', 'Ys7gn8A3YN', 'zlagrIncjZ', 'QfvgFHORuN'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, pgk4c33MkqcY9aED7p.csHigh entropy of concatenated method names: 'kAT4DykM5D', 'jTA4gEyWGX', 'dRr4Ie8RRX', 'A0h4SXvaqN', 'BEU46mJASu', 'ToYIuw5FT4', 'FtFIJTBQZI', 'n1TIyJd7rv', 'cUnIna9vo8', 'oOLIrni3Ia'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, TpVBDPQJYd154clhki.csHigh entropy of concatenated method names: 'r39SXwCMNv', 'K1wSlwLC2y', 'sv0SRSO5Fa', 'N6eSpM85MA', 'oLWS5saMba', 'FOJSKeiMp7', 'kgdSd6cJD2', 'zAgSjEc5Y0', 'YT8SCtaMj4', 'j2XSGXQOAX'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, WNSfMDCvKK2joU2juB.csHigh entropy of concatenated method names: 'h2Akpf2mQD', 'Eh1kKG864l', 'w2Dkj0QrOV', 'JuqkCFu7xs', 'YbwkP07N0W', 'OKWktcWk2h', 'kiLkW9sMly', 'JJrkBlsNrB', 'n6tkO6BHeG', 'SFPkV6Tiur'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, P40ZASgLGLEWtmaXJW.csHigh entropy of concatenated method names: 'Dispose', 'plmer2kbr5', 'YiPx2qt8EQ', 'vktBBWX5Hd', 'csKeFtZDyJ', 'BZVezN8LDS', 'ProcessDialogKey', 'rUwxhjg2n1', 'Jg1xergwRT', 'wHAxxKt1x6'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, SAJINQGTNBWs4Fc941.csHigh entropy of concatenated method names: 'OMBI5jh2g1', 'c2aIdxLiJE', 'vCJkUZ8wS8', 'NE5k07VRI4', 'KLOkfGHKB4', 'CDskEco1s9', 'wPPkocWqIC', 'yCykYcMIGj', 'TBhkQw7gB3', 'W8GkbSjtrE'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, d3koBjJOZHFbPwKLd0.csHigh entropy of concatenated method names: 'GkjWnjSXol', 'zwjWFUTaOm', 'volBhlmx0v', 'pJQBebKdG2', 'yY8Wqk1d8n', 'gPiWMuNwTa', 'ixFWAl9j7K', 'eorW912xSg', 'JeIWvahIJ2', 'UYJWw7kUdJ'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.87b0000.5.raw.unpack, FP9LkmAMVRYPuXxTmV.csHigh entropy of concatenated method names: 'oXtNjEncIa', 'vfHNCppWAe', 'slmN3bkTc4', 'KnsN2lu1xY', 'j9qN0FApfc', 'KCMNfgiFPt', 'iggNo3DDoo', 'EnENYqBAkL', 'RP3NbVXC3g', 'YXNNqnaqvx'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, Sjg2n1rfg1rgwRTsHA.csHigh entropy of concatenated method names: 'YFdB3X5LPg', 'PDwB2Ayd7W', 'JfjBUlA5Kn', 'dmBB0ACiH8', 'viWB919VNL', 'oefBfMbt7t', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, Ct1x6TFpKd9ORvXgG7.csHigh entropy of concatenated method names: 'pusOeh8Gec', 'tLQOZX6qZA', 'KuLOHyneJx', 'wIZO8IwsNX', 'ITlOgiDkxL', 'jOsOI4FSAy', 'JJ7O4aowJl', 'tEBBy865pM', 'A6wBn1St72', 'GSLBrJBvGi'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, yp6DNBxwcIJTi54C3H.csHigh entropy of concatenated method names: 'Gw9RFUXK4', 'l1vphcZC9', 'gkPKn1qvt', 's2CdJpaN9', 'V5CC8umYi', 'u8eGkG1TU', 'TkjiH2nNqTyNvLJegt', 'emPi01PyJqWNMButIw', 'boTB9soaO', 'xlLVSpLFe'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pJsScy6BttYyZ7vEuF.csHigh entropy of concatenated method names: 'VRQZDiOXxP', 'PavZ8vh6S8', 'gwbZgyWePO', 'T4uZk6buyg', 'wMyZIcAhpT', 'fSMZ4iYfNc', 'pPjZSL6nkN', 'CpMZ6NvQ7y', 'YYAZ1Ermwb', 'dQ3ZT7wTPv'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, GrflPdztJajYxioWF4.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'k5dONUEssJ', 'JgVOPHABqe', 'PsBOtfctll', 'SjuOWeP0QK', 'QsPOBmfGLB', 'rgoOOP8Slj', 'QsTOVqjpdq'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, AIrjvGoD09mHiapsVG.csHigh entropy of concatenated method names: 'dbyS8KYYvH', 'r28Sk1nsV9', 'V5cS4m0nKJ', 'BcF4FgSHfS', 'Gdv4zIoAyY', 'oZxShJ2BKI', 'suSSesOXvo', 'D7ZSxRgv4G', 'wMhSZ4Qy6W', 'mGDSHaZqIB'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, RkLr55i5INQDC9Y2V1.csHigh entropy of concatenated method names: 'X9pWTm1S1B', 'KisW74jhf7', 'ToString', 'bZnW8VlXFv', 'ikVWgc90US', 'C1LWkpfbN3', 'hR6WINUjw8', 'PriW40QK6x', 'svbWSFYvPW', 'ftXW6wBMN6'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, wKtZDynJ5ZVN8LDSBU.csHigh entropy of concatenated method names: 'Sp8B8Sp9tX', 'd1QBgpL4oJ', 'C4VBkw8vrU', 'DtEBIhhep2', 'vTbB4CqrID', 'vX4BS8t7lD', 'uFXB6D1o2W', 'YxXB1redm4', 'R9oBTbclyI', 'tLTB7M98Cn'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, qUbH3w980KqZC4AiIF.csHigh entropy of concatenated method names: 'DlIPbyT1P0', 'whwPMA8AXF', 'Bg7P9ZiT8h', 'JoXPvDF2WN', 'REPP2OFyRC', 'OuHPUlf6bL', 'TIEP06uH32', 'E0FPffCGsN', 'KREPE8QGgC', 'nZSPoFXZgW'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, tVKB2MehoMI39vpFSfF.csHigh entropy of concatenated method names: 'KGtOXQPxm1', 'JLLOlE466X', 'HRvORli6oH', 'OyFOpjYOIU', 'QacO5eD8cJ', 'NvhOKSOGF0', 'MRcOdDNv7l', 'CXROj2gMf7', 'aniOC3x3Lp', 'wHbOGiZpR2'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, cm8RhBE9iuROxmKd5h.csHigh entropy of concatenated method names: 'fcB4wZWMQl', 'XnW4iVDyjF', 'K974uilToE', 'ToString', 'JOJ4JbQ0qP', 'piK4ylF6AD', 'uHoIEN5HkLHXLOeRsup', 'r7AOI15j7Cry9vbhKyL', 'Wq5juX5NngvR1aqiPlR', 'ICcyR65TyIgLnR8s54r'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, iCeJfqHn4LUmYkBf9I.csHigh entropy of concatenated method names: 'KlceSFrBks', 'RHUe69cLWR', 'evKeTK2joU', 'Hjue7BwAJI', 'Yc9eP41Wgk', 'ic3etMkqcY', 'bVkkfcAWLQhDCaA7JD', 'o2BvWay7tdBOxSX17M', 'j0ieeCEP9G', 'MQFeZam46P'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, X8pnHp0SIuPUrgajQX.csHigh entropy of concatenated method names: 'nmd4sOGSTP', 'qHS4Xrhe87', 'Ruk4RhMvvN', 'eNf4pJNc8m', 'lmC4KW2iZ1', 'RWL4dp79Bk', 'DrI4Cw4HKG', 'PHF4GO2rEt', 'lA2C0L5ZxxAiJnQuHU6', 'oD5IOt5UQq79gUHbxIG'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, wuYEL1eZQd5D2DQNQw8.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mOfV9Y7HSb', 'yRoVvPbu6X', 'mt0VwymTLe', 'tgyVi7hgXi', 'JikVubEDlC', 'uMQVJU6jS7', 'ySMVyREud9'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, uFrBksj9HU9cLWRBKk.csHigh entropy of concatenated method names: 'bSmg9mwl1c', 'wXsgvLdoeg', 'upggwuU2xa', 'mwlgiaG6bq', 'gdfguBKkg6', 'CFtgJZaFXA', 'PItgyb0U6c', 'Ys7gn8A3YN', 'zlagrIncjZ', 'QfvgFHORuN'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, pgk4c33MkqcY9aED7p.csHigh entropy of concatenated method names: 'kAT4DykM5D', 'jTA4gEyWGX', 'dRr4Ie8RRX', 'A0h4SXvaqN', 'BEU46mJASu', 'ToYIuw5FT4', 'FtFIJTBQZI', 'n1TIyJd7rv', 'cUnIna9vo8', 'oOLIrni3Ia'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, TpVBDPQJYd154clhki.csHigh entropy of concatenated method names: 'r39SXwCMNv', 'K1wSlwLC2y', 'sv0SRSO5Fa', 'N6eSpM85MA', 'oLWS5saMba', 'FOJSKeiMp7', 'kgdSd6cJD2', 'zAgSjEc5Y0', 'YT8SCtaMj4', 'j2XSGXQOAX'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, WNSfMDCvKK2joU2juB.csHigh entropy of concatenated method names: 'h2Akpf2mQD', 'Eh1kKG864l', 'w2Dkj0QrOV', 'JuqkCFu7xs', 'YbwkP07N0W', 'OKWktcWk2h', 'kiLkW9sMly', 'JJrkBlsNrB', 'n6tkO6BHeG', 'SFPkV6Tiur'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, P40ZASgLGLEWtmaXJW.csHigh entropy of concatenated method names: 'Dispose', 'plmer2kbr5', 'YiPx2qt8EQ', 'vktBBWX5Hd', 'csKeFtZDyJ', 'BZVezN8LDS', 'ProcessDialogKey', 'rUwxhjg2n1', 'Jg1xergwRT', 'wHAxxKt1x6'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, SAJINQGTNBWs4Fc941.csHigh entropy of concatenated method names: 'OMBI5jh2g1', 'c2aIdxLiJE', 'vCJkUZ8wS8', 'NE5k07VRI4', 'KLOkfGHKB4', 'CDskEco1s9', 'wPPkocWqIC', 'yCykYcMIGj', 'TBhkQw7gB3', 'W8GkbSjtrE'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, d3koBjJOZHFbPwKLd0.csHigh entropy of concatenated method names: 'GkjWnjSXol', 'zwjWFUTaOm', 'volBhlmx0v', 'pJQBebKdG2', 'yY8Wqk1d8n', 'gPiWMuNwTa', 'ixFWAl9j7K', 'eorW912xSg', 'JeIWvahIJ2', 'UYJWw7kUdJ'
          Source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.3a44610.1.raw.unpack, FP9LkmAMVRYPuXxTmV.csHigh entropy of concatenated method names: 'oXtNjEncIa', 'vfHNCppWAe', 'slmN3bkTc4', 'KnsN2lu1xY', 'j9qN0FApfc', 'KCMNfgiFPt', 'iggNo3DDoo', 'EnENYqBAkL', 'RP3NbVXC3g', 'YXNNqnaqvx'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe PID: 7396, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeMemory allocated: 2620000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeMemory allocated: 27E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeMemory allocated: 2620000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeMemory allocated: 8850000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeMemory allocated: 6D00000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeMemory allocated: 9850000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeMemory allocated: A850000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E0096E rdtsc 10_2_02E0096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeAPI coverage: 0.3 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe TID: 7416Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Amcache.hve.14.drBinary or memory string: VMware
          Source: Amcache.hve.14.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.14.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.14.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.14.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.14.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.14.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.14.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.14.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.14.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.14.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.14.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.14.drBinary or memory string: vmci.sys
          Source: Amcache.hve.14.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.14.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.14.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.14.drBinary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
          Source: Amcache.hve.14.drBinary or memory string: VMware20,1
          Source: Amcache.hve.14.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.14.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.14.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.14.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.14.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.14.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.14.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.14.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.14.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.14.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.14.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E0096E rdtsc 10_2_02E0096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02C0A LdrInitializeThunk,10_2_02E02C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_004468DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_004468DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_004488DB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,10_2_004488DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA2C3 mov eax, dword ptr fs:[00000030h]10_2_02DCA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA2C3 mov eax, dword ptr fs:[00000030h]10_2_02DCA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA2C3 mov eax, dword ptr fs:[00000030h]10_2_02DCA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA2C3 mov eax, dword ptr fs:[00000030h]10_2_02DCA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA2C3 mov eax, dword ptr fs:[00000030h]10_2_02DCA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD02E1 mov eax, dword ptr fs:[00000030h]10_2_02DD02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD02E1 mov eax, dword ptr fs:[00000030h]10_2_02DD02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD02E1 mov eax, dword ptr fs:[00000030h]10_2_02DD02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E962D6 mov eax, dword ptr fs:[00000030h]10_2_02E962D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E562A0 mov eax, dword ptr fs:[00000030h]10_2_02E562A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E562A0 mov ecx, dword ptr fs:[00000030h]10_2_02E562A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E562A0 mov eax, dword ptr fs:[00000030h]10_2_02E562A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E562A0 mov eax, dword ptr fs:[00000030h]10_2_02E562A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E562A0 mov eax, dword ptr fs:[00000030h]10_2_02E562A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E562A0 mov eax, dword ptr fs:[00000030h]10_2_02E562A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE284 mov eax, dword ptr fs:[00000030h]10_2_02DFE284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE284 mov eax, dword ptr fs:[00000030h]10_2_02DFE284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E40283 mov eax, dword ptr fs:[00000030h]10_2_02E40283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E40283 mov eax, dword ptr fs:[00000030h]10_2_02E40283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E40283 mov eax, dword ptr fs:[00000030h]10_2_02E40283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD02A0 mov eax, dword ptr fs:[00000030h]10_2_02DD02A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD02A0 mov eax, dword ptr fs:[00000030h]10_2_02DD02A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC6259 mov eax, dword ptr fs:[00000030h]10_2_02DC6259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBA250 mov eax, dword ptr fs:[00000030h]10_2_02DBA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E70274 mov eax, dword ptr fs:[00000030h]10_2_02E70274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E48243 mov eax, dword ptr fs:[00000030h]10_2_02E48243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E48243 mov ecx, dword ptr fs:[00000030h]10_2_02E48243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DB826B mov eax, dword ptr fs:[00000030h]10_2_02DB826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E9625D mov eax, dword ptr fs:[00000030h]10_2_02E9625D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7A250 mov eax, dword ptr fs:[00000030h]10_2_02E7A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7A250 mov eax, dword ptr fs:[00000030h]10_2_02E7A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC4260 mov eax, dword ptr fs:[00000030h]10_2_02DC4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC4260 mov eax, dword ptr fs:[00000030h]10_2_02DC4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC4260 mov eax, dword ptr fs:[00000030h]10_2_02DC4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DB823B mov eax, dword ptr fs:[00000030h]10_2_02DB823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h]10_2_02DCA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h]10_2_02DCA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h]10_2_02DCA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h]10_2_02DCA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h]10_2_02DCA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA3C0 mov eax, dword ptr fs:[00000030h]10_2_02DCA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC83C0 mov eax, dword ptr fs:[00000030h]10_2_02DC83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC83C0 mov eax, dword ptr fs:[00000030h]10_2_02DC83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC83C0 mov eax, dword ptr fs:[00000030h]10_2_02DC83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC83C0 mov eax, dword ptr fs:[00000030h]10_2_02DC83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF63FF mov eax, dword ptr fs:[00000030h]10_2_02DF63FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E463C0 mov eax, dword ptr fs:[00000030h]10_2_02E463C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7C3CD mov eax, dword ptr fs:[00000030h]10_2_02E7C3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDE3F0 mov eax, dword ptr fs:[00000030h]10_2_02DDE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDE3F0 mov eax, dword ptr fs:[00000030h]10_2_02DDE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDE3F0 mov eax, dword ptr fs:[00000030h]10_2_02DDE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E643D4 mov eax, dword ptr fs:[00000030h]10_2_02E643D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E643D4 mov eax, dword ptr fs:[00000030h]10_2_02E643D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h]10_2_02DD03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h]10_2_02DD03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h]10_2_02DD03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h]10_2_02DD03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h]10_2_02DD03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h]10_2_02DD03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h]10_2_02DD03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD03E9 mov eax, dword ptr fs:[00000030h]10_2_02DD03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E3DB mov eax, dword ptr fs:[00000030h]10_2_02E6E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E3DB mov eax, dword ptr fs:[00000030h]10_2_02E6E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E3DB mov ecx, dword ptr fs:[00000030h]10_2_02E6E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E3DB mov eax, dword ptr fs:[00000030h]10_2_02E6E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DB8397 mov eax, dword ptr fs:[00000030h]10_2_02DB8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DB8397 mov eax, dword ptr fs:[00000030h]10_2_02DB8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DB8397 mov eax, dword ptr fs:[00000030h]10_2_02DB8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE438F mov eax, dword ptr fs:[00000030h]10_2_02DE438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE438F mov eax, dword ptr fs:[00000030h]10_2_02DE438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBE388 mov eax, dword ptr fs:[00000030h]10_2_02DBE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBE388 mov eax, dword ptr fs:[00000030h]10_2_02DBE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBE388 mov eax, dword ptr fs:[00000030h]10_2_02DBE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6437C mov eax, dword ptr fs:[00000030h]10_2_02E6437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E9634F mov eax, dword ptr fs:[00000030h]10_2_02E9634F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E42349 mov eax, dword ptr fs:[00000030h]10_2_02E42349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E68350 mov ecx, dword ptr fs:[00000030h]10_2_02E68350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4035C mov eax, dword ptr fs:[00000030h]10_2_02E4035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4035C mov eax, dword ptr fs:[00000030h]10_2_02E4035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4035C mov eax, dword ptr fs:[00000030h]10_2_02E4035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4035C mov ecx, dword ptr fs:[00000030h]10_2_02E4035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4035C mov eax, dword ptr fs:[00000030h]10_2_02E4035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4035C mov eax, dword ptr fs:[00000030h]10_2_02E4035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8A352 mov eax, dword ptr fs:[00000030h]10_2_02E8A352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBC310 mov ecx, dword ptr fs:[00000030h]10_2_02DBC310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E98324 mov eax, dword ptr fs:[00000030h]10_2_02E98324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E98324 mov ecx, dword ptr fs:[00000030h]10_2_02E98324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E98324 mov eax, dword ptr fs:[00000030h]10_2_02E98324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E98324 mov eax, dword ptr fs:[00000030h]10_2_02E98324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE0310 mov ecx, dword ptr fs:[00000030h]10_2_02DE0310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA30B mov eax, dword ptr fs:[00000030h]10_2_02DFA30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA30B mov eax, dword ptr fs:[00000030h]10_2_02DFA30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA30B mov eax, dword ptr fs:[00000030h]10_2_02DFA30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E460E0 mov eax, dword ptr fs:[00000030h]10_2_02E460E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E020F0 mov ecx, dword ptr fs:[00000030h]10_2_02E020F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBC0F0 mov eax, dword ptr fs:[00000030h]10_2_02DBC0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC80E9 mov eax, dword ptr fs:[00000030h]10_2_02DC80E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBA0E3 mov ecx, dword ptr fs:[00000030h]10_2_02DBA0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E420DE mov eax, dword ptr fs:[00000030h]10_2_02E420DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E580A8 mov eax, dword ptr fs:[00000030h]10_2_02E580A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E860B8 mov eax, dword ptr fs:[00000030h]10_2_02E860B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E860B8 mov ecx, dword ptr fs:[00000030h]10_2_02E860B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC208A mov eax, dword ptr fs:[00000030h]10_2_02DC208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DB80A0 mov eax, dword ptr fs:[00000030h]10_2_02DB80A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC2050 mov eax, dword ptr fs:[00000030h]10_2_02DC2050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEC073 mov eax, dword ptr fs:[00000030h]10_2_02DEC073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E46050 mov eax, dword ptr fs:[00000030h]10_2_02E46050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDE016 mov eax, dword ptr fs:[00000030h]10_2_02DDE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDE016 mov eax, dword ptr fs:[00000030h]10_2_02DDE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDE016 mov eax, dword ptr fs:[00000030h]10_2_02DDE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDE016 mov eax, dword ptr fs:[00000030h]10_2_02DDE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E56030 mov eax, dword ptr fs:[00000030h]10_2_02E56030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E44000 mov ecx, dword ptr fs:[00000030h]10_2_02E44000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h]10_2_02E62000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h]10_2_02E62000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h]10_2_02E62000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h]10_2_02E62000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h]10_2_02E62000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h]10_2_02E62000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h]10_2_02E62000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E62000 mov eax, dword ptr fs:[00000030h]10_2_02E62000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBA020 mov eax, dword ptr fs:[00000030h]10_2_02DBA020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBC020 mov eax, dword ptr fs:[00000030h]10_2_02DBC020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E961E5 mov eax, dword ptr fs:[00000030h]10_2_02E961E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF01F8 mov eax, dword ptr fs:[00000030h]10_2_02DF01F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E861C3 mov eax, dword ptr fs:[00000030h]10_2_02E861C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E861C3 mov eax, dword ptr fs:[00000030h]10_2_02E861C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3E1D0 mov eax, dword ptr fs:[00000030h]10_2_02E3E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3E1D0 mov eax, dword ptr fs:[00000030h]10_2_02E3E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3E1D0 mov ecx, dword ptr fs:[00000030h]10_2_02E3E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3E1D0 mov eax, dword ptr fs:[00000030h]10_2_02E3E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3E1D0 mov eax, dword ptr fs:[00000030h]10_2_02E3E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBA197 mov eax, dword ptr fs:[00000030h]10_2_02DBA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBA197 mov eax, dword ptr fs:[00000030h]10_2_02DBA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBA197 mov eax, dword ptr fs:[00000030h]10_2_02DBA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E00185 mov eax, dword ptr fs:[00000030h]10_2_02E00185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E64180 mov eax, dword ptr fs:[00000030h]10_2_02E64180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E64180 mov eax, dword ptr fs:[00000030h]10_2_02E64180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7C188 mov eax, dword ptr fs:[00000030h]10_2_02E7C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7C188 mov eax, dword ptr fs:[00000030h]10_2_02E7C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4019F mov eax, dword ptr fs:[00000030h]10_2_02E4019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4019F mov eax, dword ptr fs:[00000030h]10_2_02E4019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4019F mov eax, dword ptr fs:[00000030h]10_2_02E4019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4019F mov eax, dword ptr fs:[00000030h]10_2_02E4019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC6154 mov eax, dword ptr fs:[00000030h]10_2_02DC6154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC6154 mov eax, dword ptr fs:[00000030h]10_2_02DC6154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBC156 mov eax, dword ptr fs:[00000030h]10_2_02DBC156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94164 mov eax, dword ptr fs:[00000030h]10_2_02E94164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94164 mov eax, dword ptr fs:[00000030h]10_2_02E94164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E54144 mov eax, dword ptr fs:[00000030h]10_2_02E54144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E54144 mov eax, dword ptr fs:[00000030h]10_2_02E54144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E54144 mov ecx, dword ptr fs:[00000030h]10_2_02E54144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E54144 mov eax, dword ptr fs:[00000030h]10_2_02E54144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E54144 mov eax, dword ptr fs:[00000030h]10_2_02E54144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E58158 mov eax, dword ptr fs:[00000030h]10_2_02E58158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h]10_2_02E6E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E10E mov ecx, dword ptr fs:[00000030h]10_2_02E6E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h]10_2_02E6E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h]10_2_02E6E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E10E mov ecx, dword ptr fs:[00000030h]10_2_02E6E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h]10_2_02E6E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h]10_2_02E6E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E10E mov ecx, dword ptr fs:[00000030h]10_2_02E6E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E10E mov eax, dword ptr fs:[00000030h]10_2_02E6E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6E10E mov ecx, dword ptr fs:[00000030h]10_2_02E6E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF0124 mov eax, dword ptr fs:[00000030h]10_2_02DF0124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E80115 mov eax, dword ptr fs:[00000030h]10_2_02E80115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6A118 mov ecx, dword ptr fs:[00000030h]10_2_02E6A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6A118 mov eax, dword ptr fs:[00000030h]10_2_02E6A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6A118 mov eax, dword ptr fs:[00000030h]10_2_02E6A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6A118 mov eax, dword ptr fs:[00000030h]10_2_02E6A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3E6F2 mov eax, dword ptr fs:[00000030h]10_2_02E3E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3E6F2 mov eax, dword ptr fs:[00000030h]10_2_02E3E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3E6F2 mov eax, dword ptr fs:[00000030h]10_2_02E3E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3E6F2 mov eax, dword ptr fs:[00000030h]10_2_02E3E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E406F1 mov eax, dword ptr fs:[00000030h]10_2_02E406F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E406F1 mov eax, dword ptr fs:[00000030h]10_2_02E406F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA6C7 mov ebx, dword ptr fs:[00000030h]10_2_02DFA6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA6C7 mov eax, dword ptr fs:[00000030h]10_2_02DFA6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC4690 mov eax, dword ptr fs:[00000030h]10_2_02DC4690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC4690 mov eax, dword ptr fs:[00000030h]10_2_02DC4690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF66B0 mov eax, dword ptr fs:[00000030h]10_2_02DF66B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFC6A6 mov eax, dword ptr fs:[00000030h]10_2_02DFC6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8866E mov eax, dword ptr fs:[00000030h]10_2_02E8866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8866E mov eax, dword ptr fs:[00000030h]10_2_02E8866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDC640 mov eax, dword ptr fs:[00000030h]10_2_02DDC640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF2674 mov eax, dword ptr fs:[00000030h]10_2_02DF2674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA660 mov eax, dword ptr fs:[00000030h]10_2_02DFA660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA660 mov eax, dword ptr fs:[00000030h]10_2_02DFA660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h]10_2_02DD260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h]10_2_02DD260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h]10_2_02DD260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h]10_2_02DD260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h]10_2_02DD260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h]10_2_02DD260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD260B mov eax, dword ptr fs:[00000030h]10_2_02DD260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3E609 mov eax, dword ptr fs:[00000030h]10_2_02E3E609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC262C mov eax, dword ptr fs:[00000030h]10_2_02DC262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02619 mov eax, dword ptr fs:[00000030h]10_2_02E02619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DDE627 mov eax, dword ptr fs:[00000030h]10_2_02DDE627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF6620 mov eax, dword ptr fs:[00000030h]10_2_02DF6620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF8620 mov eax, dword ptr fs:[00000030h]10_2_02DF8620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4E7E1 mov eax, dword ptr fs:[00000030h]10_2_02E4E7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCC7C0 mov eax, dword ptr fs:[00000030h]10_2_02DCC7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC47FB mov eax, dword ptr fs:[00000030h]10_2_02DC47FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC47FB mov eax, dword ptr fs:[00000030h]10_2_02DC47FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E407C3 mov eax, dword ptr fs:[00000030h]10_2_02E407C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE27ED mov eax, dword ptr fs:[00000030h]10_2_02DE27ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE27ED mov eax, dword ptr fs:[00000030h]10_2_02DE27ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE27ED mov eax, dword ptr fs:[00000030h]10_2_02DE27ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E747A0 mov eax, dword ptr fs:[00000030h]10_2_02E747A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6678E mov eax, dword ptr fs:[00000030h]10_2_02E6678E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC07AF mov eax, dword ptr fs:[00000030h]10_2_02DC07AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC0750 mov eax, dword ptr fs:[00000030h]10_2_02DC0750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF674D mov esi, dword ptr fs:[00000030h]10_2_02DF674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF674D mov eax, dword ptr fs:[00000030h]10_2_02DF674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF674D mov eax, dword ptr fs:[00000030h]10_2_02DF674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC8770 mov eax, dword ptr fs:[00000030h]10_2_02DC8770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0770 mov eax, dword ptr fs:[00000030h]10_2_02DD0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02750 mov eax, dword ptr fs:[00000030h]10_2_02E02750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E02750 mov eax, dword ptr fs:[00000030h]10_2_02E02750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E44755 mov eax, dword ptr fs:[00000030h]10_2_02E44755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4E75D mov eax, dword ptr fs:[00000030h]10_2_02E4E75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC0710 mov eax, dword ptr fs:[00000030h]10_2_02DC0710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF0710 mov eax, dword ptr fs:[00000030h]10_2_02DF0710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3C730 mov eax, dword ptr fs:[00000030h]10_2_02E3C730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFC700 mov eax, dword ptr fs:[00000030h]10_2_02DFC700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF273C mov eax, dword ptr fs:[00000030h]10_2_02DF273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF273C mov ecx, dword ptr fs:[00000030h]10_2_02DF273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF273C mov eax, dword ptr fs:[00000030h]10_2_02DF273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFC720 mov eax, dword ptr fs:[00000030h]10_2_02DFC720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFC720 mov eax, dword ptr fs:[00000030h]10_2_02DFC720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC04E5 mov ecx, dword ptr fs:[00000030h]10_2_02DC04E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4A4B0 mov eax, dword ptr fs:[00000030h]10_2_02E4A4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF44B0 mov ecx, dword ptr fs:[00000030h]10_2_02DF44B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC64AB mov eax, dword ptr fs:[00000030h]10_2_02DC64AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7A49A mov eax, dword ptr fs:[00000030h]10_2_02E7A49A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE245A mov eax, dword ptr fs:[00000030h]10_2_02DE245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4C460 mov ecx, dword ptr fs:[00000030h]10_2_02E4C460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DB645D mov eax, dword ptr fs:[00000030h]10_2_02DB645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h]10_2_02DFE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h]10_2_02DFE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h]10_2_02DFE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h]10_2_02DFE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h]10_2_02DFE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h]10_2_02DFE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h]10_2_02DFE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE443 mov eax, dword ptr fs:[00000030h]10_2_02DFE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEA470 mov eax, dword ptr fs:[00000030h]10_2_02DEA470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEA470 mov eax, dword ptr fs:[00000030h]10_2_02DEA470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEA470 mov eax, dword ptr fs:[00000030h]10_2_02DEA470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E7A456 mov eax, dword ptr fs:[00000030h]10_2_02E7A456
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h]10_2_02E46420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h]10_2_02E46420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h]10_2_02E46420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h]10_2_02E46420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h]10_2_02E46420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h]10_2_02E46420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E46420 mov eax, dword ptr fs:[00000030h]10_2_02E46420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF8402 mov eax, dword ptr fs:[00000030h]10_2_02DF8402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF8402 mov eax, dword ptr fs:[00000030h]10_2_02DF8402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF8402 mov eax, dword ptr fs:[00000030h]10_2_02DF8402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA430 mov eax, dword ptr fs:[00000030h]10_2_02DFA430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBE420 mov eax, dword ptr fs:[00000030h]10_2_02DBE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBE420 mov eax, dword ptr fs:[00000030h]10_2_02DBE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBE420 mov eax, dword ptr fs:[00000030h]10_2_02DBE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBC427 mov eax, dword ptr fs:[00000030h]10_2_02DBC427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC65D0 mov eax, dword ptr fs:[00000030h]10_2_02DC65D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA5D0 mov eax, dword ptr fs:[00000030h]10_2_02DFA5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA5D0 mov eax, dword ptr fs:[00000030h]10_2_02DFA5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE5CF mov eax, dword ptr fs:[00000030h]10_2_02DFE5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE5CF mov eax, dword ptr fs:[00000030h]10_2_02DFE5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFC5ED mov eax, dword ptr fs:[00000030h]10_2_02DFC5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFC5ED mov eax, dword ptr fs:[00000030h]10_2_02DFC5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h]10_2_02DEE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h]10_2_02DEE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h]10_2_02DEE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h]10_2_02DEE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h]10_2_02DEE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h]10_2_02DEE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h]10_2_02DEE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE5E7 mov eax, dword ptr fs:[00000030h]10_2_02DEE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC25E0 mov eax, dword ptr fs:[00000030h]10_2_02DC25E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFE59C mov eax, dword ptr fs:[00000030h]10_2_02DFE59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E405A7 mov eax, dword ptr fs:[00000030h]10_2_02E405A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E405A7 mov eax, dword ptr fs:[00000030h]10_2_02E405A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E405A7 mov eax, dword ptr fs:[00000030h]10_2_02E405A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF4588 mov eax, dword ptr fs:[00000030h]10_2_02DF4588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC2582 mov eax, dword ptr fs:[00000030h]10_2_02DC2582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC2582 mov ecx, dword ptr fs:[00000030h]10_2_02DC2582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE45B1 mov eax, dword ptr fs:[00000030h]10_2_02DE45B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE45B1 mov eax, dword ptr fs:[00000030h]10_2_02DE45B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC8550 mov eax, dword ptr fs:[00000030h]10_2_02DC8550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC8550 mov eax, dword ptr fs:[00000030h]10_2_02DC8550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF656A mov eax, dword ptr fs:[00000030h]10_2_02DF656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF656A mov eax, dword ptr fs:[00000030h]10_2_02DF656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF656A mov eax, dword ptr fs:[00000030h]10_2_02DF656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE53E mov eax, dword ptr fs:[00000030h]10_2_02DEE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE53E mov eax, dword ptr fs:[00000030h]10_2_02DEE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE53E mov eax, dword ptr fs:[00000030h]10_2_02DEE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE53E mov eax, dword ptr fs:[00000030h]10_2_02DEE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE53E mov eax, dword ptr fs:[00000030h]10_2_02DEE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E56500 mov eax, dword ptr fs:[00000030h]10_2_02E56500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h]10_2_02DD0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h]10_2_02DD0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h]10_2_02DD0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h]10_2_02DD0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h]10_2_02DD0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0535 mov eax, dword ptr fs:[00000030h]10_2_02DD0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h]10_2_02E94500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h]10_2_02E94500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h]10_2_02E94500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h]10_2_02E94500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h]10_2_02E94500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h]10_2_02E94500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94500 mov eax, dword ptr fs:[00000030h]10_2_02E94500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC0AD0 mov eax, dword ptr fs:[00000030h]10_2_02DC0AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF4AD0 mov eax, dword ptr fs:[00000030h]10_2_02DF4AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF4AD0 mov eax, dword ptr fs:[00000030h]10_2_02DF4AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E16ACC mov eax, dword ptr fs:[00000030h]10_2_02E16ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E16ACC mov eax, dword ptr fs:[00000030h]10_2_02E16ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E16ACC mov eax, dword ptr fs:[00000030h]10_2_02E16ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFAAEE mov eax, dword ptr fs:[00000030h]10_2_02DFAAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFAAEE mov eax, dword ptr fs:[00000030h]10_2_02DFAAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E16AA4 mov eax, dword ptr fs:[00000030h]10_2_02E16AA4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF8A90 mov edx, dword ptr fs:[00000030h]10_2_02DF8A90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h]10_2_02DCEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h]10_2_02DCEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h]10_2_02DCEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h]10_2_02DCEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h]10_2_02DCEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h]10_2_02DCEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h]10_2_02DCEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h]10_2_02DCEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCEA80 mov eax, dword ptr fs:[00000030h]10_2_02DCEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94A80 mov eax, dword ptr fs:[00000030h]10_2_02E94A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC8AA0 mov eax, dword ptr fs:[00000030h]10_2_02DC8AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC8AA0 mov eax, dword ptr fs:[00000030h]10_2_02DC8AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0A5B mov eax, dword ptr fs:[00000030h]10_2_02DD0A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0A5B mov eax, dword ptr fs:[00000030h]10_2_02DD0A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6EA60 mov eax, dword ptr fs:[00000030h]10_2_02E6EA60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h]10_2_02DC6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h]10_2_02DC6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h]10_2_02DC6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h]10_2_02DC6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h]10_2_02DC6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h]10_2_02DC6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC6A50 mov eax, dword ptr fs:[00000030h]10_2_02DC6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3CA72 mov eax, dword ptr fs:[00000030h]10_2_02E3CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3CA72 mov eax, dword ptr fs:[00000030h]10_2_02E3CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFCA6F mov eax, dword ptr fs:[00000030h]10_2_02DFCA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFCA6F mov eax, dword ptr fs:[00000030h]10_2_02DFCA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFCA6F mov eax, dword ptr fs:[00000030h]10_2_02DFCA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFCA38 mov eax, dword ptr fs:[00000030h]10_2_02DFCA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE4A35 mov eax, dword ptr fs:[00000030h]10_2_02DE4A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE4A35 mov eax, dword ptr fs:[00000030h]10_2_02DE4A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEEA2E mov eax, dword ptr fs:[00000030h]10_2_02DEEA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4CA11 mov eax, dword ptr fs:[00000030h]10_2_02E4CA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFCA24 mov eax, dword ptr fs:[00000030h]10_2_02DFCA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC0BCD mov eax, dword ptr fs:[00000030h]10_2_02DC0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC0BCD mov eax, dword ptr fs:[00000030h]10_2_02DC0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC0BCD mov eax, dword ptr fs:[00000030h]10_2_02DC0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4CBF0 mov eax, dword ptr fs:[00000030h]10_2_02E4CBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE0BCB mov eax, dword ptr fs:[00000030h]10_2_02DE0BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE0BCB mov eax, dword ptr fs:[00000030h]10_2_02DE0BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE0BCB mov eax, dword ptr fs:[00000030h]10_2_02DE0BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEEBFC mov eax, dword ptr fs:[00000030h]10_2_02DEEBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC8BF0 mov eax, dword ptr fs:[00000030h]10_2_02DC8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC8BF0 mov eax, dword ptr fs:[00000030h]10_2_02DC8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC8BF0 mov eax, dword ptr fs:[00000030h]10_2_02DC8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6EBD0 mov eax, dword ptr fs:[00000030h]10_2_02E6EBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E74BB0 mov eax, dword ptr fs:[00000030h]10_2_02E74BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E74BB0 mov eax, dword ptr fs:[00000030h]10_2_02E74BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0BBE mov eax, dword ptr fs:[00000030h]10_2_02DD0BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD0BBE mov eax, dword ptr fs:[00000030h]10_2_02DD0BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DB8B50 mov eax, dword ptr fs:[00000030h]10_2_02DB8B50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E68B42 mov eax, dword ptr fs:[00000030h]10_2_02E68B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DBCB7E mov eax, dword ptr fs:[00000030h]10_2_02DBCB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E56B40 mov eax, dword ptr fs:[00000030h]10_2_02E56B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E56B40 mov eax, dword ptr fs:[00000030h]10_2_02E56B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8AB40 mov eax, dword ptr fs:[00000030h]10_2_02E8AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E74B4B mov eax, dword ptr fs:[00000030h]10_2_02E74B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E74B4B mov eax, dword ptr fs:[00000030h]10_2_02E74B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6EB50 mov eax, dword ptr fs:[00000030h]10_2_02E6EB50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E92B57 mov eax, dword ptr fs:[00000030h]10_2_02E92B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E92B57 mov eax, dword ptr fs:[00000030h]10_2_02E92B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E92B57 mov eax, dword ptr fs:[00000030h]10_2_02E92B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E92B57 mov eax, dword ptr fs:[00000030h]10_2_02E92B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E88B28 mov eax, dword ptr fs:[00000030h]10_2_02E88B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E88B28 mov eax, dword ptr fs:[00000030h]10_2_02E88B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E94B00 mov eax, dword ptr fs:[00000030h]10_2_02E94B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h]10_2_02E3EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h]10_2_02E3EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h]10_2_02E3EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h]10_2_02E3EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h]10_2_02E3EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h]10_2_02E3EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h]10_2_02E3EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h]10_2_02E3EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E3EB1D mov eax, dword ptr fs:[00000030h]10_2_02E3EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEEB20 mov eax, dword ptr fs:[00000030h]10_2_02DEEB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEEB20 mov eax, dword ptr fs:[00000030h]10_2_02DEEB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8A8E4 mov eax, dword ptr fs:[00000030h]10_2_02E8A8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DEE8C0 mov eax, dword ptr fs:[00000030h]10_2_02DEE8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFC8F9 mov eax, dword ptr fs:[00000030h]10_2_02DFC8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFC8F9 mov eax, dword ptr fs:[00000030h]10_2_02DFC8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E908C0 mov eax, dword ptr fs:[00000030h]10_2_02E908C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC0887 mov eax, dword ptr fs:[00000030h]10_2_02DC0887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4C89D mov eax, dword ptr fs:[00000030h]10_2_02E4C89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC4859 mov eax, dword ptr fs:[00000030h]10_2_02DC4859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC4859 mov eax, dword ptr fs:[00000030h]10_2_02DC4859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF0854 mov eax, dword ptr fs:[00000030h]10_2_02DF0854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E56870 mov eax, dword ptr fs:[00000030h]10_2_02E56870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E56870 mov eax, dword ptr fs:[00000030h]10_2_02E56870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4E872 mov eax, dword ptr fs:[00000030h]10_2_02E4E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4E872 mov eax, dword ptr fs:[00000030h]10_2_02E4E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD2840 mov ecx, dword ptr fs:[00000030h]10_2_02DD2840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6483A mov eax, dword ptr fs:[00000030h]10_2_02E6483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E6483A mov eax, dword ptr fs:[00000030h]10_2_02E6483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE2835 mov eax, dword ptr fs:[00000030h]10_2_02DE2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE2835 mov eax, dword ptr fs:[00000030h]10_2_02DE2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE2835 mov eax, dword ptr fs:[00000030h]10_2_02DE2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE2835 mov ecx, dword ptr fs:[00000030h]10_2_02DE2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE2835 mov eax, dword ptr fs:[00000030h]10_2_02DE2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DE2835 mov eax, dword ptr fs:[00000030h]10_2_02DE2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DFA830 mov eax, dword ptr fs:[00000030h]10_2_02DFA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4C810 mov eax, dword ptr fs:[00000030h]10_2_02E4C810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4E9E0 mov eax, dword ptr fs:[00000030h]10_2_02E4E9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h]10_2_02DCA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h]10_2_02DCA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h]10_2_02DCA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h]10_2_02DCA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h]10_2_02DCA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DCA9D0 mov eax, dword ptr fs:[00000030h]10_2_02DCA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF49D0 mov eax, dword ptr fs:[00000030h]10_2_02DF49D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E569C0 mov eax, dword ptr fs:[00000030h]10_2_02E569C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF29F9 mov eax, dword ptr fs:[00000030h]10_2_02DF29F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DF29F9 mov eax, dword ptr fs:[00000030h]10_2_02DF29F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E8A9D3 mov eax, dword ptr fs:[00000030h]10_2_02E8A9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E489B3 mov esi, dword ptr fs:[00000030h]10_2_02E489B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E489B3 mov eax, dword ptr fs:[00000030h]10_2_02E489B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E489B3 mov eax, dword ptr fs:[00000030h]10_2_02E489B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC09AD mov eax, dword ptr fs:[00000030h]10_2_02DC09AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DC09AD mov eax, dword ptr fs:[00000030h]10_2_02DC09AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02DD29A0 mov eax, dword ptr fs:[00000030h]10_2_02DD29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E0096E mov eax, dword ptr fs:[00000030h]10_2_02E0096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E0096E mov edx, dword ptr fs:[00000030h]10_2_02E0096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E0096E mov eax, dword ptr fs:[00000030h]10_2_02E0096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E4C97C mov eax, dword ptr fs:[00000030h]10_2_02E4C97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E64978 mov eax, dword ptr fs:[00000030h]10_2_02E64978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E64978 mov eax, dword ptr fs:[00000030h]10_2_02E64978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_02E40946 mov eax, dword ptr fs:[00000030h]10_2_02E40946
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_004468DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_004468DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_0044838B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_0044838B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeCode function: 10_2_00447EBF GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,10_2_00447EBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.14.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.14.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.14.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.14.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API          		1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		OS Credential Dumping1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory41
          Security Software Discovery          		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager1
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS41
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets13
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
          Obfuscated Files or Information          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe34%ReversingLabsByteCode-MSIL.Trojan.Generic
          SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe100%AviraHEUR/AGEN.1306920
          SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://upx.sf.net0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://upx.sf.netAmcache.hve.14.drfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1500930
          Start date and time:2024-08-29 06:25:34 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 6m 43s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Run name:Run with higher sleep bypass
          Number of analysed new started processes analysed:20
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Detection:MAL
          Classification:mal96.troj.evad.winEXE@4/6@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 90%
          • Number of executed functions: 59
          • Number of non-executed functions: 284
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.168.117.173
          • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_63a398733eb022277bb9af1c3c9264b7698853_7c9b2bbd_9d6b131c-0258-4862-baf4-76744983edd6\Report.wer

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.7385559230061234
          Encrypted:false
          SSDEEP:96:kxVFIzANinypsogOSCCO3fsQXIDcQvc6QcEVcw3cE/n+HbHgnoW6HeOyWZAX/d5+:kjBNiypV0BU/gjzqzuiFPZ24IO8H9
          MD5:5B6F089B7107B377981E2B8888AEC25C
          SHA1:BF335A07390C89547A02819AF4A303C9898201C9
          SHA-256:E8B4C82140420C55D590EDB863A5ECD4F02EA244155A25F34FC350F26FB9936C
          SHA-512:B363E5375428E04FFC126A85BB1A5835FC23353AA3DA6D56B761763DA7B0BD504684F9674D6B41D16C7AF027186FACABE729C7816007F98104FC0B1697B5E783
          Malicious:false
          Reputation:low
          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.3.7.9.2.1.3.2.4.2.2.9.3.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.9.3.7.9.2.1.3.5.0.7.8.5.7.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.d.6.b.1.3.1.c.-.0.2.5.8.-.4.8.6.2.-.b.a.f.4.-.7.6.7.4.4.9.8.3.e.d.d.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.6.9.2.1.6.6.0.-.5.8.f.6.-.4.b.a.2.-.9.c.b.1.-.9.b.c.7.b.3.2.a.a.7.b.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...M.S.I.L._.K.r.y.p.t.i.k...K.T.U...g.e.n...E.l.d.o.r.a.d.o...3.0.0.2.0...1.4.9.1.1...e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.u.m.m.J...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.b.4.-.0.0.0.1.-.0.0.1.3.-.9.c.3.3.-.7.5.a.3.c.b.f.9.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.f.0.5.9.9.e.7.8.4.a.3.6.8.3.3.2.1.0.c.7.6.0.9.c.b.c.7.f.a.7.c.0.0.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WER6665.tmp.dmp

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Mini DuMP crash report, 14 streams, Thu Aug 29 04:26:53 2024, 0x1205a4 type
          Category:dropped
          Size (bytes):40610
          Entropy (8bit):1.6528653951908447
          Encrypted:false
          SSDEEP:96:5rn8GfDmDxcQBwT8TdxwG1i7lisM7hzSnx0Xu3VBvMvyES14f9+oWIkWIXzIeVed:2Gf+qoBF1OcInx//MKEeXVexj
          MD5:E91CA17E6C84BB0E40F1757711ABC5B8
          SHA1:A7216B4431287CE214FD1F39187889D556E6E088
          SHA-256:25DA3025D83CD3735C0D652D20662A344276747F990EB3AE1926CCFBCE227746
          SHA-512:480CB00EE27040C44420781236B00DEDD2CD0D8DE949707BDBBCD2752C9ACA84B40798490EDF0C864C2596348EC7BDFF7BE7096F7399D2759F69BF4C5D054213
          Malicious:false
          Reputation:low
          Preview:MDMP..a..... ..........f....................................$..."...........T.......8...........T......................................................................................................................eJ..............GenuineIntel............T...........}..f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\ProgramData\Microsoft\Windows\WER\Temp\WER66C3.tmp.WERInternalMetadata.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):6592
          Entropy (8bit):3.7342061302256204
          Encrypted:false
          SSDEEP:96:RSIU6o7wVetbP+6RVYjx1QE/LrL5aM4UH89bbSsf5tpm:R6l7wVeJP+6RVYjx1BprH89bbSsfTpm
          MD5:A2EEDF30F4862C14C216B0F5A9824D16
          SHA1:3429593C9187E67738FD4F65C8C14FDD68C97144
          SHA-256:06BD4D9FBF530351842956F9B70F142908AEB43049E87FB34B75743E2DE5AE07
          SHA-512:3DD3590C1C621CE408D5EBA563E73EEB06D4E9D0A1C0CE77898202FFD7081414006E25E0F489B7E8576D2CB3F252036516E20A58D5BCA10D923A6798B2DCEBAB
          Malicious:false
          Reputation:low
          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.1.1.6.<./.P.i.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WER66E4.tmp.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):4992
          Entropy (8bit):4.634776259941635
          Encrypted:false
          SSDEEP:48:cvIwWl8zs9Jg77aI9NqWpW8VYUYm8M4Ja0y+Fq1Fv+q8pg0WlKoJR2i/i0d:uIjfXI7LL7VcJa0y0q/Kg0WkoJMi/i0d
          MD5:C27D837F9AE4880981CCE45E9C10EC70
          SHA1:9C4E6F1D8D7EF23AEB9C34961C80C20E19EEFDF5
          SHA-256:9A90C3C5BA46FB275E0DF9BF18B937668D03A48F8B9C84ECB2419847E03A109A
          SHA-512:4841E336E4D9AED728E1D73DB9DC27930DC4F3255DA1A8E0EF70CBD6802AF084006A152FA94A01D82C22AF74107057A516DFF5D1659F9979CD7F2862FE83EBD6
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="476369" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe.log

          Download File
          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1216
          Entropy (8bit):5.34331486778365
          Encrypted:false
          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
          MD5:1330C80CAAC9A0FB172F202485E9B1E8
          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
          Malicious:true
          Reputation:high, very likely benign file
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

          C:\Windows\appcompat\Programs\Amcache.hve

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):1835008
          Entropy (8bit):4.296007658535763
          Encrypted:false
          SSDEEP:6144:d41fWRYkg7Di2vXoy00lWZgiWaaKxC44Q0NbuDs+xXmBMZJh1VjM:q1/YCW2AoQ0NiDXwMHrVQ
          MD5:4471A0D23F3CD35FC33E95E9401A9BD5
          SHA1:2A4B9CF1C10E54B9094837286D4DB4FEEEEE1D7F
          SHA-256:3CE2D1B59E80A660FFD33CD91D3EDE958B11106B3CEEC616A12510A469D69A35
          SHA-512:552A0AC24EB66E6122328206642EC335C22929B7FBD84DFDF21D234CDDF9FAC587948BD1F9FBC14788D13251ECABC0FD4073D6AC9D8325852BAF5956C99FDFD4
          Malicious:false
          Reputation:low
          Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm2..................................................................................................................................................................................................................................................................................................................................................._...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):7.975238511569061
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          • Win32 Executable (generic) a (10002005/4) 49.78%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Generic Win/DOS Executable (2004/3) 0.01%
          • DOS Executable Generic (2002/1) 0.01%
          File name:SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          File size:762'880 bytes
          MD5:870e59c51a8f4c9b4461dee1d15d1599
          SHA1:227c9c74d5ad5cbcfb1838ce4248e485518fb95e
          SHA256:6139902e3873552385dfc103fe1db9ba336bbce8d3db180cbfb588352c055776
          SHA512:72bc01d101e2ef416cd8952d3f95cbbd8e2b48bb366312e26beb58d6edf00d164d4dfa311775253ff9a4cd78f4cdfc6157479bdb5138691482397607207961ed
          SSDEEP:12288:6VVHv5UIyJsebh+x/TgxIZEEEBftetQCo0nhczvuwQmlQjc8Y1H4qAhGQ:MuTsebITgU5EBftaThczvs6p8KH4qq
          TLSH:78F423606164CF54EABF47F8B05945A50771B8DAF840F33E58CD55BD0AE2F201A336AB
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0.................. ........@.. ....................................@................................

          File Icon

          Icon Hash:cd4c022d219a9901

          Static PE Info

          General

          Entrypoint:0x4ba4c2
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0x66CFCE03 [Thu Aug 29 01:25:23 2024 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Entrypoint Preview

          Instruction
          jmp dword ptr [00402000h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xba4700x4f.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xbc0000x1924.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000xb84c80xb8600f7a4f8a263d65bf37be27bd838ef5b6dFalse0.9764764300847457data7.980814067163431IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rsrc0xbc0000x19240x1a0031333b977895fb1bc220f1972ab76f32False0.8197115384615384data7.125102442745774IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0xbe0000xc0x2009e157b32a19f25d751643dcb17f06435False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0xbc1000x12c4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9708576186511241
          RT_GROUP_ICON0xbd3d40x14data1.05
          RT_VERSION0xbd3f80x32cdata0.4273399014778325
          RT_MANIFEST0xbd7340x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

          Imports

          DLLImport
          mscoree.dll_CorExeMain

          Network Behavior

          No network behavior found

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:00:26:23
          Start date:29/08/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe"
          Imagebase:0x440000
          File size:762'880 bytes
          MD5 hash:870E59C51A8F4C9B4461DEE1D15D1599
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:10
          Start time:00:26:37
          Start date:29/08/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KTU.gen.Eldorado.30020.14911.exe"
          Imagebase:0x8b0000
          File size:762'880 bytes
          MD5 hash:870E59C51A8F4C9B4461DEE1D15D1599
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
          Reputation:low
          Has exited:true

          General

          Target ID:14
          Start time:00:26:53
          Start date:29/08/2024
          Path:C:\Windows\SysWOW64\WerFault.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 236
          Imagebase:0xc60000
          File size:483'680 bytes
          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:7.3%
            Dynamic/Decrypted Code Coverage:100%
            Signature Coverage:0%
            Total number of Nodes:282
            Total number of Limit Nodes:16
            execution_graph 39177 4d819f8 39181 4d81aef 39177->39181 39189 4d81af0 39177->39189 39178 4d81a07 39182 4d81b01 39181->39182 39183 4d81b24 39181->39183 39182->39183 39197 4d81d88 39182->39197 39201 4d81d78 39182->39201 39183->39178 39184 4d81b1c 39184->39183 39185 4d81d28 GetModuleHandleW 39184->39185 39186 4d81d55 39185->39186 39186->39178 39190 4d81b01 39189->39190 39191 4d81b24 39189->39191 39190->39191 39195 4d81d88 LoadLibraryExW 39190->39195 39196 4d81d78 LoadLibraryExW 39190->39196 39191->39178 39192 4d81b1c 39192->39191 39193 4d81d28 GetModuleHandleW 39192->39193 39194 4d81d55 39193->39194 39194->39178 39195->39192 39196->39192 39198 4d81d9c 39197->39198 39199 4d81dc1 39198->39199 39205 4d81550 39198->39205 39199->39184 39202 4d81d88 39201->39202 39203 4d81550 LoadLibraryExW 39202->39203 39204 4d81dc1 39202->39204 39203->39204 39204->39184 39206 4d81f68 LoadLibraryExW 39205->39206 39208 4d81fe1 39206->39208 39208->39199 39209 4d83d78 39210 4d83dbe 39209->39210 39214 4d83f58 39210->39214 39217 4d83f47 39210->39217 39211 4d83eab 39221 4d83680 39214->39221 39218 4d83f56 39217->39218 39220 4d83f86 39217->39220 39219 4d83680 DuplicateHandle 39218->39219 39218->39220 39219->39220 39220->39211 39222 4d83fc0 DuplicateHandle 39221->39222 39223 4d83f86 39222->39223 39223->39211 39224 f6d1d4 39225 f6d1ec 39224->39225 39226 f6d246 39225->39226 39230 4d868bc CallWindowProcW 39225->39230 39232 4d886d8 39225->39232 39237 4d886e3 39225->39237 39241 4d89448 39225->39241 39245 4d886e8 39225->39245 39230->39226 39233 4d886e3 CallWindowProcW 39232->39233 39234 4d886df 39233->39234 39235 4d868bc CallWindowProcW 39234->39235 39236 4d8872f 39235->39236 39236->39226 39238 4d8870e 39237->39238 39239 4d868bc CallWindowProcW 39238->39239 39240 4d8872f 39239->39240 39240->39226 39242 4d8944f 39241->39242 39244 4d894a9 39242->39244 39249 4d869e4 CallWindowProcW 39242->39249 39246 4d8870e 39245->39246 39247 4d868bc CallWindowProcW 39246->39247 39248 4d8872f 39247->39248 39248->39226 39249->39244 38894 26c4668 38895 26c467a 38894->38895 38896 26c4686 38895->38896 38900 26c4778 38895->38900 38905 26c3e1c 38896->38905 38898 26c46a5 38901 26c479d 38900->38901 38909 26c4878 38901->38909 38913 26c4888 38901->38913 38906 26c3e27 38905->38906 38921 26cc394 38906->38921 38908 26cdef7 38908->38898 38910 26c48af 38909->38910 38911 26c498c 38910->38911 38917 26c449c 38910->38917 38914 26c48af 38913->38914 38915 26c498c 38914->38915 38916 26c449c CreateActCtxA 38914->38916 38916->38915 38918 26c5918 CreateActCtxA 38917->38918 38920 26c59db 38918->38920 38922 26cc39f 38921->38922 38925 26cc3d4 38922->38925 38924 26ce0ad 38924->38908 38926 26cc3df 38925->38926 38929 26cc404 38926->38929 38928 26ce182 38928->38924 38930 26cc40f 38929->38930 38933 26cc434 38930->38933 38932 26ce285 38932->38928 38934 26cc43f 38933->38934 38935 26cf2e1 38934->38935 38938 4d83ab0 38934->38938 38943 4d83aa0 38934->38943 38935->38932 38940 4d83ad1 38938->38940 38939 4d83af5 38939->38935 38940->38939 38948 4d83c5f 38940->38948 38952 4d83c60 38940->38952 38944 4d83ad1 38943->38944 38945 4d83af5 38944->38945 38946 4d83c5f CreateWindowExW 38944->38946 38947 4d83c60 CreateWindowExW 38944->38947 38945->38935 38946->38945 38947->38945 38949 4d83c6d 38948->38949 38950 4d83ca7 38949->38950 38956 4d835b8 38949->38956 38950->38939 38954 4d83c6d 38952->38954 38953 4d83ca7 38953->38939 38954->38953 38955 4d835b8 CreateWindowExW 38954->38955 38955->38953 38957 4d835c3 38956->38957 38959 4d845b8 38957->38959 38960 4d836e4 38957->38960 38959->38959 38961 4d836ef 38960->38961 38965 4d86388 38961->38965 38971 4d863a0 38961->38971 38962 4d84a61 38962->38959 38967 4d864d1 38965->38967 38968 4d863d1 38965->38968 38966 4d863dd 38966->38962 38967->38962 38968->38966 38969 4d87600 CreateWindowExW 38968->38969 38970 4d875f1 CreateWindowExW 38968->38970 38969->38967 38970->38967 38973 4d864d1 38971->38973 38974 4d863d1 38971->38974 38972 4d863dd 38972->38962 38973->38962 38974->38972 38975 4d87600 CreateWindowExW 38974->38975 38976 4d875f1 CreateWindowExW 38974->38976 38975->38973 38976->38973 38977 6f027f7 38982 6f030b8 38977->38982 39001 6f0311e 38977->39001 39021 6f030a8 38977->39021 38978 6f02812 38983 6f030d2 38982->38983 39040 6f03951 38983->39040 39045 6f0374f 38983->39045 39050 6f036af 38983->39050 39055 6f03c4e 38983->39055 39059 6f0380c 38983->39059 39063 6f03d28 38983->39063 39068 6f035a8 38983->39068 39073 6f03546 38983->39073 39079 6f03a45 38983->39079 39084 6f03522 38983->39084 39090 6f03621 38983->39090 39095 6f035dc 38983->39095 39100 6f0377a 38983->39100 39106 6f034b4 38983->39106 39110 6f038d3 38983->39110 39114 6f03d51 38983->39114 38984 6f030da 38984->38978 39002 6f030ac 39001->39002 39004 6f03121 39001->39004 39005 6f03951 2 API calls 39002->39005 39006 6f03d51 2 API calls 39002->39006 39007 6f038d3 2 API calls 39002->39007 39008 6f034b4 2 API calls 39002->39008 39009 6f0377a 2 API calls 39002->39009 39010 6f035dc 2 API calls 39002->39010 39011 6f03621 2 API calls 39002->39011 39012 6f03522 2 API calls 39002->39012 39013 6f03a45 2 API calls 39002->39013 39014 6f03546 2 API calls 39002->39014 39015 6f035a8 2 API calls 39002->39015 39016 6f03d28 2 API calls 39002->39016 39017 6f0380c 2 API calls 39002->39017 39018 6f03c4e 2 API calls 39002->39018 39019 6f036af 2 API calls 39002->39019 39020 6f0374f 2 API calls 39002->39020 39003 6f030da 39003->38978 39004->38978 39005->39003 39006->39003 39007->39003 39008->39003 39009->39003 39010->39003 39011->39003 39012->39003 39013->39003 39014->39003 39015->39003 39016->39003 39017->39003 39018->39003 39019->39003 39020->39003 39022 6f030b8 39021->39022 39024 6f03951 2 API calls 39022->39024 39025 6f03d51 2 API calls 39022->39025 39026 6f038d3 2 API calls 39022->39026 39027 6f034b4 2 API calls 39022->39027 39028 6f0377a 2 API calls 39022->39028 39029 6f035dc 2 API calls 39022->39029 39030 6f03621 2 API calls 39022->39030 39031 6f03522 2 API calls 39022->39031 39032 6f03a45 2 API calls 39022->39032 39033 6f03546 2 API calls 39022->39033 39034 6f035a8 2 API calls 39022->39034 39035 6f03d28 2 API calls 39022->39035 39036 6f0380c 2 API calls 39022->39036 39037 6f03c4e 2 API calls 39022->39037 39038 6f036af 2 API calls 39022->39038 39039 6f0374f 2 API calls 39022->39039 39023 6f030da 39023->38978 39024->39023 39025->39023 39026->39023 39027->39023 39028->39023 39029->39023 39030->39023 39031->39023 39032->39023 39033->39023 39034->39023 39035->39023 39036->39023 39037->39023 39038->39023 39039->39023 39041 6f03970 39040->39041 39118 6f01df6 39041->39118 39122 6f01df8 39041->39122 39042 6f03ec1 39046 6f03753 39045->39046 39126 6f01f80 39046->39126 39130 6f01f78 39046->39130 39047 6f03dbd 39047->38984 39051 6f0363f 39050->39051 39052 6f03c48 39051->39052 39053 6f01f80 VirtualAllocEx 39051->39053 39054 6f01f78 VirtualAllocEx 39051->39054 39052->38984 39053->39052 39054->39052 39134 6f02130 39055->39134 39138 6f02128 39055->39138 39056 6f03c70 39142 6f01ea1 39059->39142 39146 6f01ea8 39059->39146 39060 6f03826 39064 6f0363f 39063->39064 39066 6f01f80 VirtualAllocEx 39064->39066 39067 6f01f78 VirtualAllocEx 39064->39067 39065 6f03dbd 39065->38984 39066->39065 39067->39065 39069 6f035c8 39068->39069 39071 6f01df6 ResumeThread 39069->39071 39072 6f01df8 ResumeThread 39069->39072 39070 6f03ec1 39071->39070 39072->39070 39074 6f0352e 39073->39074 39075 6f03bfb 39074->39075 39150 6f02040 39074->39150 39154 6f02038 39074->39154 39075->38984 39076 6f036fc 39076->38984 39080 6f03a4b 39079->39080 39082 6f02040 WriteProcessMemory 39080->39082 39083 6f02038 WriteProcessMemory 39080->39083 39081 6f036fc 39081->38984 39082->39081 39083->39081 39086 6f0352e 39084->39086 39085 6f03bfb 39085->38984 39086->39085 39088 6f02040 WriteProcessMemory 39086->39088 39089 6f02038 WriteProcessMemory 39086->39089 39087 6f036fc 39087->38984 39087->39087 39088->39087 39089->39087 39091 6f03627 39090->39091 39093 6f01f80 VirtualAllocEx 39091->39093 39094 6f01f78 VirtualAllocEx 39091->39094 39092 6f03dbd 39092->38984 39093->39092 39094->39092 39096 6f037d1 39095->39096 39098 6f01ea1 Wow64SetThreadContext 39096->39098 39099 6f01ea8 Wow64SetThreadContext 39096->39099 39097 6f037ec 39098->39097 39099->39097 39101 6f0352e 39100->39101 39101->39100 39102 6f03bfb 39101->39102 39104 6f02040 WriteProcessMemory 39101->39104 39105 6f02038 WriteProcessMemory 39101->39105 39102->38984 39103 6f036fc 39103->38984 39104->39103 39105->39103 39158 6f022c8 39106->39158 39162 6f022bc 39106->39162 39112 6f02040 WriteProcessMemory 39110->39112 39113 6f02038 WriteProcessMemory 39110->39113 39111 6f03901 39112->39111 39113->39111 39116 6f02040 WriteProcessMemory 39114->39116 39117 6f02038 WriteProcessMemory 39114->39117 39115 6f03d75 39116->39115 39117->39115 39119 6f01e38 ResumeThread 39118->39119 39121 6f01e69 39119->39121 39121->39042 39123 6f01e38 ResumeThread 39122->39123 39125 6f01e69 39123->39125 39125->39042 39127 6f01fc0 VirtualAllocEx 39126->39127 39129 6f01ffd 39127->39129 39129->39047 39131 6f01f7d VirtualAllocEx 39130->39131 39133 6f01ffd 39131->39133 39133->39047 39135 6f0217b ReadProcessMemory 39134->39135 39137 6f021bf 39135->39137 39137->39056 39139 6f02130 ReadProcessMemory 39138->39139 39141 6f021bf 39139->39141 39141->39056 39143 6f01eed Wow64SetThreadContext 39142->39143 39145 6f01f35 39143->39145 39145->39060 39147 6f01eed Wow64SetThreadContext 39146->39147 39149 6f01f35 39147->39149 39149->39060 39151 6f02088 WriteProcessMemory 39150->39151 39153 6f020df 39151->39153 39153->39076 39155 6f02088 WriteProcessMemory 39154->39155 39157 6f020df 39155->39157 39157->39076 39159 6f02351 CreateProcessA 39158->39159 39161 6f02513 39159->39161 39161->39161 39163 6f02351 CreateProcessA 39162->39163 39165 6f02513 39163->39165 39165->39165 39166 4d8aad0 39167 4d8abec 39166->39167 39168 4d8ab42 39166->39168 39172 4d868bc 39167->39172 39170 4d8ab9a CallWindowProcW 39168->39170 39171 4d8ab49 39168->39171 39170->39171 39173 4d868c7 39172->39173 39175 4d894a9 39173->39175 39176 4d869e4 CallWindowProcW 39173->39176 39176->39175 39250 6f04288 39251 6f04413 39250->39251 39253 6f042ae 39250->39253 39253->39251 39254 6f003dc 39253->39254 39255 6f04508 PostMessageW 39254->39255 39256 6f04574 39255->39256 39256->39253

            Executed Functions

            Function 04D8DFB8 Relevance: 2.8, Strings: 1, Instructions: 1567COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 0 4d8dfb8-4d8dfe4 1 4d8dfeb-4d8e258 call 4d8dd8c call 4d8dd9c call 4d8ddac * 2 call 4d8ddbc call 4d8ddcc call 4d8dddc 0->1 2 4d8dfe6 0->2 41 4d8e279-4d8e28d 1->41 2->1 42 4d8e25a-4d8e267 41->42 43 4d8e28f-4d8e295 41->43 45 4d8e269 42->45 46 4d8e26e-4d8e276 42->46 44 4d8e371-4d8e385 43->44 47 4d8e29a-4d8e2b2 44->47 48 4d8e38b-4d8e39f 44->48 45->46 46->41 55 4d8e2bf-4d8e2c2 47->55 56 4d8e2b4-4d8e2b6 47->56 49 4d8e555-4d8e56c 48->49 50 4d8e56e 49->50 51 4d8e574-4d8e576 49->51 53 4d8e578 50->53 54 4d8e570-4d8e572 50->54 57 4d8e57d-4d8e58c 51->57 53->57 54->51 54->53 62 4d8e2c9-4d8e2cf 55->62 63 4d8e2c4 55->63 58 4d8e2b8 56->58 59 4d8e2bd 56->59 60 4d8e592-4d8e968 call 4d8ddec call 4d8ddfc call 4d8de0c call 4d846bc * 2 call 4d80990 call 4d8de1c call 4d8de2c call 4d8de3c call 4d8de4c call 4d80990 call 4d8de5c call 4d8de6c call 4d8de7c call 4d858ce 57->60 61 4d8e3a4-4d8e3c2 57->61 58->59 59->62 159 4d8e96a-4d8e976 60->159 160 4d8e992 60->160 64 4d8e3c9-4d8e3e3 61->64 65 4d8e3c4 61->65 66 4d8e2d1 62->66 67 4d8e2d6-4d8e2f0 62->67 63->62 70 4d8e3ea-4d8e3fd 64->70 71 4d8e3e5 64->71 65->64 66->67 68 4d8e2f2 67->68 69 4d8e2f7-4d8e311 67->69 68->69 73 4d8e318-4d8e32b 69->73 74 4d8e313 69->74 75 4d8e3ff 70->75 76 4d8e404-4d8e417 70->76 71->70 78 4d8e32d 73->78 79 4d8e332-4d8e345 73->79 74->73 75->76 80 4d8e419 76->80 81 4d8e41e-4d8e431 76->81 78->79 83 4d8e34c-4d8e35f 79->83 84 4d8e347 79->84 80->81 85 4d8e438-4d8e444 81->85 86 4d8e433 81->86 89 4d8e361 83->89 90 4d8e366-4d8e36e 83->90 84->83 87 4d8e453-4d8e457 85->87 88 4d8e446-4d8e44a 85->88 86->85 94 4d8e459 87->94 95 4d8e45e-4d8e464 87->95 92 4d8e44c 88->92 93 4d8e451 88->93 89->90 90->44 92->93 93->95 94->95 97 4d8e46b-4d8e47f 95->97 98 4d8e466 95->98 100 4d8e481 97->100 101 4d8e486-4d8e496 97->101 98->97 100->101 103 4d8e498 101->103 104 4d8e49d-4d8e4bc 101->104 103->104 105 4d8e4be 104->105 106 4d8e4c3-4d8e4d9 104->106 105->106 108 4d8e4e8-4d8e4ec 106->108 109 4d8e4db-4d8e4df 106->109 112 4d8e4ee 108->112 113 4d8e4f3-4d8e529 108->113 110 4d8e4e1 109->110 111 4d8e4e6 109->111 110->111 111->113 112->113 118 4d8e52b 113->118 119 4d8e530-4d8e554 113->119 118->119 119->49 161 4d8e978-4d8e97e 159->161 162 4d8e980-4d8e986 159->162 163 4d8e998-4d8eabb call 4d8de8c call 4d8de9c call 4d80990 160->163 164 4d8e990 161->164 162->164 178 4d8eabd-4d8eac9 163->178 179 4d8ead7 163->179 164->163 181 4d8eacb-4d8ead1 178->181 182 4d8ead3 178->182 180 4d8eadd-4d8eb82 179->180 189 4d8eb89-4d8eba9 180->189 190 4d8eb84 180->190 183 4d8ead5 181->183 182->183 183->180 192 4d8ebab 189->192 193 4d8ebb0-4d8ec9b 189->193 190->189 192->193 202 4d8eca2-4d8f1fb call 4d8de9c call 4d80990 call 4d8deac call 4d8de9c call 4d80990 call 4d8deac call 4d8de9c call 4d80990 call 4d8de9c call 4d80990 call 4d8de2c call 4d8de3c call 4d80990 call 4d8de5c call 4d8de6c call 4d8debc call 4d8decc call 4d8de2c 193->202 260 4d8f1fd 202->260 261 4d8f202-4d8f288 202->261 260->261 265 4d8f28a 261->265 266 4d8f28f-4d8f3b2 call 4d8dedc call 4d8de3c call 4d80990 call 4d8de5c call 4d8de6c call 4d8deec 261->266 265->266 281 4d8f3b9-4d8f8a8 call 4d8defc call 4d8de2c call 4d8de3c call 4d80990 call 4d8de5c call 4d8de6c call 4d8df0c call 4d8de2c call 4d8de3c call 4d80990 call 4d8de5c call 4d8de6c call 4d8df1c call 4d8df2c call 4d80990 call 4d8df3c call 4d8df4c * 5 266->281 282 4d8f3b4 266->282 342 4d8f8aa-4d8f8b6 281->342 343 4d8f8d2 281->343 282->281 344 4d8f8b8-4d8f8be 342->344 345 4d8f8c0-4d8f8c6 342->345 346 4d8f8d8-4d8f9d0 call 4d8df5c call 4d8df6c call 4d8de3c call 4d84874 call 4d8df7c call 4d84874 call 4d8df7c 343->346 347 4d8f8d0 344->347 345->347 347->346
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $2q
            • API String ID: 0-3731487377
            • Opcode ID: 56fe86fc3e4e95f063b495aa96baeb9ef38c3d56f3f34b65d2ae51adea7c6789
            • Instruction ID: 02ee824e32c96318cec3c463b5d61aea48a0d7e08c836647e32cdce20d3552ef
            • Opcode Fuzzy Hash: 56fe86fc3e4e95f063b495aa96baeb9ef38c3d56f3f34b65d2ae51adea7c6789
            • Instruction Fuzzy Hash: 5EF2CC74A01219CFDB55EF64C894AA9B7B1FF89300F1182E9E509AB361DB34AEC5CF50
            Function 04D8DFA8 Relevance: 2.6, Strings: 1, Instructions: 1364COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $2q
            • API String ID: 0-3731487377
            • Opcode ID: 039b2e3ed442c6c54d29a6f7ed5578cf9071e8e1add0563b5c2c36abeb80956e
            • Instruction ID: 723d071ccfe21ff2ef707ed2db5dae104e7eb797e471026149dcfc172964bf50
            • Opcode Fuzzy Hash: 039b2e3ed442c6c54d29a6f7ed5578cf9071e8e1add0563b5c2c36abeb80956e
            • Instruction Fuzzy Hash: 66E2B934A11319CFDB55EF64C898AA9B7B2FF89300F1142E9E4096B361DB75AE85CF40
            Function 0537C578 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 880cfec84216666ab59bf668f701fe7795179da9f175a5130334556a6165df18
            • Instruction ID: 1d990649b9e8e10643b78ab059281173de58d2c4df2d235e968d3d64984af262
            • Opcode Fuzzy Hash: 880cfec84216666ab59bf668f701fe7795179da9f175a5130334556a6165df18
            • Instruction Fuzzy Hash: 392190B1D056188BEB18CFABC9453DEFAF7BFC8300F04D06AD50966254DB7509468F94
            Function 06F022BC Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 732 6f022bc-6f0235d 734 6f02396-6f023b6 732->734 735 6f0235f-6f02369 732->735 740 6f023b8-6f023c2 734->740 741 6f023ef-6f0241e 734->741 735->734 736 6f0236b-6f0236d 735->736 738 6f02390-6f02393 736->738 739 6f0236f-6f02379 736->739 738->734 742 6f0237b 739->742 743 6f0237d-6f0238c 739->743 740->741 744 6f023c4-6f023c6 740->744 751 6f02420-6f0242a 741->751 752 6f02457-6f02511 CreateProcessA 741->752 742->743 743->743 745 6f0238e 743->745 746 6f023c8-6f023d2 744->746 747 6f023e9-6f023ec 744->747 745->738 749 6f023d4 746->749 750 6f023d6-6f023e5 746->750 747->741 749->750 750->750 753 6f023e7 750->753 751->752 754 6f0242c-6f0242e 751->754 763 6f02513-6f02519 752->763 764 6f0251a-6f025a0 752->764 753->747 755 6f02430-6f0243a 754->755 756 6f02451-6f02454 754->756 758 6f0243c 755->758 759 6f0243e-6f0244d 755->759 756->752 758->759 759->759 760 6f0244f 759->760 760->756 763->764 774 6f025b0-6f025b4 764->774 775 6f025a2-6f025a6 764->775 777 6f025c4-6f025c8 774->777 778 6f025b6-6f025ba 774->778 775->774 776 6f025a8 775->776 776->774 780 6f025d8-6f025dc 777->780 781 6f025ca-6f025ce 777->781 778->777 779 6f025bc 778->779 779->777 783 6f025ee-6f025f5 780->783 784 6f025de-6f025e4 780->784 781->780 782 6f025d0 781->782 782->780 785 6f025f7-6f02606 783->785 786 6f0260c 783->786 784->783 785->786 788 6f0260d 786->788 788->788
            APIs
            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F024FE
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: 6695528482979bc67dbe152ec7eef79973f71280d1f1136720161b429e4d473b
            • Instruction ID: 54b0fde89ad0291d96febe3635436ba83048a5a0ed65af4feb1af4fd625cd0b9
            • Opcode Fuzzy Hash: 6695528482979bc67dbe152ec7eef79973f71280d1f1136720161b429e4d473b
            • Instruction Fuzzy Hash: ABA17E71D00619DFEF64CF68C845BEDBBB2BF48300F148569D808A7284DB749A85DFA1
            Function 06F022C8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 789 6f022c8-6f0235d 791 6f02396-6f023b6 789->791 792 6f0235f-6f02369 789->792 797 6f023b8-6f023c2 791->797 798 6f023ef-6f0241e 791->798 792->791 793 6f0236b-6f0236d 792->793 795 6f02390-6f02393 793->795 796 6f0236f-6f02379 793->796 795->791 799 6f0237b 796->799 800 6f0237d-6f0238c 796->800 797->798 801 6f023c4-6f023c6 797->801 808 6f02420-6f0242a 798->808 809 6f02457-6f02511 CreateProcessA 798->809 799->800 800->800 802 6f0238e 800->802 803 6f023c8-6f023d2 801->803 804 6f023e9-6f023ec 801->804 802->795 806 6f023d4 803->806 807 6f023d6-6f023e5 803->807 804->798 806->807 807->807 810 6f023e7 807->810 808->809 811 6f0242c-6f0242e 808->811 820 6f02513-6f02519 809->820 821 6f0251a-6f025a0 809->821 810->804 812 6f02430-6f0243a 811->812 813 6f02451-6f02454 811->813 815 6f0243c 812->815 816 6f0243e-6f0244d 812->816 813->809 815->816 816->816 817 6f0244f 816->817 817->813 820->821 831 6f025b0-6f025b4 821->831 832 6f025a2-6f025a6 821->832 834 6f025c4-6f025c8 831->834 835 6f025b6-6f025ba 831->835 832->831 833 6f025a8 832->833 833->831 837 6f025d8-6f025dc 834->837 838 6f025ca-6f025ce 834->838 835->834 836 6f025bc 835->836 836->834 840 6f025ee-6f025f5 837->840 841 6f025de-6f025e4 837->841 838->837 839 6f025d0 838->839 839->837 842 6f025f7-6f02606 840->842 843 6f0260c 840->843 841->840 842->843 845 6f0260d 843->845 845->845
            APIs
            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F024FE
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: b6c04b7c58c2ac7039f9a2bcb8b68504a9f421a1cbae91c4d0a7727363d902ea
            • Instruction ID: 1c421c7a2239cec406ac3832edef10d477c20cabdee7f3387f0e44c31797e3bf
            • Opcode Fuzzy Hash: b6c04b7c58c2ac7039f9a2bcb8b68504a9f421a1cbae91c4d0a7727363d902ea
            • Instruction Fuzzy Hash: 44917C71D007199FEF64CF68C845BEDBBB2BF48310F148569D808A7284DB749A85DFA1
            Function 04D81AF0 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 846 4d81af0-4d81aff 847 4d81b2b-4d81b2f 846->847 848 4d81b01-4d81b0e call 4d804f4 846->848 850 4d81b31-4d81b3b 847->850 851 4d81b43-4d81b84 847->851 855 4d81b10 848->855 856 4d81b24 848->856 850->851 857 4d81b91-4d81b9f 851->857 858 4d81b86-4d81b8e 851->858 901 4d81b16 call 4d81d88 855->901 902 4d81b16 call 4d81d78 855->902 856->847 859 4d81ba1-4d81ba6 857->859 860 4d81bc3-4d81bc5 857->860 858->857 862 4d81ba8-4d81baf call 4d814f4 859->862 863 4d81bb1 859->863 865 4d81bc8-4d81bcf 860->865 861 4d81b1c-4d81b1e 861->856 864 4d81c60-4d81d20 861->864 867 4d81bb3-4d81bc1 862->867 863->867 896 4d81d28-4d81d53 GetModuleHandleW 864->896 897 4d81d22-4d81d25 864->897 868 4d81bdc-4d81be3 865->868 869 4d81bd1-4d81bd9 865->869 867->865 870 4d81bf0-4d81bf9 call 4d81504 868->870 871 4d81be5-4d81bed 868->871 869->868 877 4d81bfb-4d81c03 870->877 878 4d81c06-4d81c0b 870->878 871->870 877->878 879 4d81c29-4d81c36 878->879 880 4d81c0d-4d81c14 878->880 886 4d81c38-4d81c56 879->886 887 4d81c59-4d81c5f 879->887 880->879 882 4d81c16-4d81c26 call 4d81514 call 4d81524 880->882 882->879 886->887 898 4d81d5c-4d81d70 896->898 899 4d81d55-4d81d5b 896->899 897->896 899->898 901->861 902->861
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 04D81D46
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: e79a14e43705d2b758b40cc00964b3cd6e6386c3b63c9bcad4079a5e434c9cec
            • Instruction ID: 97c85436463cdc3978a64c093edb581797005c4c14485be7413703e5f21ab74b
            • Opcode Fuzzy Hash: e79a14e43705d2b758b40cc00964b3cd6e6386c3b63c9bcad4079a5e434c9cec
            • Instruction Fuzzy Hash: C6710370A00B058FDB24EF29D0447AAB7F5FF88304F04892DD48A97A50E775F94ACB91
            Function 04D88524 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 918 4d88524-4d88596 920 4d88598-4d8859e 918->920 921 4d885a1-4d885a8 918->921 920->921 922 4d885aa-4d885b0 921->922 923 4d885b3-4d885eb 921->923 922->923 924 4d885f3-4d88652 CreateWindowExW 923->924 925 4d8865b-4d88693 924->925 926 4d88654-4d8865a 924->926 930 4d886a0 925->930 931 4d88695-4d88698 925->931 926->925 932 4d886a1 930->932 931->930 932->932
            APIs
            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04D88642
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateWindow
            • String ID:
            • API String ID: 716092398-0
            • Opcode ID: 34e00c1189daa80dc7cf92417857f9e5e0ab7a1359f552856f01e09f5b862ecb
            • Instruction ID: ef9464f36733ae9fec4d9cc85dcc11189d06d247084649525ed1fcfbdc8f92f6
            • Opcode Fuzzy Hash: 34e00c1189daa80dc7cf92417857f9e5e0ab7a1359f552856f01e09f5b862ecb
            • Instruction Fuzzy Hash: 5B51C2B1D003499FDB14DF9AC884ADEBBB5FF48310F64862EE819AB250D771A945CF90
            Function 04D86890 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 903 4d86890-4d88596 905 4d88598-4d8859e 903->905 906 4d885a1-4d885a8 903->906 905->906 907 4d885aa-4d885b0 906->907 908 4d885b3-4d88652 CreateWindowExW 906->908 907->908 910 4d8865b-4d88693 908->910 911 4d88654-4d8865a 908->911 915 4d886a0 910->915 916 4d88695-4d88698 910->916 911->910 917 4d886a1 915->917 916->915 917->917
            APIs
            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04D88642
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateWindow
            • String ID:
            • API String ID: 716092398-0
            • Opcode ID: 89b3d73db851a1666ad696651cbdf3fbaceb11f3051ecdd64f9b1f9c18be463f
            • Instruction ID: e9a169e85077968db7cf0e305f54d235b5b2522f6dd53ca6fe7788b495b08279
            • Opcode Fuzzy Hash: 89b3d73db851a1666ad696651cbdf3fbaceb11f3051ecdd64f9b1f9c18be463f
            • Instruction Fuzzy Hash: 7E51C2B1D103499FDB14DF9AC884ADEBBB5BF48310F64852EE819AB210D770A845CF94
            Function 04D869E4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 933 4d869e4-4d8ab3c 936 4d8abec-4d8ac0c call 4d868bc 933->936 937 4d8ab42-4d8ab47 933->937 944 4d8ac0f-4d8ac1c 936->944 939 4d8ab49-4d8ab80 937->939 940 4d8ab9a-4d8abd2 CallWindowProcW 937->940 947 4d8ab89-4d8ab98 939->947 948 4d8ab82-4d8ab88 939->948 942 4d8abdb-4d8abea 940->942 943 4d8abd4-4d8abda 940->943 942->944 943->942 947->944 948->947
            APIs
            • CallWindowProcW.USER32(?,?,?,?,?), ref: 04D8ABC1
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID: CallProcWindow
            • String ID:
            • API String ID: 2714655100-0
            • Opcode ID: 8aac8a94ef7f48a0f093506430f4a5a04545497630415c70bf4d42b5c03b5671
            • Instruction ID: cc47adb07fcca4f2a57cb97717c7f7f7e2c7f4649f50f4d7925ec67a1a17ce7e
            • Opcode Fuzzy Hash: 8aac8a94ef7f48a0f093506430f4a5a04545497630415c70bf4d42b5c03b5671
            • Instruction Fuzzy Hash: 2141F9B9A003059FDB14DF99C488BAABBF6FB88314F24845DD519AB321D375F841CBA1
            Function 026C449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 950 26c449c-26c59d9 CreateActCtxA 953 26c59db-26c59e1 950->953 954 26c59e2-26c5a3c 950->954 953->954 961 26c5a3e-26c5a41 954->961 962 26c5a4b-26c5a4f 954->962 961->962 963 26c5a60 962->963 964 26c5a51-26c5a5d 962->964 966 26c5a61 963->966 964->963 966->966
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 026C59C9
            Memory Dump Source
            • Source File: 00000000.00000002.1398134278.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_26c0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 58758b0dc214c0bb9f4fd341de5fda8eb72684efc883d56be38e1c6c781368d0
            • Instruction ID: c35a31fdf4da6eb902e3c2d69110f82aae33f23735a9f130734eabb48c3621df
            • Opcode Fuzzy Hash: 58758b0dc214c0bb9f4fd341de5fda8eb72684efc883d56be38e1c6c781368d0
            • Instruction Fuzzy Hash: 3B41C2B0D0071DCBEB24DFAAC884B9DBBB5FF48304F608069D409AB251DBB16945CF90
            Function 026C590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 967 26c590c-26c59d9 CreateActCtxA 969 26c59db-26c59e1 967->969 970 26c59e2-26c5a3c 967->970 969->970 977 26c5a3e-26c5a41 970->977 978 26c5a4b-26c5a4f 970->978 977->978 979 26c5a60 978->979 980 26c5a51-26c5a5d 978->980 982 26c5a61 979->982 980->979 982->982
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 026C59C9
            Memory Dump Source
            • Source File: 00000000.00000002.1398134278.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_26c0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 0e77ae6552b07a19c93075ca1c77f851a3abdfaa198a63fa9d11b00ba5c17203
            • Instruction ID: 24355033b7f3d1be7c1e7e4e8afaa4f0533c36c565596fb72cb24900ebdd3240
            • Opcode Fuzzy Hash: 0e77ae6552b07a19c93075ca1c77f851a3abdfaa198a63fa9d11b00ba5c17203
            • Instruction Fuzzy Hash: 1941E2B0D00719CBEB24DFAAC884BDDBBB1BF49304F60816AD409AB251DBB16946CF50
            Function 06F02038 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 983 6f02038-6f0208e 985 6f02090-6f0209c 983->985 986 6f0209e-6f020dd WriteProcessMemory 983->986 985->986 988 6f020e6-6f02116 986->988 989 6f020df-6f020e5 986->989 989->988
            APIs
            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F020D0
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: 8e0cce4287e9122a10711da1b7f3733e008b6d107dd78ffa53bef16ee99b4282
            • Instruction ID: 4bcb8f6e0739b8322d8d16a3e1e00f0dadeeb1a8e826093f66f374387dcfb333
            • Opcode Fuzzy Hash: 8e0cce4287e9122a10711da1b7f3733e008b6d107dd78ffa53bef16ee99b4282
            • Instruction Fuzzy Hash: 19212675D003499FDB20CFA9C984BDEBBF1FF48310F14842AE919A7240C7799A55DBA0
            Function 06F02040 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 993 6f02040-6f0208e 995 6f02090-6f0209c 993->995 996 6f0209e-6f020dd WriteProcessMemory 993->996 995->996 998 6f020e6-6f02116 996->998 999 6f020df-6f020e5 996->999 999->998
            APIs
            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F020D0
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: 2c5d097a1756bce4d12f2fb15a740a9b329a70bebc224f87b8e5f0cdbca9a578
            • Instruction ID: ce1eb113186eeaad9032a1d964f936c4080badb24221f6f0519274df9a0f0776
            • Opcode Fuzzy Hash: 2c5d097a1756bce4d12f2fb15a740a9b329a70bebc224f87b8e5f0cdbca9a578
            • Instruction Fuzzy Hash: 4F212471D003499FDB20CFAAC884BEEBBF5FF48310F10842AE919A7240D7799954CBA4
            Function 06F02128 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1003 6f02128-6f021bd ReadProcessMemory 1007 6f021c6-6f021f6 1003->1007 1008 6f021bf-6f021c5 1003->1008 1008->1007
            APIs
            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F021B0
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: ce329878ea261d38a05472f979dbc52ab4d7213cfebe659ad5b7d63641c49154
            • Instruction ID: 2c27e8b9b8d32f83fa9be6752ad06e1a4a40026f0129643e5e23cc53607ffd2d
            • Opcode Fuzzy Hash: ce329878ea261d38a05472f979dbc52ab4d7213cfebe659ad5b7d63641c49154
            • Instruction Fuzzy Hash: 972136B1C003499FDB20CFAAC884BEEBBF5FF48310F108429E918A7240C7799940CBA0
            Function 04D83680 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1012 4d83680-4d84054 DuplicateHandle 1014 4d8405d-4d8407a 1012->1014 1015 4d84056-4d8405c 1012->1015 1015->1014
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04D83F86,?,?,?,?,?), ref: 04D84047
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 989332598fe985160922cabd9e1547840ae23cd8afef452f75f1ea68e375f564
            • Instruction ID: 39d5e381285c69e883389dc82fbd138eaefb65745a9c65f19d77cf8ac3b47503
            • Opcode Fuzzy Hash: 989332598fe985160922cabd9e1547840ae23cd8afef452f75f1ea68e375f564
            • Instruction Fuzzy Hash: C02105B5900349AFDB10CF9AD884AEEBBF5EB48310F14801AE914A3311D374A940CFA5
            Function 06F003B3 Relevance: 1.6, APIs: 1, Instructions: 64windowCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1023 6f003b3-6f04572 PostMessageW 1026 6f04574-6f0457a 1023->1026 1027 6f0457b-6f0458f 1023->1027 1026->1027
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 06F04565
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: e0484a296c96836f55d7564d92e535a69a77433a6f31edc60b9ee44196c07af8
            • Instruction ID: 90aaa845d9e4b6bf9539c5290a3daf6aec9294e71f5293322ad6305207e6cb5d
            • Opcode Fuzzy Hash: e0484a296c96836f55d7564d92e535a69a77433a6f31edc60b9ee44196c07af8
            • Instruction Fuzzy Hash: 3921BBB68043888FDB11DF99C884BDBBFF4EF49324F20845AD994A7251C335A944CFA5
            Function 04D83FB8 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1018 4d83fb8-4d84054 DuplicateHandle 1019 4d8405d-4d8407a 1018->1019 1020 4d84056-4d8405c 1018->1020 1020->1019
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04D83F86,?,?,?,?,?), ref: 04D84047
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 4ccdec99afbd6c193dbeaa806dd860b1a8f63975fe346a64d4a5a8c41cdd74f5
            • Instruction ID: 1d6ebce24b4c355bf64baa5bd541ecfd8857a81c3bfc3b1d4eed45685a0c9ba8
            • Opcode Fuzzy Hash: 4ccdec99afbd6c193dbeaa806dd860b1a8f63975fe346a64d4a5a8c41cdd74f5
            • Instruction Fuzzy Hash: 7821E3B59002499FDB10CFAAD584AEEBBF5FB48310F24842AE954A7350D378A941CFA5
            Function 06F01EA1 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
            Download Yara Rule
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F01F26
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: 990e2c579312dcd5440cdf5a44d467054dc3f1211c7bd881250e2a6fad8bcc12
            • Instruction ID: ad49c5768d2a6b40d802e2a6c31652f10b79f60377d669f9545ae785bdc05030
            • Opcode Fuzzy Hash: 990e2c579312dcd5440cdf5a44d467054dc3f1211c7bd881250e2a6fad8bcc12
            • Instruction Fuzzy Hash: 5B213871D003098FDB24DFAAC5847EEBBF5EF88321F14842AD419A7240C7789945CFA0
            Function 06F01EA8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
            Download Yara Rule
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F01F26
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: bec87f896448f96ebb312881f4afbd61db3b230f7f45bb3f67d7d8e9142814ea
            • Instruction ID: 341a60d90889990b5b72ef498f72d746dd8cce2d2be9993eb7b6af5b03169d57
            • Opcode Fuzzy Hash: bec87f896448f96ebb312881f4afbd61db3b230f7f45bb3f67d7d8e9142814ea
            • Instruction Fuzzy Hash: DB214971D003098FDB24DFAAC4847EEBBF5EF48310F14842AD419A7241D7789945CFA4
            Function 06F02130 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
            Download Yara Rule
            APIs
            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F021B0
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: 32cbf390dc76eed93606eecaa33867b7f8b0da9c95d34ab63c909d7e9359ba72
            • Instruction ID: 4a5e907a3855c8221178491ebc4da8b42b988b3c01b9988a7310a0ff36d1b553
            • Opcode Fuzzy Hash: 32cbf390dc76eed93606eecaa33867b7f8b0da9c95d34ab63c909d7e9359ba72
            • Instruction Fuzzy Hash: 5C212871C003499FDB10DFAAC884BEEBBF5FF48310F508429E918A7240D7799944CBA4
            Function 04D81550 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
            Download Yara Rule
            APIs
            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04D81DC1,00000800,00000000,00000000), ref: 04D81FD2
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID: LibraryLoad
            • String ID:
            • API String ID: 1029625771-0
            • Opcode ID: f23dad99389a018c619270158a7ea0bab5fea5b8c64ac4c7de26c58a64962b9e
            • Instruction ID: e63f744597b2771396fc489bef55e297cb42f5ed966869421c8075af7f38e63c
            • Opcode Fuzzy Hash: f23dad99389a018c619270158a7ea0bab5fea5b8c64ac4c7de26c58a64962b9e
            • Instruction Fuzzy Hash: 831112B69043499FDB24DF9AC444BEEFBF5EB48310F10842EE919A7200D375A945CFA5
            Function 06F01F80 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F01FEE
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: 11c3e3f0a12a781e2316b137f33059ae4e816164354b6a65fc6259ac9aa0784b
            • Instruction ID: 96b4bac167e42af8c354e77843b37ad3275230c5971d03c742bd407d276839a6
            • Opcode Fuzzy Hash: 11c3e3f0a12a781e2316b137f33059ae4e816164354b6a65fc6259ac9aa0784b
            • Instruction Fuzzy Hash: 66112672D003499FDB24DFAAC844BDEBBF5EF48320F248419E915A7250C775A950CBA4
            Function 06F01F78 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F01FEE
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: eed2ae689b3003bccf671abc7262e5113e3b61cb5754681bd576b11b356cce31
            • Instruction ID: 3d5722166a033be9257a9af8b5b74d2b0f4f6ec9d876d1393e96d9a4d12b855c
            • Opcode Fuzzy Hash: eed2ae689b3003bccf671abc7262e5113e3b61cb5754681bd576b11b356cce31
            • Instruction Fuzzy Hash: 61114772D002498FDB24DFA9C8447DEBBF5EF48320F248419E515A7250C7759950CBA0
            Function 04D81F62 Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
            Download Yara Rule
            APIs
            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04D81DC1,00000800,00000000,00000000), ref: 04D81FD2
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID: LibraryLoad
            • String ID:
            • API String ID: 1029625771-0
            • Opcode ID: 6566966a527aa2e30697df9fbfa25ae6a9440b80eee5fd490e1cfe55ebff791e
            • Instruction ID: cb8b5c433694d154fd3fdb3b06a2d9f97c3822f546aa1378ed91caccc57cb9a4
            • Opcode Fuzzy Hash: 6566966a527aa2e30697df9fbfa25ae6a9440b80eee5fd490e1cfe55ebff791e
            • Instruction Fuzzy Hash: 17111FB69003498FDB14DFAAD484BEEFBF5BB48310F14842EE919A7240C774A545CFA5
            Function 06F01DF8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
            Download Yara Rule
            APIs
            • ResumeThread.KERNELBASE(EC8B5506), ref: 06F01E5A
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: 45daef5146221f3eb4a7108d25bdac5c14076f28c45b9f9e648365db793cc470
            • Instruction ID: 36e1244acf87fb600048980beaec0af68cca84a851fe5cc3b188ff44e723ca7e
            • Opcode Fuzzy Hash: 45daef5146221f3eb4a7108d25bdac5c14076f28c45b9f9e648365db793cc470
            • Instruction Fuzzy Hash: FE1125B1D003488FDB24DFAAC8447EEFBF5EB88320F248419D519A7640CB79A944CBA4
            Function 06F01DF6 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
            Download Yara Rule
            APIs
            • ResumeThread.KERNELBASE(EC8B5506), ref: 06F01E5A
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: 13b54092fe24b7b0c4c0e621a250ae2c6600e39df2d6c7b2225f2709c1384b3e
            • Instruction ID: 6b1d247da6bff9ed9b53dfd2741e45baa5b0f05a84c4875667e8d8e374dc303c
            • Opcode Fuzzy Hash: 13b54092fe24b7b0c4c0e621a250ae2c6600e39df2d6c7b2225f2709c1384b3e
            • Instruction Fuzzy Hash: 0C1125B5D003488FDB24DFAAC4447EFBBF5AB88320F24841AD419A7640C779A945CBA4
            Function 06F003DC Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 06F04565
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: a9282ef75a8de4cf4900ab6b61a36ecc48e5b76052da2713f248dd6c444e70b8
            • Instruction ID: c5553ab4e24ce87f674ed20ff490d764d702b600e92c293dfcf0290fcb873243
            • Opcode Fuzzy Hash: a9282ef75a8de4cf4900ab6b61a36ecc48e5b76052da2713f248dd6c444e70b8
            • Instruction Fuzzy Hash: 411106B5800349DFDB20DF9AD884BEEBBF8EB48314F108419E514A7240D375A944CFA5
            Function 04D81CE0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
            Download Yara Rule
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 04D81D46
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: 316ab0f315153ee4c1cfd537a7b9a6f1eca356f1432a2a6dc4cc47c5443aa346
            • Instruction ID: e43e4a82cd0cee29290a2f165b7f532015c702074919083b393f7cfdbb304626
            • Opcode Fuzzy Hash: 316ab0f315153ee4c1cfd537a7b9a6f1eca356f1432a2a6dc4cc47c5443aa346
            • Instruction Fuzzy Hash: AC110FB6C002498FDB20DF9AD444BDEFBF8AF88310F10842AD828A7210D375A546CFA5
            Function 06F04500 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 06F04565
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: fa9f088afeefa622a969877cce94e340d61b5651976020d7c3bc452c211b8364
            • Instruction ID: 98b2fa55e3b2ab7fde6909eafd3d9587cdef7505de4d1b8ac3d8decd4103d0f7
            • Opcode Fuzzy Hash: fa9f088afeefa622a969877cce94e340d61b5651976020d7c3bc452c211b8364
            • Instruction Fuzzy Hash: 081103B5C00249CFDB20CF99D984BDEBBF4FB48314F24845AE519A7640C379A944CFA5
            Function 05377C36 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Q
            • API String ID: 0-3463352047
            • Opcode ID: cb8a091feb839f9e1c8ef553bbfe0301d976294e10174a20e0ba1d94f1a15291
            • Instruction ID: 359f9551e1247c7ead765693bbab56aa2ab4f79dff667bcd449d686ea791ab39
            • Opcode Fuzzy Hash: cb8a091feb839f9e1c8ef553bbfe0301d976294e10174a20e0ba1d94f1a15291
            • Instruction Fuzzy Hash: 2E51B574F003099FE724DBA5D805B6EB7B2FF88300F248466E915AB395DB749982CB91
            Function 053770DE Relevance: .1, Instructions: 131COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0aff77147fd10c84ad599746abf959547536a9f770c1cc26dacb87e178ffb1bf
            • Instruction ID: e50e840737e0aa5d84c391d118ff065673e71f4346ee8bff66fd3d51fed635be
            • Opcode Fuzzy Hash: 0aff77147fd10c84ad599746abf959547536a9f770c1cc26dacb87e178ffb1bf
            • Instruction Fuzzy Hash: DA419170F14308DFD725DBA8C844BBEBBB6FB44300F1480A6F615AB2A1DB7998458B51
            Function 05376608 Relevance: .1, Instructions: 110COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ffc279ac7ca8e067533919c3dfcfb7f7ef00f2bb00ccc788e68b91d49dfec98f
            • Instruction ID: d9e70f3294f0f55b139ac12181f741a169290fb9b30ef79062ba5d499eee4a05
            • Opcode Fuzzy Hash: ffc279ac7ca8e067533919c3dfcfb7f7ef00f2bb00ccc788e68b91d49dfec98f
            • Instruction Fuzzy Hash: 0741C371E0496ECBCB348F69C8322BDB7B6FB48250F544163E466E6681E37CC840CAA5
            Function 0537BDF0 Relevance: .1, Instructions: 107COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e604d3054e4091eb080c5b9cbdfa864a72796826af225676220a6808e88bd93f
            • Instruction ID: 94c6ba839b835cb29ea71fbef6b8b5b33cbfe0c7495dc92359f302544618c721
            • Opcode Fuzzy Hash: e604d3054e4091eb080c5b9cbdfa864a72796826af225676220a6808e88bd93f
            • Instruction Fuzzy Hash: 56312774E0821DCBDB18CF9AE4506BEFBFBAB89300F14D069D519A3651E7384A41CF60
            Function 05378A5B Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e11d075d11089a04cbcf529ab3da2ee3e42e88c49fff1d578b74d57846bf1bdd
            • Instruction ID: a94d7d20b5019dc04b475c5cdedb3122103f602456d3cff177341773fd2b508b
            • Opcode Fuzzy Hash: e11d075d11089a04cbcf529ab3da2ee3e42e88c49fff1d578b74d57846bf1bdd
            • Instruction Fuzzy Hash: FD31D2B2E0961DDFCB71CFA8C8486BAFBB5BB05200F084567E015DA642D37C9525CBA6
            Function 05378A68 Relevance: .1, Instructions: 85COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 33d12cbcf063c02218a53aab638c03997b1385336b1dce7995bad2f4245f3dbc
            • Instruction ID: 1e5a2bb219bd8bfc0a31f4f00a2ef82ad1899db8c8fc8989f6de532e53668400
            • Opcode Fuzzy Hash: 33d12cbcf063c02218a53aab638c03997b1385336b1dce7995bad2f4245f3dbc
            • Instruction Fuzzy Hash: 7E31B172F0861DCFC7608FA9C88866AF7B5BB05200F488577D115D6641D37C9825CBA6
            Function 0537548C Relevance: .1, Instructions: 77COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 98295569007726fd0887f282b4b86c418932b79a670c9a64a47380ac619503de
            • Instruction ID: dd31f86975fc8e80c2b073817f3a11f3e35963d9b7b6eceeb8377420b4e36616
            • Opcode Fuzzy Hash: 98295569007726fd0887f282b4b86c418932b79a670c9a64a47380ac619503de
            • Instruction Fuzzy Hash: 55116D9781E2D15FD702872898A47D2BF22AF63298B1A51D3C0C28F5A3D4199D2B9763
            Function 00F5D53C Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1397859469.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_f5d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8082c72f9684e2bf345c3bffcdf04415a8c28259355bf53af7961eb87f0d3e91
            • Instruction ID: dfcf76356b3a66efd6de102ba24e87484af753431a256bba91c61ce4ccd14b1d
            • Opcode Fuzzy Hash: 8082c72f9684e2bf345c3bffcdf04415a8c28259355bf53af7961eb87f0d3e91
            • Instruction Fuzzy Hash: AF2148B2500304DFDB25DF00C9C0B26BF65FB94325F28C169EE094B256C336D85AEBA2
            Function 00F6D1D4 Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1397904030.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_f6d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d0e93878c53ca989593dc177dce36b3665c08a1585c330de6498ba0ec5ffa1cc
            • Instruction ID: e3445593f44eea469fbec994578744d96c5b9f0f096548ceff54da7196b6ad8f
            • Opcode Fuzzy Hash: d0e93878c53ca989593dc177dce36b3665c08a1585c330de6498ba0ec5ffa1cc
            • Instruction Fuzzy Hash: BB2129B1E04344DFDB15DF10D9D0B25BBA5FB84324F24C56DD8094B256C376D846DA61
            Function 00F6D0EC Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1397904030.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_f6d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 183b4f0ae45d21df39abc97bc135a4b11443c40b5ffc1746427efb540cc51324
            • Instruction ID: e309e76489ebe71e5b6dc861d62a25e17af892322533db279a47667e812014d5
            • Opcode Fuzzy Hash: 183b4f0ae45d21df39abc97bc135a4b11443c40b5ffc1746427efb540cc51324
            • Instruction Fuzzy Hash: F62129B5E04344DFEB04DF10D9C0B26BB65FB85324F24C56DD8094F256C3B6D846DAA1
            Function 00F5D537 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1397859469.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_f5d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
            • Instruction ID: ba3cd5eeee4f8ecf61369731c808613d40d77eab9b244758eab4dc4fd18da9ea
            • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
            • Instruction Fuzzy Hash: 54112676804240CFCB12CF00D5C0B16BF72FB94324F28C5A9DD094B256C33AD85ADBA2
            Function 05378BB8 Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0acc0802267644b59219d4b6866ed38f36c0c6d9143ef7156da598113599df04
            • Instruction ID: a440f4087d382403ec18292b42ec670c53f71e2c8add4198ea84a71d13b0524a
            • Opcode Fuzzy Hash: 0acc0802267644b59219d4b6866ed38f36c0c6d9143ef7156da598113599df04
            • Instruction Fuzzy Hash: 8E1126B1F45209DBEB749A15880DF2AF357FBC5B00F658469E102AF2A1CAF5C801C706
            Function 00F6D0E7 Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1397904030.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_f6d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
            • Instruction ID: 41e147cb9ad1da704a4e4f3aad932c080e10ab7c71b0c3b2d5b50d413d313e04
            • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
            • Instruction Fuzzy Hash: 7811D075A04240DFEB05CF10D9C0B15BB71FB85324F28C6AAD8494B656C37AD80ACF91
            Function 00F6D1CF Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1397904030.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_f6d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
            • Instruction ID: 8a67f1ab3c9534c59c035195fd9f42bd2f316ef937889a73cc4673801cdca12a
            • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
            • Instruction Fuzzy Hash: 4E118B75A04280DFDB16CF10D9D4B15BBB1FB84324F28C6AAD8494B696C33AD84ADB61
            Function 0537BFF0 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65447c83579dd76b51142ba192e9a3ad18e3af4dab8bdba9881ca1e9f69da15f
            • Instruction ID: e676160f0466ae74f5c13183c3e111aa5849e4c9f793722a26769a8cbcd49c62
            • Opcode Fuzzy Hash: 65447c83579dd76b51142ba192e9a3ad18e3af4dab8bdba9881ca1e9f69da15f
            • Instruction Fuzzy Hash: 1011D674D0920CDFCB54DF99C5409ADBBFABB49300F10A6999419A7302D374DA44DF80
            Function 0537D3B8 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9ca98bd44e0f66732743aa095c06439060d8e03442d4b013f43624d53fb3e75
            • Instruction ID: 467cdf51287f5b516fb7171a3d3e2be409254f99a15cc1aa681194b6ed55ce97
            • Opcode Fuzzy Hash: e9ca98bd44e0f66732743aa095c06439060d8e03442d4b013f43624d53fb3e75
            • Instruction Fuzzy Hash: 73F08C70D0D20CDBE714CF99D5409BDBBBEEF8A300F00D9A5D4096B212C7749A05DB40
            Function 0537FDB0 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 33928b7bf483de7f915050e5da481ae69680dac0e7c1ca4e24ba5e03f81daeff
            • Instruction ID: 1b39c36015548bf8f74549a10081ece755d3c6999e9f298378a9600f006b7afe
            • Opcode Fuzzy Hash: 33928b7bf483de7f915050e5da481ae69680dac0e7c1ca4e24ba5e03f81daeff
            • Instruction Fuzzy Hash: 91F039B5D0420CEFCB84EFA8D40569DBBB1FB88305F00C0AAED18A3340D6345A54DF81
            Function 0537C088 Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c8e905df0a4318744c9fcece43a61987fe4630398705a5c651431a8f991cb75
            • Instruction ID: d6e6776fc809466a36cca445c32719f7fdf4fddb775e290cd9b7122563dd5298
            • Opcode Fuzzy Hash: 1c8e905df0a4318744c9fcece43a61987fe4630398705a5c651431a8f991cb75
            • Instruction Fuzzy Hash: EEE012B0D0020D9FC750EFB9C908A9EBFF0AB08200F1084AAC418E7211E7748A008F81
            Function 0537B540 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f376572124b10b7d6e2a8e5a0e8b0117c4b7e401d60b7b609d16ba097fd07284
            • Instruction ID: f0d2d0972d3a40f079ef89d861d0d06346d22e35ca2b6d922397ccec3278865a
            • Opcode Fuzzy Hash: f376572124b10b7d6e2a8e5a0e8b0117c4b7e401d60b7b609d16ba097fd07284
            • Instruction Fuzzy Hash: EEE017B4D1620CEFCB88EFBCE54A69CBBF5AB04311F1041A9CD09A3340E6705A80DF51
            Function 05378A18 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e0373d672ed0fe61e321c3c9b2af401a0163518d0fc466c9887cbaa38088cf58
            • Instruction ID: f23d925fb3577940cbcb677d37d81f51f9e2130cfd2ff2f6f81ef623bf6bfdca
            • Opcode Fuzzy Hash: e0373d672ed0fe61e321c3c9b2af401a0163518d0fc466c9887cbaa38088cf58
            • Instruction Fuzzy Hash: 2BD02BD3E0824CDFEF704760C43C321B6577785701F0404BD8046DA281EE598540CF23
            Function 0537AB28 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ba24e08594f58b172575ad64fe52c29d2cf42a911abf192e9b126c46b46ee0f7
            • Instruction ID: ac79a1cd64b7d1718db8d693f8471d13b5b07851830d0ac80f2279b3b88891f4
            • Opcode Fuzzy Hash: ba24e08594f58b172575ad64fe52c29d2cf42a911abf192e9b126c46b46ee0f7
            • Instruction Fuzzy Hash: 97D0A7B1845308AFD2582B64B80A3757AA7B781305F040025F60B12090CA680410C762
            Function 05377470 Relevance: .0, Instructions: 10COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 47470d0404a7720a80bd8c9b479fa32df7668e284f2b56a302859bcce8a420eb
            • Instruction ID: 4985df6245ce243556a8f32962506d67e8e37bd403aa5e4effaa003397d0d184
            • Opcode Fuzzy Hash: 47470d0404a7720a80bd8c9b479fa32df7668e284f2b56a302859bcce8a420eb
            • Instruction Fuzzy Hash: 4EB092E7B1004107F30868108A1676A18A7ABF4B86B82801A5B06613A59D46A9266027
            Function 0537AB38 Relevance: .0, Instructions: 10COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 224b4c1224e26b6b55ef97e5263d3b6ee20ab4e7f6d033c529c973d0ef556d5c
            • Instruction ID: f6e02e8edd4775442388839ad6e56c100b2f2e0d28c525b66fd60a3ef02bc880
            • Opcode Fuzzy Hash: 224b4c1224e26b6b55ef97e5263d3b6ee20ab4e7f6d033c529c973d0ef556d5c
            • Instruction Fuzzy Hash: 86C08CB0851308CBD2542BA8B90F32876BBB780206F040020EB0E02410CAB40000CB21
            Function 053755AC Relevance: .0, Instructions: 8COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eeac4d020808f18108babb2700dcade208281d20362aab1fc5f1f2cd7c9e9078
            • Instruction ID: c6ba8db81de9fb81429266f26df76be380c3060118ef4df2c48dd9d5572db6cb
            • Opcode Fuzzy Hash: eeac4d020808f18108babb2700dcade208281d20362aab1fc5f1f2cd7c9e9078
            • Instruction Fuzzy Hash: 15B0127D668645A3951062604898B2F94BAEBE6700B80CC05724A40010C4745879FB3F
            Function 0537B05B Relevance: .0, Instructions: 8COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 80d9fd52feb91723e8af9221a17dcb7ca1e6ff4556391ed47dc3293b3c433255
            • Instruction ID: 3a8e81204a513af5a04307ab7db11051486169a44bdbda2999eafe493f4e2ceb
            • Opcode Fuzzy Hash: 80d9fd52feb91723e8af9221a17dcb7ca1e6ff4556391ed47dc3293b3c433255
            • Instruction Fuzzy Hash: 02C012749043298FCBA4EB28C985BA8777EAB49200F0082D0D10EAA124CB701EC8CF02

            Non-executed Functions

            Function 04D86C80 Relevance: .3, Instructions: 315COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 42c05cf693b950b5081411aa556be0866998f52feac4f5ef329cf1dfa24dfcf6
            • Instruction ID: d0cc02a419ba5c2b25da86fae19d20b0bda4aa647f50fd18f73bb075c9f5d3ba
            • Opcode Fuzzy Hash: 42c05cf693b950b5081411aa556be0866998f52feac4f5ef329cf1dfa24dfcf6
            • Instruction Fuzzy Hash: 3E12B3B8501745AAE752DF65EA4C3893BA2FB4531CF904709C2612B2E5DBBC194ACFC4
            Function 06F015D0 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e0e81cb0bb90b385cfa558a0fb395861b5dd1259f0fe9f565ef5f7b80fb3566f
            • Instruction ID: f7a778bd9f2e3f84e87fef2171956a41eccaef30b71c89759df25953adf4d2db
            • Opcode Fuzzy Hash: e0e81cb0bb90b385cfa558a0fb395861b5dd1259f0fe9f565ef5f7b80fb3566f
            • Instruction Fuzzy Hash: 25E1F974E002598FDB54DFA9C580AAEFBF2FF89304F24816AD454AB355D734A942CF60
            Function 06F01198 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d3314d808db2e1894d4b22fcc469a124c6a4937be9f40b26a6804a3b6be52880
            • Instruction ID: 3999ecb4b9b9e67535d01fe8cdb37e107a1a700c0369dcc2c51ea04bdaa9b750
            • Opcode Fuzzy Hash: d3314d808db2e1894d4b22fcc469a124c6a4937be9f40b26a6804a3b6be52880
            • Instruction Fuzzy Hash: 0EE10B74E002598FDB54DFA9C580AAEFBF2FF89304F24826AD414AB355D734A941CFA1
            Function 0537F540 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 941556a40c11ea39d9817abf32e017c964f73993e3cc4a6600a919c641b3d476
            • Instruction ID: c58f0b80df65d432a5e3be1960dd5eb7790fe1c6ed685224a2e312dddb6987f3
            • Opcode Fuzzy Hash: 941556a40c11ea39d9817abf32e017c964f73993e3cc4a6600a919c641b3d476
            • Instruction Fuzzy Hash: C3E1F874E042599FDB14DFA9C580AAEFBF2FF89304F2481AAD414AB355D734A942CF60
            Function 0537F108 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eab2dd247d243d112874b7d527a721370e161ea3f5b11acb1565bd2c16896923
            • Instruction ID: 20768f0519215b63d6071651a8464cab5eb17ec1d4a5856fe366d7d04a6eb3e5
            • Opcode Fuzzy Hash: eab2dd247d243d112874b7d527a721370e161ea3f5b11acb1565bd2c16896923
            • Instruction Fuzzy Hash: 4FE10A74E042598FDB14DFA9C580AAEFBF2FF89304F24826AD414AB355D734A942CF61
            Function 0537F978 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 514a0e3f15a0cd72edfbe407c7a8c249859da8f3d0308550572f434bd5bd88f9
            • Instruction ID: f3debaef13b71b2c2d249d750a6cf1fe29709aa8da8968023f56ade135b9753f
            • Opcode Fuzzy Hash: 514a0e3f15a0cd72edfbe407c7a8c249859da8f3d0308550572f434bd5bd88f9
            • Instruction Fuzzy Hash: 41E10974E042598FDB14DFA9C580AAEFBF2FF89304F24816AD414AB355D734A942CF61
            Function 05370006 Relevance: .3, Instructions: 288COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d4ef75a977049b807a2c4413d30ff703de0f9d5078e0ca71e3d35b57f359fbe
            • Instruction ID: d707083a3ffe2115b38b121cb8e31e8990240e02d0f0bdeae10c1c2ab4e5865e
            • Opcode Fuzzy Hash: 0d4ef75a977049b807a2c4413d30ff703de0f9d5078e0ca71e3d35b57f359fbe
            • Instruction Fuzzy Hash: 97E1463592074A8ACB11EF64C89169DB7B1FF9A300F60C79AE4097B211EF706AC4CF91
            Function 04D848C4 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d7012daf37ed9d7f8b4c2f931abdd32949dddee2504cb6c141d99fa8f454166
            • Instruction ID: 770783098beb03da7424c30e86c87f0c95c868b891c83765f70967716c07477f
            • Opcode Fuzzy Hash: 0d7012daf37ed9d7f8b4c2f931abdd32949dddee2504cb6c141d99fa8f454166
            • Instruction Fuzzy Hash: 91A19F32F002069FCF19EFB5D8505AEB7B2FF85304B15416EE805AB265EB31E946CB90
            Function 05370040 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401187718.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5370000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 602ad804886ac794a9850ca6ed3d83158960ee9e72a2dca8af19761a3d0ad240
            • Instruction ID: 7d0e32c1e3254309e9e13d2f380895462bd651c57026cac69b5c27d50619cd83
            • Opcode Fuzzy Hash: 602ad804886ac794a9850ca6ed3d83158960ee9e72a2dca8af19761a3d0ad240
            • Instruction Fuzzy Hash: 95D1F43592071A8ACB11EB64D89169DB7B5FF9A300F60C79AE5093B250EF706AC4CF91
            Function 04D86C71 Relevance: .2, Instructions: 237COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1400575105.0000000004D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D80000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4d80000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a54544b0daaea250055b37b1196e15068a60ff2d1e01528c82ce5f424e5427a0
            • Instruction ID: 12ff513bc80525342d5f4e02757f9ac966a5810348e8dac2c736c73cc8b5040c
            • Opcode Fuzzy Hash: a54544b0daaea250055b37b1196e15068a60ff2d1e01528c82ce5f424e5427a0
            • Instruction Fuzzy Hash: D2C1F6B8901745AED712DF79E9483897BB2FB8932CF514709D1612B2D1DBBC184ACF84
            Function 06F0393D Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1401476618.0000000006F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6f00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6f2a03e2e21a46810a69324f1965fca92c195184d481b1fccf43c1d3ac0fcd00
            • Instruction ID: 4d5b379aaa7d22c3e5ba7168e504ca4d0abcbabd10b82b88cb2e4649b2efb6a8
            • Opcode Fuzzy Hash: 6f2a03e2e21a46810a69324f1965fca92c195184d481b1fccf43c1d3ac0fcd00
            • Instruction Fuzzy Hash: 7EE03977D49149DFEB849A44E4496F8B7BEA78B322F006091C90EA3691D3704988DA40

            Execution Graph

            Execution Coverage:0.6%
            Dynamic/Decrypted Code Coverage:6.2%
            Signature Coverage:10.9%
            Total number of Nodes:64
            Total number of Limit Nodes:6
            execution_graph 96815 402454 96816 40246d 96815->96816 96819 430377 96816->96819 96822 42e8d7 96819->96822 96821 4024e2 96823 42e8fa 96822->96823 96828 407e07 96823->96828 96825 42e910 96827 42e92f 96825->96827 96831 41b887 NtClose 96825->96831 96827->96821 96830 407e14 96828->96830 96832 416c37 96828->96832 96830->96825 96831->96827 96833 416c51 96832->96833 96835 416c67 96833->96835 96836 42d6c7 96833->96836 96835->96830 96838 42d6e1 96836->96838 96837 42d710 96837->96835 96838->96837 96843 42c327 96838->96843 96841 42ece7 RtlFreeHeap 96842 42d780 96841->96842 96842->96835 96844 42c344 96843->96844 96847 2e02c0a 96844->96847 96845 42c36d 96845->96841 96848 2e02c11 96847->96848 96849 2e02c1f LdrInitializeThunk 96847->96849 96848->96845 96849->96845 96787 425467 96790 425480 96787->96790 96788 425513 96789 4254cb 96795 42ece7 96789->96795 96790->96788 96790->96789 96793 42550e 96790->96793 96794 42ece7 RtlFreeHeap 96793->96794 96794->96788 96798 42cff7 96795->96798 96797 4254db 96799 42d014 96798->96799 96800 42d022 RtlFreeHeap 96799->96800 96800->96797 96801 42ff07 96802 42ece7 RtlFreeHeap 96801->96802 96803 42ff1c 96802->96803 96804 42fea7 96805 42feb7 96804->96805 96806 42febd 96804->96806 96809 42edc7 96806->96809 96808 42fee3 96812 42cfb7 96809->96812 96811 42ede2 96811->96808 96813 42cfd1 96812->96813 96814 42cfdf RtlAllocateHeap 96813->96814 96814->96811 96850 42c2d7 96851 42c2f4 96850->96851 96854 2e02df0 LdrInitializeThunk 96851->96854 96852 42c319 96854->96852 96855 4250d7 96856 4250f3 96855->96856 96857 42511b 96856->96857 96858 42512f 96856->96858 96859 42cca7 NtClose 96857->96859 96865 42cca7 96858->96865 96861 425124 96859->96861 96862 425138 96868 42ee07 RtlAllocateHeap 96862->96868 96864 425143 96866 42ccc1 96865->96866 96867 42cccf NtClose 96866->96867 96867->96862 96868->96864

            Executed Functions

            Function 0042CCA7 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 10 42cca7-42ccdd call 4050f7 call 42dea7 NtClose
            APIs
            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCD8
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: c8a923d74aaa43b35c1a66fc44d62fec0e82fffb0884a48136f881318f0e9087
            • Instruction ID: 8d802af23a96eb3e2a23b59d206ea9c736b9fb4daf8d4af3e33f4eec0506bef9
            • Opcode Fuzzy Hash: c8a923d74aaa43b35c1a66fc44d62fec0e82fffb0884a48136f881318f0e9087
            • Instruction Fuzzy Hash: 75E086752006147FD220FB5ADC01E9B776CDFC5714F004029FA0867541CA70B901CBF5
            Function 02E02C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 15 2e02c0a-2e02c0f 16 2e02c11-2e02c18 15->16 17 2e02c1f-2e02c26 LdrInitializeThunk 15->17
            APIs
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 60d2253336c8b1ac7b5e273e60cf18fa84ec33592520c94e83498eb7f576745e
            • Instruction ID: 92fa6b90429d0454ae59e3c0afc9a60b75fd0dd675e942ff374d2421faf88218
            • Opcode Fuzzy Hash: 60d2253336c8b1ac7b5e273e60cf18fa84ec33592520c94e83498eb7f576745e
            • Instruction Fuzzy Hash: 62B09B719815C5C6EE51E7604A4D717794067D1705F55D075D3030685E4738C1D1F175
            Function 02E02DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 19 2e02df0-2e02dfc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: c1740f22167501da2ff574a78e504326b7d3a1e16ce0909205a9333e11ab2087
            • Instruction ID: d93497a2c5cdfb1d876623ec509b9756267dac029dc8870a335e9e7b320a6b5e
            • Opcode Fuzzy Hash: c1740f22167501da2ff574a78e504326b7d3a1e16ce0909205a9333e11ab2087
            • Instruction Fuzzy Hash: 4C90023128140413E551B1584505707100987D1241FD5D422A042455CD97568A52E121
            Function 0042CFF7 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 5 42cff7-42d038 call 4050f7 call 42dea7 RtlFreeHeap
            APIs
            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,107A408C,00000007,00000000,00000004,00000000,004177F7,000000F4), ref: 0042D033
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID:
            • API String ID: 3298025750-0
            • Opcode ID: 684f59b4a99ecffe6300779fca406fb77f66ca9d20013df4dcb2258938b19368
            • Instruction ID: 50a970cbb9cf587688883670e7fd4a2bd9f4f6141dc7605489c8062515ee2a89
            • Opcode Fuzzy Hash: 684f59b4a99ecffe6300779fca406fb77f66ca9d20013df4dcb2258938b19368
            • Instruction Fuzzy Hash: 6EE09A72200608BBD620EF4ADC42FAB33ADEFC9710F004419F908A7241DA30B810CBB9
            Function 0042CFB7 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 0 42cfb7-42cff5 call 4050f7 call 42dea7 RtlAllocateHeap
            APIs
            • RtlAllocateHeap.NTDLL(?,0041ED22,?,?,00000000,?,0041ED22,?,?,?), ref: 0042CFF0
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: AllocateHeap
            • String ID:
            • API String ID: 1279760036-0
            • Opcode ID: 7ca60c6cb48d5b57d0494ce1412e428a874c562911fc2f1f7796968a1db6dd3e
            • Instruction ID: 34f0e98fa0a2fdc3a51bb3ba3cb3d15b2438fc244a9af6a793f07796520581a7
            • Opcode Fuzzy Hash: 7ca60c6cb48d5b57d0494ce1412e428a874c562911fc2f1f7796968a1db6dd3e
            • Instruction Fuzzy Hash: F3E092712006047BD614EF59DC42EAB33ACDFC5710F004419F908A7282CA30B911CBB5

            Non-executed Functions

            Function 02E42349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2160512332
            • Opcode ID: ee81e19526b7177a5b9c8b6468f0789f3a5e133b188631ef1ded2d5d89e8cc02
            • Instruction ID: 5a644d9ee365f5324c48f35b15d351d4d56c38cf2340defa14222f404231eab1
            • Opcode Fuzzy Hash: ee81e19526b7177a5b9c8b6468f0789f3a5e133b188631ef1ded2d5d89e8cc02
            • Instruction Fuzzy Hash: 3E92BC71684341ABE725DE24D880B6BB7E9BF84718F04991DFF84D7290DB70E844CBA2
            Function 00401440 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 257COMMON
            Download Yara Rule
            APIs
            • DefWindowProcW.USER32(?,?,?,?), ref: 0040152C
            • DefWindowProcW.USER32(?,00000111,?,?,00006D72), ref: 004015E3
            • DestroyWindow.USER32(?,00006D72), ref: 00401602
            • DialogBoxParamW.USER32(?,00000067,?,00401750,00007D08), ref: 00401677
            • BeginPaint.USER32(?,?), ref: 004016B2
            • EndPaint.USER32(?,?), ref: 004016E3
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Window$PaintProc$BeginDestroyDialogParam
            • String ID: VUUU$gfff$gp$rm$|'
            • API String ID: 1747845075-1856886469
            • Opcode ID: 13080e919f97487650c37bc551e8849b830f3dc1133e974430a0e127116b7626
            • Instruction ID: e63953aaf0a57ee63268fd2e31bd4fb6ef8de1a5beb50af963aeee86476893d6
            • Opcode Fuzzy Hash: 13080e919f97487650c37bc551e8849b830f3dc1133e974430a0e127116b7626
            • Instruction Fuzzy Hash: E681A1716042029BD718CF28DC4566BB7E5EBD8305F148A3FF596DB3E0E639D9018B8A
            Function 02DF8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
            Download Yara Rule
            Strings
            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02E3540A, 02E35496, 02E35519
            • undeleted critical section in freed memory, xrefs: 02E3542B
            • Thread is in a state in which it cannot own a critical section, xrefs: 02E35543
            • corrupted critical section, xrefs: 02E354C2
            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02E354E2
            • Critical section address, xrefs: 02E35425, 02E354BC, 02E35534
            • double initialized or corrupted critical section, xrefs: 02E35508
            • Critical section debug info address, xrefs: 02E3541F, 02E3552E
            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02E354CE
            • Thread identifier, xrefs: 02E3553A
            • Address of the debug info found in the active list., xrefs: 02E354AE, 02E354FA
            • Invalid debug info address of this critical section, xrefs: 02E354B6
            • Critical section address., xrefs: 02E35502
            • 8, xrefs: 02E352E3
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
            • API String ID: 0-2368682639
            • Opcode ID: 449a57c515fb25403caddc2974e20dd92dc7fe0bfec6a009e3e691b44a0b5787
            • Instruction ID: a16fea37b4fbf6c2fec40ba1d8b14657596a2a72ba8d8da3c7b9f32d291680f2
            • Opcode Fuzzy Hash: 449a57c515fb25403caddc2974e20dd92dc7fe0bfec6a009e3e691b44a0b5787
            • Instruction Fuzzy Hash: FE8169B1A80348AEEB21CF95D845FAEBBB6BB08714F508119F906F7740D3B1AD45DB60
            Function 02DF29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
            Download Yara Rule
            Strings
            • RtlpResolveAssemblyStorageMapEntry, xrefs: 02E3261F
            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 02E32409
            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 02E32624
            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 02E324C0
            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 02E32506
            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 02E322E4
            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 02E325EB
            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 02E32498
            • @, xrefs: 02E3259B
            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 02E32602
            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 02E32412
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
            • API String ID: 0-4009184096
            • Opcode ID: 1ebe52f08922bee683dbdb29acc34d44d549d36af06fb6659b4d452227fe9472
            • Instruction ID: b787e8a65b943c97925d66e3bf2fb3caf60071ca4a7102633b3f3be5a7132a63
            • Opcode Fuzzy Hash: 1ebe52f08922bee683dbdb29acc34d44d549d36af06fb6659b4d452227fe9472
            • Instruction Fuzzy Hash: 380281B1D402289BDB61DB14CC84BD9B7B8AF44718F0151DAEB4DA7241DB709F84CFA9
            Function 02E68B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
            • API String ID: 0-2515994595
            • Opcode ID: efd63fe7925eeecd285d800c384371c87e5820d72b7a5c9377b3ba49120f82fb
            • Instruction ID: 21e0181421d3c31687a633f2c5a7a37f604e5a028c6ed8c9ef889ec99055d559
            • Opcode Fuzzy Hash: efd63fe7925eeecd285d800c384371c87e5820d72b7a5c9377b3ba49120f82fb
            • Instruction Fuzzy Hash: 3D51F4B16953019BD724CF148848BBBB7EDEF89388F14891DB98583380E770D948CBA2
            Function 004468DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • IsDebuggerPresent.KERNEL32 ref: 00446B46
            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00446B5B
            • UnhandledExceptionFilter.KERNEL32(0D), ref: 00446B66
            • GetCurrentProcess.KERNEL32(C0000409), ref: 00446B82
            • TerminateProcess.KERNEL32(00000000), ref: 00446B89
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
            • String ID: 0D
            • API String ID: 2579439406-130544292
            • Opcode ID: d81b6c25e19a2d9ec8cae1b589d1c6b02e17c022864dc1bb6803dd6e7f13deb2
            • Instruction ID: db24e8c91dee091c23784a222e96b2410af1c8344314e4df57f2b287ac0a89ff
            • Opcode Fuzzy Hash: d81b6c25e19a2d9ec8cae1b589d1c6b02e17c022864dc1bb6803dd6e7f13deb2
            • Instruction Fuzzy Hash: 4721C4BD801308DFE710DF6AF9CA6447BA0FB0A315F10447AE50987361EBB4A9858F5E
            Function 02E70274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
            • API String ID: 0-1700792311
            • Opcode ID: dccf9686664d32c8ab3715b07ec5ea00d2466babba589bc523128271fb2de1d4
            • Instruction ID: 637621a027778604a0456bb84625eb8e8f9fa4fac2c7e0ea68302b268d437081
            • Opcode Fuzzy Hash: dccf9686664d32c8ab3715b07ec5ea00d2466babba589bc523128271fb2de1d4
            • Instruction Fuzzy Hash: B4D1EE31980685EFDB22DF68D460AAABBF2FF49708F08D059E4469B752D734D984CF20
            Function 02E489B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
            Download Yara Rule
            Strings
            • VerifierDebug, xrefs: 02E48CA5
            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 02E48A67
            • HandleTraces, xrefs: 02E48C8F
            • AVRF: -*- final list of providers -*- , xrefs: 02E48B8F
            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 02E48A3D
            • VerifierFlags, xrefs: 02E48C50
            • VerifierDlls, xrefs: 02E48CBD
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
            • API String ID: 0-3223716464
            • Opcode ID: cfffc52641bb4d4e6ecc681fc4d9c6dd30c904e94f00ba7048ccad1828f35483
            • Instruction ID: a644bf88b8b83fac23a93bc7f27d7729fdb4a5fc59580942bec55b143ba57be5
            • Opcode Fuzzy Hash: cfffc52641bb4d4e6ecc681fc4d9c6dd30c904e94f00ba7048ccad1828f35483
            • Instruction Fuzzy Hash: 06912471AC63019FDB12DF28AC90B9B73A9EF41718F849858FA456B341CB709D44CBA5
            Function 02DCEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
            • API String ID: 0-1109411897
            • Opcode ID: 9e1a5398833acfea73d67bc9f3ec896e30ca6723d2a962446c8ed9f94b737abd
            • Instruction ID: ab524edf082ff4aab8901bcbe38f73d1827dd7d9a1c396404d0a2c1623cedbb5
            • Opcode Fuzzy Hash: 9e1a5398833acfea73d67bc9f3ec896e30ca6723d2a962446c8ed9f94b737abd
            • Instruction Fuzzy Hash: 05A24D74A0566A8FDB64DF15CD887A9B7B5BF44304F2482EAD84EA7390DB309E85CF00
            Function 02DF63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
            • API String ID: 0-792281065
            • Opcode ID: ea3779b1c3f189232ba7dc55020e961a0ce3a2e1dbb8ff4eec1fd2929df4fd82
            • Instruction ID: fbdc8719d9b6be41855ef6c205cc6456ec4120f81be3878af1c163851c80eda6
            • Opcode Fuzzy Hash: ea3779b1c3f189232ba7dc55020e961a0ce3a2e1dbb8ff4eec1fd2929df4fd82
            • Instruction Fuzzy Hash: 2D913530AC02109BEB26EF15E849BAB37A5BF01B18F459528EA157BBC0D770DC41CBD4
            Function 02DB645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
            Download Yara Rule
            Strings
            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 02E19A01
            • apphelp.dll, xrefs: 02DB6496
            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 02E199ED
            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 02E19A2A
            • minkernel\ntdll\ldrinit.c, xrefs: 02E19A11, 02E19A3A
            • LdrpInitShimEngine, xrefs: 02E199F4, 02E19A07, 02E19A30
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-204845295
            • Opcode ID: 143979440b93f8141115b8d46922d533912be2a353d26cb011c199f60ed7f0be
            • Instruction ID: a5d28c3de594843371a8ec82af4ed3c1ac6b8cc44eb0eef03ddcb72e0f968feb
            • Opcode Fuzzy Hash: 143979440b93f8141115b8d46922d533912be2a353d26cb011c199f60ed7f0be
            • Instruction Fuzzy Hash: D751E2716883049FE725DF20D8A1F9B77E9EF84748F404929F98697291D730ED48CBA2
            Function 02DFC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • LdrpInitializeImportRedirection, xrefs: 02E38177, 02E381EB
            • LdrpInitializeProcess, xrefs: 02DFC6C4
            • Unable to build import redirection Table, Status = 0x%x, xrefs: 02E381E5
            • minkernel\ntdll\ldrinit.c, xrefs: 02DFC6C3
            • Loading import redirection DLL: '%wZ', xrefs: 02E38170
            • minkernel\ntdll\ldrredirect.c, xrefs: 02E38181, 02E381F5
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-475462383
            • Opcode ID: 05afe119f81cd6710939c150d5b93b2dda840a25d90f046804af6d7e9319dc81
            • Instruction ID: cb7010ca5c05bd08002d69820fc143944866f49386343329b927f7fc04e33199
            • Opcode Fuzzy Hash: 05afe119f81cd6710939c150d5b93b2dda840a25d90f046804af6d7e9319dc81
            • Instruction Fuzzy Hash: C33115717883459FD215EF28DC4AE2BB796EF84B14F054998F9856B391E620DC04CBB2
            Function 02DF2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 02E3219F
            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 02E32178
            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 02E32180
            • SXS: %s() passed the empty activation context, xrefs: 02E32165
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 02E321BF
            • RtlGetAssemblyStorageRoot, xrefs: 02E32160, 02E3219A, 02E321BA
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
            • API String ID: 0-861424205
            • Opcode ID: c699c10eade15198cd88c8d2adb072aed6c6c31d3e0de2d3638e17b4f548ac6b
            • Instruction ID: 6160c661b564af9a367a6721e8a38be9fdbcb0f6a5a9c499f3aee9f084cdba31
            • Opcode Fuzzy Hash: c699c10eade15198cd88c8d2adb072aed6c6c31d3e0de2d3638e17b4f548ac6b
            • Instruction Fuzzy Hash: B3310432B8022477FB228AA59C89F6EB779DB54B44F068059FF05AB340D6709E00CAF0
            Function 02E0096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 02E02DF0: LdrInitializeThunk.NTDLL ref: 02E02DFA
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E00BA3
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E00BB6
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E00D60
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E00D74
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
            • String ID:
            • API String ID: 1404860816-0
            • Opcode ID: 580d3f167569166099ccd5b18a276ae24bb2f49ca4d7a27bcc1950b809b0e9b6
            • Instruction ID: 897649ae27da99b2739090b79cd17d5607e1018b96940d611102df7e3e5d72c2
            • Opcode Fuzzy Hash: 580d3f167569166099ccd5b18a276ae24bb2f49ca4d7a27bcc1950b809b0e9b6
            • Instruction Fuzzy Hash: 59427D71940715DFDB21CF24C884BAAB7F5FF44314F1485AAE989EB282D770AA85CF60
            Function 02DCA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
            • API String ID: 0-379654539
            • Opcode ID: 10fc1501596728c31adc6f0613072273163744bd05701fc839cc3f06cf10110a
            • Instruction ID: d2c1984dab55a5f7be1bcc043614f69316fab3e4179b880943b2d784c29f6291
            • Opcode Fuzzy Hash: 10fc1501596728c31adc6f0613072273163744bd05701fc839cc3f06cf10110a
            • Instruction Fuzzy Hash: F1C1687421838A8FC711DF18C444BAAB7E4BF84708F10996EF99A8B350E734CD49CB62
            Function 02DF8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
            Download Yara Rule
            Strings
            • LdrpInitializeProcess, xrefs: 02DF8422
            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 02DF855E
            • @, xrefs: 02DF8591
            • minkernel\ntdll\ldrinit.c, xrefs: 02DF8421
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1918872054
            • Opcode ID: 725723410acc1ddee9acded95368258b15982fc39efa42dffb9106cba64977b6
            • Instruction ID: 5a05d8594962d495bd9899b575227084eb1b94b50e2206ee100d7b58d0e564ef
            • Opcode Fuzzy Hash: 725723410acc1ddee9acded95368258b15982fc39efa42dffb9106cba64977b6
            • Instruction Fuzzy Hash: AF918D71588741AFDB21EB61CC84F6BB6E9AB88744F40492EFA84D6250D330DD44DF66
            Function 02DF273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
            Download Yara Rule
            Strings
            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 02E321D9, 02E322B1
            • SXS: %s() passed the empty activation context, xrefs: 02E321DE
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 02E322B6
            • .Local, xrefs: 02DF28D8
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
            • API String ID: 0-1239276146
            • Opcode ID: 02ca4e3633a97fd0effd24e87de9fd10ed68f71c37a39f802725ef51b4587854
            • Instruction ID: 571f871161e57d98cfcc3a612de3a08b4fa0eda422859025102a023fbe0dbe00
            • Opcode Fuzzy Hash: 02ca4e3633a97fd0effd24e87de9fd10ed68f71c37a39f802725ef51b4587854
            • Instruction Fuzzy Hash: 98A1AD31980229DBDB65CF64DC88BA9B3B1BF58318F1641E9DE48AB350D7309E80CF94
            Function 02DF4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
            Download Yara Rule
            Strings
            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 02E33456
            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 02E33437
            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 02E3342A
            • RtlDeactivateActivationContext, xrefs: 02E33425, 02E33432, 02E33451
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
            • API String ID: 0-1245972979
            • Opcode ID: 931d9cea7349cf588faa7e16e4ea17df832478104beb9863d1f436e70fe682e3
            • Instruction ID: da322a085b4c2f5eda198b6094b8d32999bc7589b455f3ff9cd7f2bd7da0e027
            • Opcode Fuzzy Hash: 931d9cea7349cf588faa7e16e4ea17df832478104beb9863d1f436e70fe682e3
            • Instruction Fuzzy Hash: BA6125326807119BD723CF18C885F2BB3A5EF80B69F158569EA959B340DB30EC00CBE5
            Function 02DC64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
            Download Yara Rule
            Strings
            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 02E2106B
            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 02E21028
            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 02E20FE5
            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 02E210AE
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
            • API String ID: 0-1468400865
            • Opcode ID: 6fb036e75d2fbbc782752ea03ab16a9b452929de0e5c96f6ab0f4d9247246dd8
            • Instruction ID: a0c3033c6fae338e0e342f4b7b9325e12155062f0bb2cf352f68396babe2fb1f
            • Opcode Fuzzy Hash: 6fb036e75d2fbbc782752ea03ab16a9b452929de0e5c96f6ab0f4d9247246dd8
            • Instruction Fuzzy Hash: AC71EEB19443059FDB20DF14C884F9B7BA9EF84764F604468FA498B286D734D989CFD2
            Function 02DE245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
            Download Yara Rule
            Strings
            • apphelp.dll, xrefs: 02DE2462
            • minkernel\ntdll\ldrinit.c, xrefs: 02E2A9A2
            • LdrpDynamicShimModule, xrefs: 02E2A998
            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 02E2A992
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-176724104
            • Opcode ID: 3973beaa101a0b64f37a73bab1dbd3ca7f4c88fbf1e4bbabff4542fa75ab794a
            • Instruction ID: f4352e365346a0042064b54de51970bb8a8289da5186aac6e112e2298f9eab31
            • Opcode Fuzzy Hash: 3973beaa101a0b64f37a73bab1dbd3ca7f4c88fbf1e4bbabff4542fa75ab794a
            • Instruction Fuzzy Hash: 3B316A71EC0211ABDF22AF5AE845AAB77B9FF84704F558869F80367340C7709C95CB90
            Function 02DD29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
            Download Yara Rule
            Strings
            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 02DD327D
            • HEAP: , xrefs: 02DD3264
            • HEAP[%wZ]: , xrefs: 02DD3255
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
            • API String ID: 0-617086771
            • Opcode ID: 9a8e92c3a63c2534db786980d2e22501bd03ef96001c865fa28fc86094b59e31
            • Instruction ID: e2496da378535bf2915e3c7cbaaf176bc5b32f7ebe1bf9252dae167e22a14415
            • Opcode Fuzzy Hash: 9a8e92c3a63c2534db786980d2e22501bd03ef96001c865fa28fc86094b59e31
            • Instruction Fuzzy Hash: B092CC71A04A499FDB25CF68C444BAEBBF1FF48304F188499E899AB392D334AD45CF51
            Function 02DD0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-4253913091
            • Opcode ID: b3efa2b51ec97e24291a5912e19c31596cc4cd69a6d39edf59462f7a481b54b8
            • Instruction ID: 3847982f042cf1f9b6c603c2887aa9d181c56a97eb8aee54c39291715c0196e0
            • Opcode Fuzzy Hash: b3efa2b51ec97e24291a5912e19c31596cc4cd69a6d39edf59462f7a481b54b8
            • Instruction Fuzzy Hash: 7AF19C71A40A05DFEB19DF68C994B6AB7B5FF84308F148168E45A9B381D730ED85CFA0
            Function 02DBA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: FilterFullPath$UseFilter$\??\
            • API String ID: 0-2779062949
            • Opcode ID: 5b324b59321f892cbee554780395a9ea895339922688dcf83d06061a9f82b59e
            • Instruction ID: 565a380d153ad245073a8c08e3fb86fb0add8f3db8cdfd53e03901712d83e478
            • Opcode Fuzzy Hash: 5b324b59321f892cbee554780395a9ea895339922688dcf83d06061a9f82b59e
            • Instruction Fuzzy Hash: FAA18C719806299BDB31DF24CC88BEAB7B8EF04704F1091EAE909E7250D7359E85CF51
            Function 02DE0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 02E2A121
            • Failed to allocated memory for shimmed module list, xrefs: 02E2A10F
            • LdrpCheckModule, xrefs: 02E2A117
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
            • API String ID: 0-161242083
            • Opcode ID: d869dac3033da39beda62a65dd6482cccb56fbf46824e1758a8d7507da03ec42
            • Instruction ID: aa02828ceb194d02101640718d16121c700711c30bdf1f7e26abde9e92fc09b8
            • Opcode Fuzzy Hash: d869dac3033da39beda62a65dd6482cccb56fbf46824e1758a8d7507da03ec42
            • Instruction Fuzzy Hash: 2271DD70E802059FDF15EF68C980BAEB7B5EB48308F548869D943A7350E774AD89CB60
            Function 02DD0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-1334570610
            • Opcode ID: fcf30f9f09964ea7e5c5f80bb7140c514397349935d68bf27ef85bf5f9b2bce3
            • Instruction ID: e20f28a981c6285321461986bb92e1512d0dfce107e94762d53bd473b7d1ad44
            • Opcode Fuzzy Hash: fcf30f9f09964ea7e5c5f80bb7140c514397349935d68bf27ef85bf5f9b2bce3
            • Instruction Fuzzy Hash: 0161BA30644701DFDB29CF24C580B6ABBE1FF85309F55946AE89A8B386D770E885CB90
            Function 02DFC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
            Download Yara Rule
            Strings
            • Failed to reallocate the system dirs string !, xrefs: 02E382D7
            • LdrpInitializePerUserWindowsDirectory, xrefs: 02E382DE
            • minkernel\ntdll\ldrinit.c, xrefs: 02E382E8
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1783798831
            • Opcode ID: 23183edcc2833543241f085260393d257e529e73609d4ff6ade363a9abbf5fd0
            • Instruction ID: 9444a4cf8df146d9de26365bc74784b8804e74e47f234d8497736a681fe7ce73
            • Opcode Fuzzy Hash: 23183edcc2833543241f085260393d257e529e73609d4ff6ade363a9abbf5fd0
            • Instruction Fuzzy Hash: CD41FF71AD0304ABDB22EB35E884B5B77E9EF44710F41892ABA4993390E770DC50CFA5
            Function 02E7C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
            Download Yara Rule
            Strings
            • PreferredUILanguages, xrefs: 02E7C212
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 02E7C1C5
            • @, xrefs: 02E7C1F1
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
            • API String ID: 0-2968386058
            • Opcode ID: 9ff439e3cacc0cf48d017485029f22091e3f0be054dfe26cf9cc3c7d5f918010
            • Instruction ID: 6fddc3031cef06b3df52a2d4fc6b4a69363ffd615ccbcf5db063e1c107313bcc
            • Opcode Fuzzy Hash: 9ff439e3cacc0cf48d017485029f22091e3f0be054dfe26cf9cc3c7d5f918010
            • Instruction Fuzzy Hash: 16418371940649EBDB11DED4C894BEEB7BDAB14B08F10906BEA05F7280D7749E45CB60
            Function 02E54144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
            • API String ID: 0-1373925480
            • Opcode ID: ff9130fe2011c1288c34442c7d2d46023e9c76b3bfdd243fba5893a5225f46a6
            • Instruction ID: 2c76a99ec2c5a1fbb8736c363db6b00266914b448c1fc982d9d33e240906eff6
            • Opcode Fuzzy Hash: ff9130fe2011c1288c34442c7d2d46023e9c76b3bfdd243fba5893a5225f46a6
            • Instruction Fuzzy Hash: 054123319906688BEB21DF95C944BADB7B9EF45348F14445AED05FB7C0DB348981CF21
            Function 02E44755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 02E44888
            • LdrpCheckRedirection, xrefs: 02E4488F
            • minkernel\ntdll\ldrredirect.c, xrefs: 02E44899
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-3154609507
            • Opcode ID: 6dd06a731ec3e748112ab6384e6b78e67d5fa9ea6bde9f9b77d03a52c5080a11
            • Instruction ID: 270d53084da3a01da2338775d127a64c56fe06c299d51b4aafa430c4df9c5945
            • Opcode Fuzzy Hash: 6dd06a731ec3e748112ab6384e6b78e67d5fa9ea6bde9f9b77d03a52c5080a11
            • Instruction Fuzzy Hash: 3841D172B806A09BCB21CE29E844F67BBE5AF4D758B059559FC8997391EB30D800CB91
            Function 02DD0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-2558761708
            • Opcode ID: 37199fe31ff696519b65bb89d3a2a11b4c049060dd519f86f062584b4487ca20
            • Instruction ID: 07f937845b1ab3b822bdff64d12d6ec2f6b82fec923de4f026148978eccc4258
            • Opcode Fuzzy Hash: 37199fe31ff696519b65bb89d3a2a11b4c049060dd519f86f062584b4487ca20
            • Instruction Fuzzy Hash: D611AC313985519FEB1DCA14D854BBAF3A5EF84B2AF55912AE4079B350EB30DC48CAA0
            Function 02E420DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
            Download Yara Rule
            Strings
            • Process initialization failed with status 0x%08lx, xrefs: 02E420F3
            • minkernel\ntdll\ldrinit.c, xrefs: 02E42104
            • LdrpInitializationFailure, xrefs: 02E420FA
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2986994758
            • Opcode ID: dcd233a003ba867e09c63ddd2feabd6526a713675fc4b719160e1546d6a1b37f
            • Instruction ID: 4baf3a692aa2d6d9d907d4bbc817a1d0bf075e48dd178bf3f69d93dc182f4b02
            • Opcode Fuzzy Hash: dcd233a003ba867e09c63ddd2feabd6526a713675fc4b719160e1546d6a1b37f
            • Instruction Fuzzy Hash: 3FF02830AC0218BBEB14D659EC57F963768EB40B48F404454FB0177780D6B0AD44CA91
            Function 02DD03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: #%u
            • API String ID: 48624451-232158463
            • Opcode ID: 4793e70558a06b44050145aaf129b457ef199727ac06b9da5b82f6a667a1e581
            • Instruction ID: 9c660ff67dfcdc9875bc88f1af8da3d93f8404cdeb5c296173d87a973b8ddf03
            • Opcode Fuzzy Hash: 4793e70558a06b44050145aaf129b457ef199727ac06b9da5b82f6a667a1e581
            • Instruction Fuzzy Hash: ED716871A4050A9FDB01DFA8C990FAEB7B9EF08304F144065E901A7291EB74ED45CFA1
            Function 02DCA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
            Download Yara Rule
            Strings
            • LdrResSearchResource Exit, xrefs: 02DCAA25
            • LdrResSearchResource Enter, xrefs: 02DCAA13
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
            • API String ID: 0-4066393604
            • Opcode ID: 2d9ea69e289f6216e0ad0f7e20008d7c00a105909493ec50b6cd8eda4782a6d9
            • Instruction ID: 4aadcc7fdc0ee4c7a2606abaea7053babbdeeb3c867eccb69bb613c696e6a442
            • Opcode Fuzzy Hash: 2d9ea69e289f6216e0ad0f7e20008d7c00a105909493ec50b6cd8eda4782a6d9
            • Instruction Fuzzy Hash: 2AE16271E4422A9BEF21CE95C940BAEB7BAEF04318F24516AE902E7350D774DD45CB50
            Function 02E8A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: `$`
            • API String ID: 0-197956300
            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction ID: b163a8f24fe95c57703749b4c0a4675f8a87d98d9fb18f6d6eb1d767efdedd18
            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction Fuzzy Hash: 15C1C0312843419BDB24EF24C841B6BBBE6AF84318F089A3EF9DD8A390D775D545CB51
            Function 02E3E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Legacy$UEFI
            • API String ID: 2994545307-634100481
            • Opcode ID: 981a6a68cc80c9ae380abbb33663b0c021fbff8588ccc8f281b046f4a9b496e5
            • Instruction ID: d7712d600158b8a978d5ea46c6b871540e2f1a30f47303c71c2f9ca57220511f
            • Opcode Fuzzy Hash: 981a6a68cc80c9ae380abbb33663b0c021fbff8588ccc8f281b046f4a9b496e5
            • Instruction Fuzzy Hash: 09616971E807089FDB15DFA88884BAEBBF9FF44705F189069E649EB281D731AD40CB50
            Function 02E643D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$MUI
            • API String ID: 0-17815947
            • Opcode ID: 03b4fc1851f36c974f1d5cc1fe4c76ff5f3587f27409a699a54094124ec837ca
            • Instruction ID: 08af69e73c1266429f2c45527c458172d123a820d1feec698771cbfec411fd03
            • Opcode Fuzzy Hash: 03b4fc1851f36c974f1d5cc1fe4c76ff5f3587f27409a699a54094124ec837ca
            • Instruction Fuzzy Hash: 83513971E8021DAEDF21DFA5CC84AEEBBB9EB04798F104529EA11B7290D7309D45CF60
            Function 02DC04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
            Download Yara Rule
            Strings
            • kLsE, xrefs: 02DC0540
            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 02DC063D
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
            • API String ID: 0-2547482624
            • Opcode ID: 7d3a75998d5951e1fa7978c0299acc4cfaa50cc2e9e134ad5be01a0e0881abff
            • Instruction ID: d1aab56c34b7cdcf4ae5a980f8d0ef1b38059706f6ecc89279bf432fb55c1a27
            • Opcode Fuzzy Hash: 7d3a75998d5951e1fa7978c0299acc4cfaa50cc2e9e134ad5be01a0e0881abff
            • Instruction Fuzzy Hash: 8A517A71654782CBC724EF74C5447A7B7E5AF88305F20893EE99A87340E7709945CFA2
            Function 02DCA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
            Download Yara Rule
            Strings
            • RtlpResUltimateFallbackInfo Enter, xrefs: 02DCA2FB
            • RtlpResUltimateFallbackInfo Exit, xrefs: 02DCA309
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
            • API String ID: 0-2876891731
            • Opcode ID: 8790bffdd831c96945528924258b159ec7c9de7793b62a23e12bafbf17641de0
            • Instruction ID: 05df7a6c3bc6a55d2eb01d116422e42b8b116190ed1f758c4fc8db93ffe7bd88
            • Opcode Fuzzy Hash: 8790bffdd831c96945528924258b159ec7c9de7793b62a23e12bafbf17641de0
            • Instruction Fuzzy Hash: BD41BD31A4465ADBCB21DFA9C860BAA77B4FF85708F2480A9ED81DB391E735DD00CB50
            Function 02DFA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Cleanup Group$Threadpool!
            • API String ID: 2994545307-4008356553
            • Opcode ID: 0e3e63fcfe30f37aaf218acd165aa665cee45e86bc61821b195e8aecadcad2d2
            • Instruction ID: 379af9d9fd339b30a693f380a997407c057d15d460d66984c258a9e4fb08d558
            • Opcode Fuzzy Hash: 0e3e63fcfe30f37aaf218acd165aa665cee45e86bc61821b195e8aecadcad2d2
            • Instruction Fuzzy Hash: A3018BB2690A80AFE352DF24DD45B1677E8E744719F018939AA48C7290E334D944CB4A
            Function 02DCC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MUI
            • API String ID: 0-1339004836
            • Opcode ID: 5be7d358097007d2b07159de397baf66b05cab8717419c464ca9336646241698
            • Instruction ID: 895ae67fa360cd5115d92ff581c7739c22cebacad16e704837774a17f762463e
            • Opcode Fuzzy Hash: 5be7d358097007d2b07159de397baf66b05cab8717419c464ca9336646241698
            • Instruction Fuzzy Hash: 25824C75E1021A9BDB24CFA9C880BADB7B6FF48714F24816EE959AB350D7309D81CF50
            Function 02E46420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: faf4dd03f57bb21c529a8127031bd3f7dcbe967d743e6bf4cee91427be6cfd5e
            • Instruction ID: 4df673adbbb26e03b29cef0b95c0d278f99b61b081ac469e0716416705f65fde
            • Opcode Fuzzy Hash: faf4dd03f57bb21c529a8127031bd3f7dcbe967d743e6bf4cee91427be6cfd5e
            • Instruction Fuzzy Hash: D5918F71A40219AFDB21EF94DC85FAEB7B9EF49B54F104065F601AB290DB74AD00CFA0
            Function 02E6E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 719c407d4dea40959713f76b7f30a2f3ee66ed9db95444460d58913c4365d9ec
            • Instruction ID: c21e58a082bd44b8a0278e8ab277ba0ce39bbfe7e762c36d343e0e86628409f7
            • Opcode Fuzzy Hash: 719c407d4dea40959713f76b7f30a2f3ee66ed9db95444460d58913c4365d9ec
            • Instruction Fuzzy Hash: DC91C2359C0648AADB26ABA4DC48FFFBB7AEF45784F085025F505A7290D7349D01CBA0
            Function 02DFA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: GlobalTags
            • API String ID: 0-1106856819
            • Opcode ID: 605e20b90f582f176d598d8d4156382bc486c8e12947ca80c6b05ff5840d38a2
            • Instruction ID: d9813f89bcc5e3374bb1f97a2d5324a5d2158a5591936fe9a81b7712796febb1
            • Opcode Fuzzy Hash: 605e20b90f582f176d598d8d4156382bc486c8e12947ca80c6b05ff5840d38a2
            • Instruction Fuzzy Hash: D7718E75E4020AAFDF29CFA8D5946EDBBB6BF48749F14D12AE406A7340D7708841CF68
            Function 02E64978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .mui
            • API String ID: 0-1199573805
            • Opcode ID: 982c926aed2d3430113d09585a00632ddeceb08beb1b6b65b8f2c4e686f6a07e
            • Instruction ID: 69caad36ca4d097e49be92b567e233cce56e9c51f4cfb38ecde3068d07fd33d6
            • Opcode Fuzzy Hash: 982c926aed2d3430113d09585a00632ddeceb08beb1b6b65b8f2c4e686f6a07e
            • Instruction Fuzzy Hash: 4B517272D802269BDF25DF98D848AFEB7B5EF04748F05916AE911B7380D3359C01CBA4
            Function 02DDE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: EXT-
            • API String ID: 0-1948896318
            • Opcode ID: 3536ea24857d85b79ee9dc70cd514422211420d57738ffeebcf1d64670087ce9
            • Instruction ID: ecb8f404d34e046c4acbb5ec884af426ecea2a51bb9f91d338fbb10c11ee9341
            • Opcode Fuzzy Hash: 3536ea24857d85b79ee9dc70cd514422211420d57738ffeebcf1d64670087ce9
            • Instruction Fuzzy Hash: 61419271508751ABD751DA75C880B6BB7E9EF88708F44092DF685EB380E774DD04CBA2
            Function 02E3C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryHash
            • API String ID: 0-2202222882
            • Opcode ID: aa94f31793130e593df7ebfa9061bde1d21bb60d75bf4a46b4361b67f79de059
            • Instruction ID: 37818d984e8e5ea428688572285590b56c9c59b3857da74fea9ff8730993ad93
            • Opcode Fuzzy Hash: aa94f31793130e593df7ebfa9061bde1d21bb60d75bf4a46b4361b67f79de059
            • Instruction Fuzzy Hash: 304167B1D4012CAADB21DA50CC84FDE777DAB44718F1095E6EB08B7140DB70AE89CFA4
            Function 02E56B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: #
            • API String ID: 0-1885708031
            • Opcode ID: a21ff503e065d061067067b25ed4d90acd5a2701849f99cc8c911c96eff7dca4
            • Instruction ID: df9e90008a653955a4b560880f51535f37359581624da75baf39fcc008eac2ff
            • Opcode Fuzzy Hash: a21ff503e065d061067067b25ed4d90acd5a2701849f99cc8c911c96eff7dca4
            • Instruction Fuzzy Hash: 89312631A907689BDB22DB69C850BEEB7BDDF4470CF908068ED41AB281C775DC45CB50
            Function 02E3CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryName
            • API String ID: 0-215506332
            • Opcode ID: 7f38a78bc03cc0d013d74e27c6c3f8818a2747eb36dca1b2c6a05b06924b452f
            • Instruction ID: 2410069411ee828eed46be8fc8a2e123bf5c1ed64f8a78aabd8e4c5f63b3508f
            • Opcode Fuzzy Hash: 7f38a78bc03cc0d013d74e27c6c3f8818a2747eb36dca1b2c6a05b06924b452f
            • Instruction Fuzzy Hash: 97314536940515AFDB16DB59C868EAFB7B4EF80724F21A46AE905B7290D730DE00CBE0
            Function 02E62000 Relevance: .8, Instructions: 757COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c592068692e19c1f8007308b140883acc6f00be3c12be45ab0b8aad6efd4fa3b
            • Instruction ID: 07593d8f4188c8e9158abfea286f2d30589264039cff0e5b6aadbb15c2df17a2
            • Opcode Fuzzy Hash: c592068692e19c1f8007308b140883acc6f00be3c12be45ab0b8aad6efd4fa3b
            • Instruction Fuzzy Hash: 0E42C2326C83418BD725CF64C898B7BB7E5AF88388F48992DFE8697250D770D845CB52
            Function 02E58158 Relevance: .6, Instructions: 617COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: de1bf1aebc0bacc5fd55f3410a81880d1603199171489d8a94c4c1e237a3d902
            • Instruction ID: 634ba60a0393142cdfdb9f2779ec46b97b7114481add17ec7f77c609ab18efe6
            • Opcode Fuzzy Hash: de1bf1aebc0bacc5fd55f3410a81880d1603199171489d8a94c4c1e237a3d902
            • Instruction Fuzzy Hash: BD422875A502298FEB24CF69C881BADBBF6BF48304F14C199E949EB241D7349D85CF60
            Function 02DD2840 Relevance: .6, Instructions: 605COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 506fd8676cb1715d14b30b7fa9bea856572baf1f27ec135f499c6e7e07c3a6c2
            • Instruction ID: e59d3567da579a119e89d227440b7a520358a341749d3ae0a50955a5b1b41ed3
            • Opcode Fuzzy Hash: 506fd8676cb1715d14b30b7fa9bea856572baf1f27ec135f499c6e7e07c3a6c2
            • Instruction Fuzzy Hash: 6632D070A807658BDB28CF69C8447BEB7FABF84308F149619D4869B384DB35A849CF50
            Function 02E6A118 Relevance: .6, Instructions: 591COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b573039fe3da954eacde62b1a2830a7b49eaffc9dad9d36184f656053770c8a3
            • Instruction ID: d4a414dbb9faa87252d6a07feb3c861dc2c22c9d138944bf4122aed14e095433
            • Opcode Fuzzy Hash: b573039fe3da954eacde62b1a2830a7b49eaffc9dad9d36184f656053770c8a3
            • Instruction Fuzzy Hash: DC22E470AC46508BDB24CF29C0583B6B7F1BF45388F18E4A9D896AF786D735E452CB60
            Function 02DC6A50 Relevance: .5, Instructions: 548COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 635e27bd059c5cf042e796e938d340613536ab1ef06bf7a056d585d19a85eb2f
            • Instruction ID: a9e05ff95132170e91e4f57f5f9328d419f15331fb874543a5a6323ade4ce0c6
            • Opcode Fuzzy Hash: 635e27bd059c5cf042e796e938d340613536ab1ef06bf7a056d585d19a85eb2f
            • Instruction Fuzzy Hash: 4F327C71A04215CFCB15CF68C580BAAB7F6FF88304F248569E95AAB392D734ED45CB90
            Function 02DE4A35 Relevance: .4, Instructions: 423COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction ID: d1c8c3e0c239ee5da4ecc23f17d94c480e4e9086e9b027836d4e8145d73a6292
            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction Fuzzy Hash: 6CF17E71E002199BCF19EF95D590BAEB7B6EF48718F048169E946AB340E774DC41CB60
            Function 02DC65D0 Relevance: .4, Instructions: 383COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eefcfa1cc3a1f7da38b4994438816e8890f038a0381ea2d7ca1695192a22d264
            • Instruction ID: 3bc774f9ab5edb77e04e34110956acbea9073c949a34e262b2d935b57cd32837
            • Opcode Fuzzy Hash: eefcfa1cc3a1f7da38b4994438816e8890f038a0381ea2d7ca1695192a22d264
            • Instruction Fuzzy Hash: 36E17C715083428FC718CF28C490A6ABBE5FFC9318F158A6DE99987391DB31ED05CB92
            Function 02DB8397 Relevance: .4, Instructions: 380COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0fe03ef4a779fb29bb1c77882c509466bb800e32778347d64ad9cded36711d3b
            • Instruction ID: 8f7bb18fdd827e98f77137053ab1f03b45ff6ae2bcafe3f4f40a9b1670b214bf
            • Opcode Fuzzy Hash: 0fe03ef4a779fb29bb1c77882c509466bb800e32778347d64ad9cded36711d3b
            • Instruction Fuzzy Hash: F6D1AE71A00606DBDB15DF64C8A0AFAB3AAEF5430CF14862DE956DB380E734DD45DB60
            Function 02E48243 Relevance: .3, Instructions: 322COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction ID: 6ba6d03bc4f2984560db1bc28a3756cbccbf51df4d2dd84652ad73baf779f366
            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction Fuzzy Hash: B7B18E74A40604AFDB64DF94DD40AABB7FAEF84308F10946AAE06A7790DF34ED05CB14
            Function 02DD0535 Relevance: .3, Instructions: 300COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction ID: 5073d600a32234c14b8f04c160ce291d3a9c0852e27275064d6cd0c0e99a77e9
            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction Fuzzy Hash: 6AB11431600A55AFDB25DBA8C850BBEBBF6EF84304F149199E552DB381DB30EE45CB90
            Function 02DC83C0 Relevance: .3, Instructions: 281COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 758389a652cba9aff6f3d66163a93a93f60af9089bbd576dd920389b7e132188
            • Instruction ID: f0e083298844194cbc6c8569c763af604223f2c2ddf57b3d93f265f857bd004d
            • Opcode Fuzzy Hash: 758389a652cba9aff6f3d66163a93a93f60af9089bbd576dd920389b7e132188
            • Instruction Fuzzy Hash: D2C148741183418FD764CF15C484BABB7E5BF88308F54895EE98A8B391D7B4EA48CF92
            Function 02DBC427 Relevance: .3, Instructions: 280COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 974d93e96dca3adb1ee93e7089dcc8cca3b8399647a00f5c617033cb30e3c8d6
            • Instruction ID: 3746b8f210b6f8618209ad92ada44cfb5a2a676164c4289861051f3da50e5367
            • Opcode Fuzzy Hash: 974d93e96dca3adb1ee93e7089dcc8cca3b8399647a00f5c617033cb30e3c8d6
            • Instruction Fuzzy Hash: E1B14C70A102658FDB65DF65C890BA9B3F6FF44704F0085EAD54AAB390EB709D86CF20
            Function 02DEE5E7 Relevance: .3, Instructions: 278COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: efab25ca06d8f59d70ccfeca5a26c14c80092d33d06a0e6a976c85fc0da45c21
            • Instruction ID: b2f7fdcdb382de16cc6f196b5918dc7102d12c187b7dadfdff6b0f3d643596f8
            • Opcode Fuzzy Hash: efab25ca06d8f59d70ccfeca5a26c14c80092d33d06a0e6a976c85fc0da45c21
            • Instruction Fuzzy Hash: 58A16771E806689FDF21EB98C848FAEB7B5EF00728F045165EA42AB7D1D7749C44CB90
            Function 02E00185 Relevance: .3, Instructions: 276COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 50c206c62bd42fdd4b1d8184630860a6a50530a12e1ab182d6d78a7d01dedf00
            • Instruction ID: 3e2c33044461daf332c583068a6d9f892770847fdbba7f8d3ac5ea2da8ef0070
            • Opcode Fuzzy Hash: 50c206c62bd42fdd4b1d8184630860a6a50530a12e1ab182d6d78a7d01dedf00
            • Instruction Fuzzy Hash: E6A11570B81616DFDB25DF65C5D0BAAB3B1FF44318F009029EA45A72C2DB74E896CB50
            Function 02E94500 Relevance: .3, Instructions: 275COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b989e50428b81281692214ad221262e746c42f2dab7acf74fc4e7b1296436330
            • Instruction ID: d3d85f18e9c042275e0582aa8ad6ad66c53040ba5fa6f1f453e7cf6c46bfb597
            • Opcode Fuzzy Hash: b989e50428b81281692214ad221262e746c42f2dab7acf74fc4e7b1296436330
            • Instruction Fuzzy Hash: 83A1EF72A94641AFCB21DF24C980B5AB7E9FF48308F40896AF5859B790C334EC42CF91
            Function 02E92B57 Relevance: .3, Instructions: 266COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction ID: eab49c586eb95a48630c2270e70b2314f8b5bef9159f1b86f2ca5cd4c4354e88
            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction Fuzzy Hash: 25B11771E4061AAFDF29CFA9C880AADB7B5BF48304F14D16AEA15A7354D730A941CB90
            Function 02E460E0 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7533a6fbd1f067a82dbb1093d821c0f822ec3c6f80d55e7cbc4b90f895c82554
            • Instruction ID: 00969092d510ef24d86ecae5aa30ac7158b08529d08b6d983f434b9e1148f47a
            • Opcode Fuzzy Hash: 7533a6fbd1f067a82dbb1093d821c0f822ec3c6f80d55e7cbc4b90f895c82554
            • Instruction Fuzzy Hash: 0A91B271D40215AFCF15CF68E880BAEBBB9EB49708F119159EA14EB350DB34DD009FA4
            Function 02DDE3F0 Relevance: .3, Instructions: 261COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0eeafe6a5b8dee85ee3cea4961062c9249bfeb6a1b55e4a90dcb937466947b72
            • Instruction ID: 8026c9b1bc4e560ca65ff9232a0b176a0265be0a81a124f8a8784d33c62688a7
            • Opcode Fuzzy Hash: 0eeafe6a5b8dee85ee3cea4961062c9249bfeb6a1b55e4a90dcb937466947b72
            • Instruction Fuzzy Hash: 7E916972A40A21CBDB24DF68C844BBE77A2EF88758F159065EC469F381E734ED01CB61
            Function 02E16ACC Relevance: .2, Instructions: 226COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4dd6f2e12fbc18a2dd59340022c017432fed996d8207c0c2104d737da0b576a8
            • Instruction ID: dee09e6e81fc63f67162d021e09bab3bcf6462fc9c214711cdbd9f243277b667
            • Opcode Fuzzy Hash: 4dd6f2e12fbc18a2dd59340022c017432fed996d8207c0c2104d737da0b576a8
            • Instruction Fuzzy Hash: D081C0B1A406199BDB18CF69C990AFEBBF9FB48704F00943EE845E7640E334D940CBA4
            Function 02E8AB40 Relevance: .2, Instructions: 222COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction ID: af7cc3885f6c95bf12f7e5a68f3463288c5a9734abe5e02cbf584c63c70365c7
            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction Fuzzy Hash: 2E817071A406099BCF18DF98C490AAEB7F2AF84314F18D17AE95E9B384DB74E901CB50
            Function 02DFE284 Relevance: .2, Instructions: 212COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 63e3de737e243cc6d0dedb64b784818802a87ef87f414b51c91d3488ef4a240e
            • Instruction ID: 5cc55f549f297fb8848ea54a6c44d0a6fae382697b96cdb10bca4353c4a4b975
            • Opcode Fuzzy Hash: 63e3de737e243cc6d0dedb64b784818802a87ef87f414b51c91d3488ef4a240e
            • Instruction Fuzzy Hash: 89818C71A00609AFDB65CFA5C884BEAB7FAFF48314F118429E695A7360D730AC45CF64
            Function 02DDC640 Relevance: .2, Instructions: 206COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2d33dfb0670a52c3bbd36b946d51c5f23d7e541a15aab09ffed2f1391cfca806
            • Instruction ID: b2666b5d100065287ebdd26a76b1a6bc040698635e6256a255e014a88be0192a
            • Opcode Fuzzy Hash: 2d33dfb0670a52c3bbd36b946d51c5f23d7e541a15aab09ffed2f1391cfca806
            • Instruction Fuzzy Hash: E0711F74C50669EBCB25CF59C8907BEBBB5FF49704F14851BE882AB350D7309848CBA0
            Function 02E747A0 Relevance: .2, Instructions: 202COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 621cafa385b666485b0a8ea79fc0de87dcf8c11edb70637f258f0aa635a5bb67
            • Instruction ID: 040be295024313646fe19a3091c6898a282e8cd32e3b6028b68b15a7719ad666
            • Opcode Fuzzy Hash: 621cafa385b666485b0a8ea79fc0de87dcf8c11edb70637f258f0aa635a5bb67
            • Instruction Fuzzy Hash: 5471AF71EC0204EFCB12DF96D944A9BBBF9EF85308F44E55AE600A7294D7318940EF64
            Function 02DD260B Relevance: .2, Instructions: 201COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7050dc9595d9bfec5c983d6487bbf2278d30bc288952981f5c1f7873d91f4581
            • Instruction ID: e8f94239312e6f8e525e8133e07ee79442f9c45dec10b6086cb3c6664a175c86
            • Opcode Fuzzy Hash: 7050dc9595d9bfec5c983d6487bbf2278d30bc288952981f5c1f7873d91f4581
            • Instruction Fuzzy Hash: DE71E375604A919FC321DF28C484B6AB7E6FF84314F0485AAEC99CB352DB34DC46CBA1
            Function 02E562A0 Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 59c3e9de0042152fc5bcfa1a5d316250f339520bdf49a3a960f83c77591084ba
            • Instruction ID: 4403d15d18e63dcd86388b06cb4b6c060361615e3d58b3cdd413d63053c9d883
            • Opcode Fuzzy Hash: 59c3e9de0042152fc5bcfa1a5d316250f339520bdf49a3a960f83c77591084ba
            • Instruction Fuzzy Hash: D071E232290B11AFD7329F14C884F5AB7FAFF80728F548928EA558B2E0D775E945CB50
            Function 02E4035C Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction ID: 95eb9ee34c21cba58d68576566b3cbafe41b18dd51aa910af52d19343abf8242
            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction Fuzzy Hash: 05716C71A40609AFCB14DFA9D984E9EBBB9FF48304F108569E505AB250DB34EE41CFA0
            Function 02DC8AA0 Relevance: .2, Instructions: 197COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 284de9de89907be2ed333e5c05c528fc4d4d15580c3618c94fb9ff587b8074b1
            • Instruction ID: 4bd27e1481c7f48688927e9ee7291c96977d8e2fd594e244f867c2409f601ac0
            • Opcode Fuzzy Hash: 284de9de89907be2ed333e5c05c528fc4d4d15580c3618c94fb9ff587b8074b1
            • Instruction Fuzzy Hash: A881E272A843168FCB15CF99D584BAEB3B2BF48318F25A12DD905AB381C7359D44DF90
            Function 02E98324 Relevance: .2, Instructions: 192COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e02fb817aeba24bd01f36e26150ec6cd486557186c26ff8ab818bc94c49bf077
            • Instruction ID: d7c4eebc4664d87a68d5c3108f63a34ecc1f616304438c89706947f8dbd33682
            • Opcode Fuzzy Hash: e02fb817aeba24bd01f36e26150ec6cd486557186c26ff8ab818bc94c49bf077
            • Instruction Fuzzy Hash: EC713971E40209AFEF15DF94CC81FEEBBB9EB05354F10816AEA11A6290D774AA45CF90
            Function 02E7A250 Relevance: .2, Instructions: 184COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7b737059e95658f3c7fbae7182512a578561c18e1f9dd20c19513563f55b6c31
            • Instruction ID: 21d4160eec571900bbe094aaf2b064826cfc243f564709eb9f10d40bd1a510b6
            • Opcode Fuzzy Hash: 7b737059e95658f3c7fbae7182512a578561c18e1f9dd20c19513563f55b6c31
            • Instruction Fuzzy Hash: FB51CE72544651AFD321DE68C884E5FB7EAEBC5714F009939BE40DB290E731ED05CBA2
            Function 02E68350 Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c91699543d87dca8d17a5be35dbb76972d1813c2d951f1e627bab6fcce903e02
            • Instruction ID: ac307e53337c9af7cd69095cf099f2a5db4d195d183dc9c46b31f2f6e410b359
            • Opcode Fuzzy Hash: c91699543d87dca8d17a5be35dbb76972d1813c2d951f1e627bab6fcce903e02
            • Instruction Fuzzy Hash: 9D51DF709807049FC720DF56C888AABFBF9BF54754F10961EE29697AA0C7B0A949CF50
            Function 02DFE443 Relevance: .2, Instructions: 158COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 89a34f40053a481b03e0641e6de8680690f8085513ab1c7f891e0461bd27d731
            • Instruction ID: 386ec637d4d6da8479388ba651d44c2e619898205b3c36d59da78daef71c4a2a
            • Opcode Fuzzy Hash: 89a34f40053a481b03e0641e6de8680690f8085513ab1c7f891e0461bd27d731
            • Instruction Fuzzy Hash: 4A515A71640A449FCB62EF68C984EAAB3FAFF08744F414869E64597360D734ED81CF61
            Function 02E64180 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 410b7cb83fd539d2664631825f4f50c84e356d18ccc3d7700932362affbcbd3e
            • Instruction ID: d19078e9c1b40c941c38126f00601ebaf996247469899f5ba57c89dd5470bf68
            • Opcode Fuzzy Hash: 410b7cb83fd539d2664631825f4f50c84e356d18ccc3d7700932362affbcbd3e
            • Instruction Fuzzy Hash: 345189716883458FC764DF29D884A6BB7E6BFC8748F48992DF489C7290D730D905CB52
            Function 02DE45B1 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction ID: fa91fca2fd34e713e43eaf56161fe2b1c65c9f611a06766b9ae8b1a7e0b83b4d
            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction Fuzzy Hash: 26515A71E0021AABCF15EF94C841BEEBBB5AF45758F048069E902AB350D774DE45CBE4
            Function 02E4E9E0 Relevance: .2, Instructions: 154COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction ID: ef685acc64c214b318bf9610828ef8b0db528c58fc6f5336ccec91c17334a582
            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction Fuzzy Hash: D051A371D40609EFDF309F94D8A4BAEB7B9BB00368F19D665E91267290DB309E41CB90
            Function 02E88B28 Relevance: .2, Instructions: 152COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d4558bf9a39cbc12d3f7171b8a145ef815ee41d4229147d84fad4b562f8a5f2
            • Instruction ID: 0f5cd83f86e8aebc6755c7cfa7deb200c13317a7493bf4a795517fb8bdd0844d
            • Opcode Fuzzy Hash: 8d4558bf9a39cbc12d3f7171b8a145ef815ee41d4229147d84fad4b562f8a5f2
            • Instruction Fuzzy Hash: 5E41F6707C26089BD629FB29C994BBBB79AEFC0368F44D219FD9D87284D730D801C691
            Function 02E4CBF0 Relevance: .1, Instructions: 148COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 96be23148e5f35ad2220808bc7ddd5c5b439666c8f38ef2fed62fb03a0124e2b
            • Instruction ID: b296515e278cf6991fbaeeb3614decf2626ee1d3ad61414b503feab564980122
            • Opcode Fuzzy Hash: 96be23148e5f35ad2220808bc7ddd5c5b439666c8f38ef2fed62fb03a0124e2b
            • Instruction Fuzzy Hash: 7D519172D81215DFCB20DF69D880A9FB7B9FF49318B61A91AD545A3310DB30AD41CF90
            Function 02DFA430 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 92f140aecda2ac4f93b5588bb4633180e511a19c6cee888ce549ef8688d577be
            • Instruction ID: 90e5346a80a37f88e3418c2783603555e6aa59a54d719b38530c1578db5a6915
            • Opcode Fuzzy Hash: 92f140aecda2ac4f93b5588bb4633180e511a19c6cee888ce549ef8688d577be
            • Instruction Fuzzy Hash: EF41F631EC0200EBDB5AEF65A884B6A3766EB04708F425429EF0E9B352D771DC50CE68
            Function 02E8A9D3 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction ID: f6320689689064059158f2ca2a7bb851942cfd843a848bbb4cc5892d88a20dd4
            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction Fuzzy Hash: BF41D5716416059FCB24EF14C994A6AB3A9FF80318B04967FE99E87740EB30EC04CB90
            Function 02DF01F8 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 97536b9ba78cbcf841eaebc5ad350be866cfba3c9de4bd9cd15769321e56e8cf
            • Instruction ID: 61bf48b5e82cd85bfc2bd4e1533178982fd523c2ab62a2ef9a23d9c69d14fbad
            • Opcode Fuzzy Hash: 97536b9ba78cbcf841eaebc5ad350be866cfba3c9de4bd9cd15769321e56e8cf
            • Instruction Fuzzy Hash: 6E41EA36A002199BCB50DF98C440AEEF7B5FF48709F16812AEA46EB355D7319C41CBA8
            Function 02DEEBFC Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: da4c9a50fe19e16ea50bb47ffff31701a1e65a5a7b7f9ea336748b74fb46e98f
            • Instruction ID: ff80ae4baca511f6e1e2da68a0e69f659191500b599bc8f5d26109229e9b1c25
            • Opcode Fuzzy Hash: da4c9a50fe19e16ea50bb47ffff31701a1e65a5a7b7f9ea336748b74fb46e98f
            • Instruction Fuzzy Hash: FD4190716047019FDB25EF25C884A1BB7EAFF88328F005929E997C7711EB35E848CB61
            Function 02E02750 Relevance: .1, Instructions: 137COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction ID: 4a97249ee9632228c3fae0f0549e5b059d27e4897020bb64cb12e71c946da715
            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction Fuzzy Hash: 70515B75A40615CFCB15CF98C484AAEF7F2FF84729F2881A9D855A7350D734AE82CB90
            Function 02DC6154 Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ca54eb78f328cafa24221107c205c43c38edf6191c7bc7f774bc891ea763eaca
            • Instruction ID: 7a23e78d6704889b27e06ff05711d5228b4b59f8146522164f9f630efed7ded2
            • Opcode Fuzzy Hash: ca54eb78f328cafa24221107c205c43c38edf6191c7bc7f774bc891ea763eaca
            • Instruction Fuzzy Hash: EA51F1709801169BCB268B24CC45BE9B7BAEF51318F24C2A9D46AA73D1D734DD85CF80
            Function 02DC0BCD Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1db46d7fd397c87e713bb1e0ef8a732d1934410d24c28076775a68b5a745bd94
            • Instruction ID: 9530ae13de6fe21c9f14d3f785da7740ab85ce8a269207b571d1ac6d56b9d40d
            • Opcode Fuzzy Hash: 1db46d7fd397c87e713bb1e0ef8a732d1934410d24c28076775a68b5a745bd94
            • Instruction Fuzzy Hash: DA41BF35A40228DBCB21DF68C940BEA77B9EF45740F0540A9E908AB381D734DE84CFA1
            Function 02E8866E Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction ID: 899a5c3f67680ceff1948e9f333534463f187b45bb264e20d116791f35311630
            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction Fuzzy Hash: E841A475B40109ABDB15EB99CC94AAFB7BAAF84748F549069EC4CD7341D770DD00CB60
            Function 02DC0887 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f2ad59b845bb20e8002babdac5a03e96ff95eabd96baab328417802c2b11279d
            • Instruction ID: 045d68dbcf5515899714c12b6672db2848c92f7a615f709a148d0bf46e46c76a
            • Opcode Fuzzy Hash: f2ad59b845bb20e8002babdac5a03e96ff95eabd96baab328417802c2b11279d
            • Instruction Fuzzy Hash: 0F418171600702DFD729DF64C880A26B7E9FF59309B248A6DE94687750EB30EC45CB90
            Function 02DEA470 Relevance: .1, Instructions: 127COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9a75d3041439098040cc53ab82c1505f599174e2852367e47258a9576155ea1d
            • Instruction ID: c7e79f0428a97e14443af5c06d89537b7c09897d5df5cd061eaf52df19bffadb
            • Opcode Fuzzy Hash: 9a75d3041439098040cc53ab82c1505f599174e2852367e47258a9576155ea1d
            • Instruction Fuzzy Hash: 43419C31980229CFDF25EF69C8A47AA77B1EF08318F4455A5D812AB391DB34ED50CFA0
            Function 02DC8BF0 Relevance: .1, Instructions: 124COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: db9e6004e566b404f71a91da7ff2f66fd331504442bea7af47a85ab3920c701f
            • Instruction ID: 3eda47d93633e4ccf19f8b3cd637b050740d6c3bda1547cfe2055629cf5511da
            • Opcode Fuzzy Hash: db9e6004e566b404f71a91da7ff2f66fd331504442bea7af47a85ab3920c701f
            • Instruction Fuzzy Hash: 2141F571981212CFC7169F5ACA80A5AB7B2FF84718F64942ED8019B392C775DC41DFA0
            Function 02DBA020 Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction ID: 7a76e8664d2357c3f71da0cc6e6b989afdd192e247e23f941bc834c3a5c99293
            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction Fuzzy Hash: 96411931A00211DBDB22DE6688607FEB762EF4875DF26D07EE8469B384DB318D40CB91
            Function 02DC09AD Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e4e9964ce9a0e79416f7395113cb7f3c2e750c347b0ef8ed48a3f570f1cc15bc
            • Instruction ID: 8d46ac347b540b3023615530c181e928a694432ca233bff835bebe6ab5f8a810
            • Opcode Fuzzy Hash: e4e9964ce9a0e79416f7395113cb7f3c2e750c347b0ef8ed48a3f570f1cc15bc
            • Instruction Fuzzy Hash: AF415471644602EFD721CF28C840B26B7A5EF48715F64896EE889CB351E771ED42CF90
            Function 02DF0710 Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction ID: 7d64de9a92611981a4e72b4666a377afbe7b5de1633d5b812cf266031f25274d
            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction Fuzzy Hash: E4414875A00605EFCB64DF98C980AAAB7F9EF08301B1149ADE656D7395D330EE44CF94
            Function 02DC262C Relevance: .1, Instructions: 119COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5f14877ff416881a4e4a5aa9049f4f52108f1bf234b774625840a487ec86eaa1
            • Instruction ID: c8e414ee70c71f53a69cb1b37967007bf7fe25479c0552c9a01ff1aea64f7e71
            • Opcode Fuzzy Hash: 5f14877ff416881a4e4a5aa9049f4f52108f1bf234b774625840a487ec86eaa1
            • Instruction Fuzzy Hash: 46418C71981701CFCB22EF64C944B5AB7B6EF44310F2486AED8069B7A1DB309D81CFA1
            Function 02DFC8F9 Relevance: .1, Instructions: 116COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e08b074e6b57b0160ce5bece971ca8803af2eea3d1abd85d1c5260f5a91e5d3
            • Instruction ID: 7fd1ca7d9171972fe3d88800eb08944b939084d5015b2912f7c61f1c2c1576c1
            • Opcode Fuzzy Hash: 6e08b074e6b57b0160ce5bece971ca8803af2eea3d1abd85d1c5260f5a91e5d3
            • Instruction Fuzzy Hash: 363199B2A50348DFDB52CF68C040799BBF5EB08729F2185AAE519EB351D3329D02CF94
            Function 02E407C3 Relevance: .1, Instructions: 114COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52c8ed735e790e49f8398b443a637642d58477cb80b4c08ca46f747627262339
            • Instruction ID: 8778d1ea2d459b7f01fe411b98beb70266eb1cc6e45f85251cde7acafb55e718
            • Opcode Fuzzy Hash: 52c8ed735e790e49f8398b443a637642d58477cb80b4c08ca46f747627262339
            • Instruction Fuzzy Hash: 5E418D719483409BD720DF25D844B9BBBE8FF88754F408A2EF69897290DB709945CFA2
            Function 02DB80A0 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bee65db52c2895d821c290efdec991d03e2e9ce2efc06593255118bd7ef57749
            • Instruction ID: f5906eb062cec4f84dffa222ac5e3cd6ed12d8c95df9117d1e455e7ae0aff4f1
            • Opcode Fuzzy Hash: bee65db52c2895d821c290efdec991d03e2e9ce2efc06593255118bd7ef57749
            • Instruction Fuzzy Hash: CC41AF71A06615DFCB02DF54C8506E8B7BAFF447A4F248229D816E7380D730ED41DB90
            Function 02E405A7 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: da6c2ce6cf8b5a95ef09f3c11b5809ca9b9d1efe91afcfbddcaad551d953161f
            • Instruction ID: da2cf1513c2453ef190c6dc8e29713d667587b0cbb6553cd315d0bb3824d78eb
            • Opcode Fuzzy Hash: da6c2ce6cf8b5a95ef09f3c11b5809ca9b9d1efe91afcfbddcaad551d953161f
            • Instruction Fuzzy Hash: 604105726447519FC324DF68D880B6AB3E5FFC8704F048A6DF95587680EB34E905CBA6
            Function 02DB8B50 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 774e8ae694a20a5e29d7eb5dba1266a8d6cbab5254e3b043f6d90ae5dd94d9b6
            • Instruction ID: 03d92c313f37b1c95d9aa16ede6f4abc6106dd108e75f750feb85f84fa39a5d2
            • Opcode Fuzzy Hash: 774e8ae694a20a5e29d7eb5dba1266a8d6cbab5254e3b043f6d90ae5dd94d9b6
            • Instruction Fuzzy Hash: 5F4168B1A02604CFCB15DF68C990ADDB7B6EF88724B20862AD466E73A0D730AD41DB50
            Function 02DC4859 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8b2dd63374d121f41fe0d179df55f2c22c3819905ce2de0656847159feedf0b8
            • Instruction ID: 11dc9270f5e513523d87113fe4ff763b5a5696aace048c1e66b5c2148994b288
            • Opcode Fuzzy Hash: 8b2dd63374d121f41fe0d179df55f2c22c3819905ce2de0656847159feedf0b8
            • Instruction Fuzzy Hash: B741D3306043128FC729DF28D8A4B2AB7EAFF84364F24492DE9859B391DB30DD51CB91
            Function 02DD02E1 Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction ID: fb8bbc2b14aa078a9d6c096b79452c3b27a4d02bb8367702d956987ce7ebcc70
            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction Fuzzy Hash: E2310931A08644AFDB229B78CC84BDEBBE9EF84354F0481A5E895D7391C774DD84CBA4
            Function 02E6E3DB Relevance: .1, Instructions: 105COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7350c2d2420d13e7673baa802df0e640b041cc1d0f7b2f320696fdb5c903a76f
            • Instruction ID: 8999dcb9ff4863724f4792785eabde6ca3a3bb86799f08a908dfe5a323540533
            • Opcode Fuzzy Hash: 7350c2d2420d13e7673baa802df0e640b041cc1d0f7b2f320696fdb5c903a76f
            • Instruction Fuzzy Hash: 8B31A8357C0745ABD726AF758C85FBB76A5EB48B54F004068FA00AB7D1DAA4DC00CBA0
            Function 02E74B4B Relevance: .1, Instructions: 104COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7810a339f1713fc9edecc002d52377b6672b021493136c1263bba0663f6798ec
            • Instruction ID: 5cd04f62f2d054c064371e33401e66052b1d142c33a2efdd79f2889cb1c27ea0
            • Opcode Fuzzy Hash: 7810a339f1713fc9edecc002d52377b6672b021493136c1263bba0663f6798ec
            • Instruction Fuzzy Hash: 4931C3326856008FC321DF1AD890F66B3FAFB85358F46986DE8559B291D730AC50CFA1
            Function 02DC4260 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 35a60286f2d4e6fe588fc017aae6d5fe1c12a0e2f73921f6f7a937ff630f8fc1
            • Instruction ID: 5c317ea40f284b6dccf1b4ddd496c1c98f3538a0b181db629434599984377325
            • Opcode Fuzzy Hash: 35a60286f2d4e6fe588fc017aae6d5fe1c12a0e2f73921f6f7a937ff630f8fc1
            • Instruction Fuzzy Hash: C941AF32280B469FC722CF64C591BE777E9AB54318F10846EE59A8B391C774E845CF60
            Function 02E74BB0 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ffb8ef0854ff537d09ed8856ba91ce6bf56c6b00a7f282d30a58b2fdbe12b55a
            • Instruction ID: 25a988ae74176b0f8b5291153e51e562aa136357a6d9ee00dd220038333ba599
            • Opcode Fuzzy Hash: ffb8ef0854ff537d09ed8856ba91ce6bf56c6b00a7f282d30a58b2fdbe12b55a
            • Instruction Fuzzy Hash: 0B31AF726842018FD320DF29C891EAAB3F9FB84718F06996DF8559B391D730EC54CBA1
            Function 02E3EB1D Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: aa5149feb20b110dcef578dfc3d01050726b1c33a97b0d2a54be2fd621275439
            • Instruction ID: 76ab674cb1981052d5f236b90f8e187a8d4fb7f3c6fc0c96f83ac236167a0a6e
            • Opcode Fuzzy Hash: aa5149feb20b110dcef578dfc3d01050726b1c33a97b0d2a54be2fd621275439
            • Instruction Fuzzy Hash: 99310F31280AC59BE3375758C95CFA977D9EF40B4DF1D90A0AA418B7D2DB28DC40CA21
            Function 02E861C3 Relevance: .1, Instructions: 97COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 03916f8f1051ae2bd3a8881cdaa79a095c4a0f3f01c37a412051c6fd317c58e5
            • Instruction ID: 5d82e4ab8f09c9bbe1c9d320c798cc0e75a8dccf83eaca8fe409f4cd597e2cfd
            • Opcode Fuzzy Hash: 03916f8f1051ae2bd3a8881cdaa79a095c4a0f3f01c37a412051c6fd317c58e5
            • Instruction Fuzzy Hash: D4312775A40115EBDB15DF98CC80FAEB3B9FB44744F4081A8E948EB280D770ED41CBA1
            Function 02DEEB20 Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 289e0a9505826d19e56c4cd6068b3705da7ab211820ae5e54918919a9c0eb25f
            • Instruction ID: 2fd55431f26d44b26a4717cfbb68fd385c11f7ff01d7d7b6bd22ae16c38ecdd9
            • Opcode Fuzzy Hash: 289e0a9505826d19e56c4cd6068b3705da7ab211820ae5e54918919a9c0eb25f
            • Instruction Fuzzy Hash: 26319072E40618AFDB21EFA9C840BAEB7FAEF04760F118465E856E7350D7709E00CB90
            Function 02E6483A Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7847a8a82747177aa580cb4f02fcc05ab34c2234cc9741ca929991bc16ae09a3
            • Instruction ID: b659f920366ba069a41bc8acae153c48c341a8b6df846362b617c91117390220
            • Opcode Fuzzy Hash: 7847a8a82747177aa580cb4f02fcc05ab34c2234cc9741ca929991bc16ae09a3
            • Instruction Fuzzy Hash: F8313576AC012DABCB31DF54DD88BDE7BBAFB98354F1440E5A508A7250DB309E918F90
            Function 02E860B8 Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bab996519c16fb7f2f325a334f57014a968fc338f661ecc4c87d949a4fa76276
            • Instruction ID: e6aef687687f0f16d222575e4281e1532abb583f4e8017a02cdca92fe3b199ab
            • Opcode Fuzzy Hash: bab996519c16fb7f2f325a334f57014a968fc338f661ecc4c87d949a4fa76276
            • Instruction Fuzzy Hash: FA31B671AC0605AFDB23AF99C850BBBB7BAEF44754F049069E54DDB352DA30DD018BA0
            Function 02DC07AF Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 66fcea269b33d292417e9d8bd3fd02656e9a362c32ab6e5d5cb964b78330e4a1
            • Instruction ID: 8becb91c8e05b39b9d33e04907069e9f36f54e3af6332213d2ee2cbe37e43eb6
            • Opcode Fuzzy Hash: 66fcea269b33d292417e9d8bd3fd02656e9a362c32ab6e5d5cb964b78330e4a1
            • Instruction Fuzzy Hash: 3131F672A08752DBD712EE248840AABB7A6EF84751F21852DFD56A7310DB30DC01CBE1
            Function 02DC8550 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8a6a495c3fde0c9bfe797cffbf8de6fa0d2f0aaeaea0eb947f7b765c780f2141
            • Instruction ID: b0af80d2287aa326777cc74e8d96900bff4efe403467c6fdd9b14a8b5bb4e163
            • Opcode Fuzzy Hash: 8a6a495c3fde0c9bfe797cffbf8de6fa0d2f0aaeaea0eb947f7b765c780f2141
            • Instruction Fuzzy Hash: 0E318B716193128FD721CF19C840F6AB7E5EB88704F248A6DE98597390D7B1EC48CBA1
            Function 02DFA6C7 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction ID: 5c7dcdc6e9f13c0585f217f26cf0e946a0d8ba3be2cd41e0c85f0d0020e00c11
            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction Fuzzy Hash: E0311672B04B01AFD7A1CF69DD84B56B7F8AB08A54F15492DA69AC3750E730E900CB68
            Function 02E6EBD0 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f7afd24e3161c6c75fc7133d9094d99363bfb36a7d317442ac9f8926b54ed099
            • Instruction ID: 46632bd3d125bac88fbb2757d582c3aabb3a215edac2b079392a88817ce7a863
            • Opcode Fuzzy Hash: f7afd24e3161c6c75fc7133d9094d99363bfb36a7d317442ac9f8926b54ed099
            • Instruction Fuzzy Hash: 5331BC75585381CFC712DF19C4459AABBF6FF89758F4899AAE8889B381D3309D00CF92
            Function 02DE438F Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 33947f8717de92955ffb57274d5084cfab0f8cd93f1b985e673b1244a40f5236
            • Instruction ID: e6b4363780e75bbe14eda54868d64b29b67cf787bc00218e11755e47dd006808
            • Opcode Fuzzy Hash: 33947f8717de92955ffb57274d5084cfab0f8cd93f1b985e673b1244a40f5236
            • Instruction Fuzzy Hash: B1318B32B406459BCB20EFA9C981B6AB7FAAF84308F00856AD546D7250D770EE45CBA0
            Function 02DBCB7E Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction ID: 4968edf5dbd09991e6e3b81f6cf81f32d56615bd2ffe4d9bf37355f1012b0589
            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction Fuzzy Hash: 0521EE36E4125AAACB129FB98811BFFB7B6AF14744F0580769D56EB340E230CD00CBA0
            Function 02E7C3CD Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction ID: c24a7028fc6107074fb3435d7cb1f6d6830fa4437f21b74b7a2acb126d43f27a
            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction Fuzzy Hash: A9210836640A51B6CB25AFA58C00ABBB7BAEF40714F50F42BFA95C6691F734DD40C7A0
            Function 02DBC156 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cf22e2faf71426734364de3992bedea613ffbce3eac1bdd498cf5a478b3b943d
            • Instruction ID: 4581aadc2d5ae6f1a57a4ef0fcc0a6d362c479bd9694e489d55228163281daf6
            • Opcode Fuzzy Hash: cf22e2faf71426734364de3992bedea613ffbce3eac1bdd498cf5a478b3b943d
            • Instruction Fuzzy Hash: D8310B715402009BCB21AF28CC51BA97775EF41318F94D6B9DC859B342EB74DD86CFA0
            Function 02DBE420 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 28743a5a753ae78e716dfb9ad073fa68e6e6e7024d67b9486a376f1bb1743550
            • Instruction ID: bcf186064df69a06f97a51f344e4d9e1f96a0dd51af26ea0abf17ff4e547eef2
            • Opcode Fuzzy Hash: 28743a5a753ae78e716dfb9ad073fa68e6e6e7024d67b9486a376f1bb1743550
            • Instruction Fuzzy Hash: B831AF31A40528DBDB229E14CC91FEAB7AAEF05740F8104A5E646A7390D6B4DE80CEA1
            Function 02DF44B0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0fda0c72a09c11f1d4c0a50b212caee69cc3c78ac8a890b9dc4b382acd886c38
            • Instruction ID: e28b6130cfffc8a187c98cd17458b5ce06c6794f3ceeb29e948852e0e015c8e1
            • Opcode Fuzzy Hash: 0fda0c72a09c11f1d4c0a50b212caee69cc3c78ac8a890b9dc4b382acd886c38
            • Instruction Fuzzy Hash: C421AE726087459BCB22EF58D880B6B77E5EF88764F028519FA599B340D730ED01CFA6
            Function 02DF4588 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction ID: 7414f4484270ae470dcdc0b9d69944414546271391f814fe41f0d787f33fe81e
            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction Fuzzy Hash: E6218D32A00648ABCB51CF68C980A8BBBA6FF48714F118069EF199B341D670EE05CB94
            Function 02DBE388 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction ID: 83c3696a3e0ac0652e16e93d6ba7f824e021b5263c6599cd87c4b3de539a8868
            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction Fuzzy Hash: AC319A31600604EFD722CF68C894FAAB7F9EF48358F1045A9E5528B794E770EE02CB50
            Function 02E3E609 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 407c66e01db05c83812327af1871f84322fc442da2d9e6b919f944d6a6a5d7aa
            • Instruction ID: 4d5b68726e5d0e0814744a07bb6ce67f1100812477a0e9252aa64784e732f280
            • Opcode Fuzzy Hash: 407c66e01db05c83812327af1871f84322fc442da2d9e6b919f944d6a6a5d7aa
            • Instruction Fuzzy Hash: 93318275A40205DFCB16CF18C588AAE77B5FFC4304B199459E81A9B392E771EA50CB90
            Function 02E406F1 Relevance: .1, Instructions: 79COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a9321be6cce3007ad9f825c5498c6662c34f3ed85bf90a8749682ca037855fb4
            • Instruction ID: f3f07f4585ba484229981e8158cc681ce6db93d7431baad0e29d950282d5d27c
            • Opcode Fuzzy Hash: a9321be6cce3007ad9f825c5498c6662c34f3ed85bf90a8749682ca037855fb4
            • Instruction Fuzzy Hash: C521AD71A406299BCF15EF59D881ABEB7F4FF48744F404069EA41AB240D738AD52CFA1
            Function 02E4019F Relevance: .1, Instructions: 78COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2edb61632ef928bc4d0cfd79e47843542512c80cf6d0939f74ca2337d5c4caa2
            • Instruction ID: f818c4b5b5cee5af0feaff7e161f99be43d66c1a6290fd3bb8cfef3b0d55ed89
            • Opcode Fuzzy Hash: 2edb61632ef928bc4d0cfd79e47843542512c80cf6d0939f74ca2337d5c4caa2
            • Instruction Fuzzy Hash: 7521AE71A40A44AFC716DB68D880F6AB7B8FF48744F1440A9F904D7791DB34ED40CBA8
            Function 02E40283 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 100cae6a8be90a321ac7fd8cd6fffd2d51608993f20b0a31a70b0f2715fe6127
            • Instruction ID: 32804852eeb3f8f23df5bce201e5cb9ed7947d1a74dc4a7945c3631f3e847eea
            • Opcode Fuzzy Hash: 100cae6a8be90a321ac7fd8cd6fffd2d51608993f20b0a31a70b0f2715fe6127
            • Instruction Fuzzy Hash: D221D3729487459BC715EF59E844F6BBBDCEF8134CF088866BE84C7251DB34C904CAA2
            Function 02DE2835 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0c1e43cdeaa047fdd6db1578f8c1f952b89631244728275a0a7a361018d0fb34
            • Instruction ID: 80a4afc71bd6265e245214219fe388623e7978e4e6411474c98e1f0fa6fa5afe
            • Opcode Fuzzy Hash: 0c1e43cdeaa047fdd6db1578f8c1f952b89631244728275a0a7a361018d0fb34
            • Instruction Fuzzy Hash: 912107316846919BE72267288C48F243799EF4276CF2803B0F9729B7D1DB68CC01CA11
            Function 02DFA30B Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6be7fdd46846e0f48fdccc30fe96d2647d6c1169816bb8cfc355012c892277f9
            • Instruction ID: 83c587c319662fec5aade91f1722e0927616d9338cd7ef7bfe3f06fc7f70db66
            • Opcode Fuzzy Hash: 6be7fdd46846e0f48fdccc30fe96d2647d6c1169816bb8cfc355012c892277f9
            • Instruction Fuzzy Hash: 35219F35240A51AFCB25DF69CD01B5673F9EF48B48F148869A549CBB61E331EC42CF98
            Function 02E7A49A Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2eb7198034074651c7654229c440459d95472531a6e8937f76def035b957b9ca
            • Instruction ID: 0969b53ed862d84994edbae1fbdf137e6dc9856f00a53256081e0b13bf9eb32c
            • Opcode Fuzzy Hash: 2eb7198034074651c7654229c440459d95472531a6e8937f76def035b957b9ca
            • Instruction Fuzzy Hash: 291106723C0A11BFE32256649C41F6F769ADBC4B64F218438BB08DB3C0EA70DC018BA5
            Function 02E40946 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8e5076994cea550b3edf0923e7de0c8fa2c5b476c1445bd44d275d7cc7421717
            • Instruction ID: 0405620cc843efe4da39ebbf22ffc02169a8035750f20a7e1a87950826dea64c
            • Opcode Fuzzy Hash: 8e5076994cea550b3edf0923e7de0c8fa2c5b476c1445bd44d275d7cc7421717
            • Instruction Fuzzy Hash: 1D210AB1E40208ABDB14DFAAD9819AEFBF9EF98704F10412EE505A7240DB709941CF60
            Function 02E580A8 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction ID: b806bb06bb8e3d496e08c3de4b68c1e7d3deb69fb3186701db9a6ad47159895c
            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction Fuzzy Hash: 59216D72A50219AFDB12DF98CD40BAEBBBAEF48310F205859F900A7250D734DD90CF60
            Function 02DF0124 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction ID: a9fc29a5325fc7b139f47ec46282851cd787957d35c4eaa6f7b2bc2c78128d8a
            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction Fuzzy Hash: 6311EF73600604AFD7229F54CC80FDABBB9EB80759F124029FB048B290D671EE44CB68
            Function 02DC8770 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 03e51a8e5bb8b1b5aa7842a217d288bbc0f6014b653959c794b334531b547876
            • Instruction ID: 79489cc96a35a89adf534f931c1449fce1c82b0f0b54e27ac1dfe9983eaa2dc5
            • Opcode Fuzzy Hash: 03e51a8e5bb8b1b5aa7842a217d288bbc0f6014b653959c794b334531b547876
            • Instruction Fuzzy Hash: 42115B356016229BDB12CF49C580E66B7E9AF4A754B28807DED09DF304E7B2ED01DB90
            Function 02DFAAEE Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction ID: 4b4c8576864db68b5581c0653b1d12ee1dd2a0b72cd72439eadc934a479e939d
            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction Fuzzy Hash: 6E217472640A41DFCB719F49D540A66B7E6EF94B54F16807EEA8A8BB24C730EC01CF94
            Function 02DC80E9 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fd443fc5d89eb2646b0026c5f16788d6480a34d8b1ff276513398eb3a095c2db
            • Instruction ID: 6aa743a61e102097ffa9c506921c8a6d74b39c708458affd031537e4c925ee1b
            • Opcode Fuzzy Hash: fd443fc5d89eb2646b0026c5f16788d6480a34d8b1ff276513398eb3a095c2db
            • Instruction Fuzzy Hash: CA215B76A40206DFCB15CFA8C591AAEBBF5FB88318F34416DD105AB310CB71AD06DB90
            Function 02DF674D Relevance: .1, Instructions: 65COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b8bd2aa429d1978172c85359dda0d662e42ccb5f9247bddb22bdc25a706811a
            • Instruction ID: b3c61d3907dd5dfa584f31e29f3f67a810444c4884c3318e40d193a25ef27819
            • Opcode Fuzzy Hash: 2b8bd2aa429d1978172c85359dda0d662e42ccb5f9247bddb22bdc25a706811a
            • Instruction Fuzzy Hash: 67216A75600A00EFC7609F68C881B66B3E9FF44350F41882DE5AAC7B50DB30EC50CBA4
            Function 02DEE8C0 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 71405e8dba205764e6a68f7b7c003250000d5e0332972c47fac871c264fb7901
            • Instruction ID: d14800880bca4204c75ad71c71c0c8eba54969b3987241513bbe8ebe93df00dd
            • Opcode Fuzzy Hash: 71405e8dba205764e6a68f7b7c003250000d5e0332972c47fac871c264fb7901
            • Instruction Fuzzy Hash: E311E5776001249BCF19DB24CC86AAB73ABDFD5374B259529D9239B790DA309C02C694
            Function 02E56870 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5faa3a2165a8ab934439f9f8a039f93a867b6877ea34fc1be485c24f3b11fd23
            • Instruction ID: ef05ff3e2e04d0647a2229acd126eac42f7a9d9e4bf01230526038de20374e0a
            • Opcode Fuzzy Hash: 5faa3a2165a8ab934439f9f8a039f93a867b6877ea34fc1be485c24f3b11fd23
            • Instruction Fuzzy Hash: 51110632290624EFDB26DB69CD40F9A77ACEF45764F818024FA01DB260DB70ED00CBA0
            Function 02DF66B0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9cf9dd74b3f60ec3a1722bceefbd6a56ed8ef612c39e955580111e5c880af01
            • Instruction ID: e8ef3c67815c0ecc933529e87e7cfab8101fb0be9ae553a35cb2fe6384157716
            • Opcode Fuzzy Hash: e9cf9dd74b3f60ec3a1722bceefbd6a56ed8ef612c39e955580111e5c880af01
            • Instruction Fuzzy Hash: 4A11BC76A01254ABCB65CF5AC580A5ABBEDEF84710F164079DA159BB10D730DD00CBE8
            Function 02DC0AD0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction ID: 6a6e5c14acb04bf92d89e3000e52f390963a33c50ee0846e66d64a2fa2cc3e27
            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction Fuzzy Hash: 3921E3B5A40B059FD3A0CF29D480B52BBF5FB48B10F10492EE88AC7B40E371E854CB90
            Function 02E8A8E4 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction ID: 4c95a37a9678955d7cc1877d5220065affad038d3d550528ced68d422667274c
            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction Fuzzy Hash: 6A11C432A00919AFDB19DB54CC05F9DB7F6EF84314F058269EC99A7340E671AD51CB90
            Function 02E4E7E1 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction ID: 106c75b7acdf290ce11997f6f66ea7fbc7bab9dbce91afaff857ef7c6f8b0f00
            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction Fuzzy Hash: 49119E32680600EFDB209F54E844B66B7A6FF89758F1DD828E9099B260DF31DC40DBA0
            Function 02DE27ED Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 70d6b34cda621ae5d5100f7447f703537321a1508627beb6408ca1c5d24cd6a8
            • Instruction ID: 28b24379771f208d214e86c0754a5ea41ea91922353e9a0ca52b54c5d52eb31d
            • Opcode Fuzzy Hash: 70d6b34cda621ae5d5100f7447f703537321a1508627beb6408ca1c5d24cd6a8
            • Instruction Fuzzy Hash: AF012632345644ABE326A369DC88F67779DEF81358F0540B5FD038B340DA24DC00CA71
            Function 02DC4690 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 57d8209345ff9ede9a6abb5fe6b950934c72d9269d7cf11af74ac4fcdcd26deb
            • Instruction ID: 8e6e6279601f74b0f8608191537d7103fb74812bdaf56129457f253723016b60
            • Opcode Fuzzy Hash: 57d8209345ff9ede9a6abb5fe6b950934c72d9269d7cf11af74ac4fcdcd26deb
            • Instruction Fuzzy Hash: 5511E136240646AFDB25CF59D990F5677B9EB86B68F20412EF8088B390C770EC40CFA0
            Function 02E94B00 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1bd7f3e7d30c7ba915cf0469ca92fe2b253608088c1dd9998f92f41dc83dd567
            • Instruction ID: 9bec97fa09519e63d9bcd0bcd7796aa6488f8c0a4da213eae3574d5a8ab86c96
            • Opcode Fuzzy Hash: 1bd7f3e7d30c7ba915cf0469ca92fe2b253608088c1dd9998f92f41dc83dd567
            • Instruction Fuzzy Hash: 1211C63A240A119FCB219A29D850F57B7A6FFC4714F15941AE542877D0EB30A803CB90
            Function 02DF6620 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3faa17f30463d1e04aa77d63b7fee9de6078c390fc59ae2c77c8d93bddcdc5a7
            • Instruction ID: 7de8154e9ba76e36b0ae6ea400280be55cc11ded98bb9e3090fa2e79e43004ec
            • Opcode Fuzzy Hash: 3faa17f30463d1e04aa77d63b7fee9de6078c390fc59ae2c77c8d93bddcdc5a7
            • Instruction Fuzzy Hash: 9011A072900655ABCB629F59D980B5EF7BDEF44744F920498EA10A7700D730ED41CFA4
            Function 02DEEA2E Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 399f9e9eb432958a4f5ebc59bda0ccf32a4853c430f17a994c863afcd37a6d08
            • Instruction ID: e5cd99cb45cb03b1b005af460876b3de5c39bc7137dfbe46ff499812e6cb4acb
            • Opcode Fuzzy Hash: 399f9e9eb432958a4f5ebc59bda0ccf32a4853c430f17a994c863afcd37a6d08
            • Instruction Fuzzy Hash: 960180715442059FC716EB19D448F57B7EAEB86328F64856EE0058B360C770AC81CFA4
            Function 02DEE53E Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction ID: 97df2ade6f0fab6a036a08d15c6a7df8076df5d116f8882fd7113e79ea232858
            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction Fuzzy Hash: DC110472245AD19FDF22AB68C954B2537E4EB0076CF1910F0ED439BB92E728CC46CA61
            Function 02E4E75D Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction ID: 1506e530fd3ec2b49d2c9fa87842ed59b5b6887db9fbea4ff73a7ea0875da093
            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction Fuzzy Hash: 7301D632640105EFD7215F54D809FA67AAAFB80768F19D474FA059B260DB71DD40CB90
            Function 02DBA250 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction ID: db060b556657d3d90208824cd0d7358b70901331a5cb8c0a740efa5e374ddac6
            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction Fuzzy Hash: 7F01D671905B11DBCB328F15D850AB67BA5EF45760B11D52DFC968B780D731DC01CBA0
            Function 02DC6259 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b0b4beae259301b5c6bc4a33ccf512545b189bbc60a80c8fa35b40b464d9fce9
            • Instruction ID: 9092692b8a6ec550aff68c1207029018e0cd8b31ca17d1ba9d1b681005f50ab1
            • Opcode Fuzzy Hash: b0b4beae259301b5c6bc4a33ccf512545b189bbc60a80c8fa35b40b464d9fce9
            • Instruction Fuzzy Hash: C511A070981228ABDB25EB64CC92FE9B3B9EF44710F6081D4B714A61E0D7309EC1CF84
            Function 02E3E1D0 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 795998e5aaf50150d4247b7df603b5136e129573b3e07d28d4291e1c7c9a45f3
            • Instruction ID: d99abc519c4412c09fb49f879bb1963c44a9fc8a3cb866d1e47581d42976a9f4
            • Opcode Fuzzy Hash: 795998e5aaf50150d4247b7df603b5136e129573b3e07d28d4291e1c7c9a45f3
            • Instruction Fuzzy Hash: 60118E31281640EFDB16AF18CD80F5677B9FF44B48F244065E9059B691C235ED01CEA0
            Function 02DC208A Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction ID: ff3e1ed971f2948e2666e0ac2db82c0e9e40c34b51a482f3bf13ac43c41ed638
            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction Fuzzy Hash: A8012832200211CBDF109A29D884F927766FFC4714F3590AAEC458F349DB71CC81E7A0
            Function 02E46050 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e283e313954ff233377571358d3199f819b4fce4fd381659108c8b21d71d776d
            • Instruction ID: 56c717811ef49e94e22f543acd6a97081d3209c0c74583de82564f9aa3ea3061
            • Opcode Fuzzy Hash: e283e313954ff233377571358d3199f819b4fce4fd381659108c8b21d71d776d
            • Instruction Fuzzy Hash: 1B112973900019ABCB16DB94DC84EDFBB7DEF48358F044166E906E7210EA34EA55CBE0
            Function 02E56500 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee486533389ea754b4ffa946d7b5acec3f334c0789186cee8ef5b29799aab9af
            • Instruction ID: 4d26280d274205598cef9fbae4c7dea107cbb5d4f6057ba6920e170167f340fa
            • Opcode Fuzzy Hash: ee486533389ea754b4ffa946d7b5acec3f334c0789186cee8ef5b29799aab9af
            • Instruction Fuzzy Hash: 7511E1326901569FC301CF28D800BA2B7BAFB4A308F48C559E9488F311D732EC80CBA0
            Function 02E6EA60 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f0ba65b4f009c3819203387ffd7746ec01c7255595a22389eb81f78d4078004c
            • Instruction ID: 21f351cf596c2921c8d29bc0f22106136b6b638f01858f6c2b34a939246a24ef
            • Opcode Fuzzy Hash: f0ba65b4f009c3819203387ffd7746ec01c7255595a22389eb81f78d4078004c
            • Instruction Fuzzy Hash: BB01F5350C01109BCB32AB118409E77B7AAFF417A4F18D46EE5000B680C732AC41CFE1
            Function 02E4C810 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 26b96ec8764082468f56c2f93d2bb8b9ace40619accfea62b5064e54808f52ad
            • Instruction ID: dffa9fdba99cf1ba8053461a417354e06533c148d8dfe3fb2c412fbd47818770
            • Opcode Fuzzy Hash: 26b96ec8764082468f56c2f93d2bb8b9ace40619accfea62b5064e54808f52ad
            • Instruction Fuzzy Hash: E011E8B1E012099FCB04DFA9D581AAEB7F9EF48340F10806AB905E7351D674EE41CFA4
            Function 02E020F0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 73de4ef21e206ff5b8851f95d2070eea5a5fc12ffcf5b5340b4071dff339973a
            • Instruction ID: 2cbcbdb42c70be2885eb7a3a5db9036aceee0b9d04d499421e2adbbde930e606
            • Opcode Fuzzy Hash: 73de4ef21e206ff5b8851f95d2070eea5a5fc12ffcf5b5340b4071dff339973a
            • Instruction Fuzzy Hash: 8A116D71A4120CAFDB05DF64C894FAE7BB6EB44344F009059FE0597390DA35AE52CFA0
            Function 02DBC020 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction ID: ee5e01ffce2897ba6ac5238b78bfa0ceed8021bf5a8bb45f060b8b2f29413ede
            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction Fuzzy Hash: 4C01B532140B05DFDB229666C840FE7B7EEFFC4758F15942AA5568B640DB70E802CB60
            Function 02DFE5CF Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 58ef2ca86ca50673ce3f5cd342ee236c10a02526f399d0f9c9f60a20aaa5e3e4
            • Instruction ID: c2441b4f3d704a0bef6a7d1f508c69c49c3e956de568fb76c39d31fc167bf2c5
            • Opcode Fuzzy Hash: 58ef2ca86ca50673ce3f5cd342ee236c10a02526f399d0f9c9f60a20aaa5e3e4
            • Instruction Fuzzy Hash: BD017C72241E40BBD712AB69CD84E57B7ADFF847A4B000625B90983662DB64EC01CEB0
            Function 02E569C0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 02a2821782173b0e287429937acaf441f0c5ba8e2992e7bf6e91610a66dc70f8
            • Instruction ID: 740c2fb13ebdf5c0a28d726670a4819d90faf654401ba4a2fa5df96475c2ef0c
            • Opcode Fuzzy Hash: 02a2821782173b0e287429937acaf441f0c5ba8e2992e7bf6e91610a66dc70f8
            • Instruction Fuzzy Hash: 43014C322A46119BC720DF79C888AA7F7ACEF44724F908629FD18872C1E7309941CBE1
            Function 02E4C460 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4775ebdedfa006f07e469b09e21de809d8df2dca89ea040d698a5d11531ca2cc
            • Instruction ID: c96406b0915f85bd0db95ba5146166cc8aff1d3c63b737d3f4e0991b14d4228a
            • Opcode Fuzzy Hash: 4775ebdedfa006f07e469b09e21de809d8df2dca89ea040d698a5d11531ca2cc
            • Instruction Fuzzy Hash: 44115B75A41208ABDB05EFA4D940EAE7BB6EB48348F10905ABD0197380DA34EA51CF90
            Function 02E94A80 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
            • Instruction ID: b172ea71fec4230ade693445eb334d0b94939ffeb08da690e2e62484aef3fdf4
            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
            • Instruction Fuzzy Hash: C501D833240A059FDF219A59D840F96B7EAFBC5304F04955AE5428B690EAB0F882DB54
            Function 02E4CA11 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ed6f0c26b82bae3356ef89d4f56f388dbabd442baa6d7b1be1429addab2e280b
            • Instruction ID: d227cd4e099c1a097735a5935795dfbf0c414b80a010153a699cb2c43460b023
            • Opcode Fuzzy Hash: ed6f0c26b82bae3356ef89d4f56f388dbabd442baa6d7b1be1429addab2e280b
            • Instruction Fuzzy Hash: AD117C71A053049FC700DF69D44194BBBE4EF89350F00955FB958D7390E630E941CBA2
            Function 02E4C97C Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f3a6fae8defa387fc2928c27ee9f1392530f10fab74cf889fb6299bd9c26e94e
            • Instruction ID: 2c5a6dd5ee218159b523e3893b7d93f49a817b58b86e8578cb6b6d2b1daac57b
            • Opcode Fuzzy Hash: f3a6fae8defa387fc2928c27ee9f1392530f10fab74cf889fb6299bd9c26e94e
            • Instruction Fuzzy Hash: DB113C71A553049FC700DF69D441A9BBBE4EF98710F00955EBA98D7391D630E901CBA2
            Function 02DB826B Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b4f1e69d1a2d1383a6912325e7093c00cbd3c4957f23961129ed60e8730cf0cb
            • Instruction ID: 48df67972272ce5ecd98d37dcf22d7a7d76357a443395aeab196a21cff3c68b1
            • Opcode Fuzzy Hash: b4f1e69d1a2d1383a6912325e7093c00cbd3c4957f23961129ed60e8730cf0cb
            • Instruction Fuzzy Hash: 3501D431A40504DFCB05DB6AE8519EF73AEEF80214F05C069E906DB380DE30DC41CA90
            Function 02DDE016 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction ID: 4c715f779c2474d31c6bb34885357dcecf0f1604473b729f2f95bc93da20557b
            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction Fuzzy Hash: 34017872240A809FD326871DC958F3677ECEB44B58F1984B1F905CFBA2D728DC40CA21
            Function 02E6EB50 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: de852327e04904f81e37338e822e9fb347514b96c063513beefcb4210206496c
            • Instruction ID: c7d06486e83e8a8db2cced5ca1c7ff4798f5cf39ee1fca04fc991f2f4c406dd0
            • Opcode Fuzzy Hash: de852327e04904f81e37338e822e9fb347514b96c063513beefcb4210206496c
            • Instruction Fuzzy Hash: A301F2712C0711AFD3325B16D856F63BBE9DF45F94F14982AB6069F7D0C6B0A840CB94
            Function 02DC2582 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9ad9fe6ced92d3bd3436d61b71cad63ea6c82f8cabc089f22d4225bb71fc63f
            • Instruction ID: fcc2e7718352fce378941ee0d9cd91834ecc506d3bf404027c1f4aaac405175b
            • Opcode Fuzzy Hash: e9ad9fe6ced92d3bd3436d61b71cad63ea6c82f8cabc089f22d4225bb71fc63f
            • Instruction Fuzzy Hash: 9FF0F432B41B51B7C7319B5A8D54F57BAAAEB84B90F108029BA0597700CA30ED01CAB0
            Function 02E962D6 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0acebc5a8ffb414a4c1f33cdd22560198d111ba01bac07d221ea60392f3556c6
            • Instruction ID: c932f8d69bd989723d79a599b01aa6b9ad3bdd82f7c88a2dcb98d38dd856b947
            • Opcode Fuzzy Hash: 0acebc5a8ffb414a4c1f33cdd22560198d111ba01bac07d221ea60392f3556c6
            • Instruction Fuzzy Hash: E1012C71E40209AFDB04DFA9D581EAEB7B8EF48304F50806AFA14E7390D6749E018FA0
            Function 02E9625D Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 22047418a7d596cd70f3898d64fd9612290371d817821cd7117c9a1b563507a3
            • Instruction ID: 7fafc7e0d5e1b30559912478751f3fd346f80d1df4dc405b9ecd7deb7f80b175
            • Opcode Fuzzy Hash: 22047418a7d596cd70f3898d64fd9612290371d817821cd7117c9a1b563507a3
            • Instruction Fuzzy Hash: 9C012C71E50209AFCB04DFA9D591EAEB7B9EF48304F10806AF904E7391D674AA01CFA0
            Function 02E9634F Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d18bd164c1d4f887cbb5b489e91213f7a17c15fb8ed0707554b1df43d6cd0788
            • Instruction ID: 9045aa359d2af3d0acd82014bf40819c06975f13939dda6856b00e1d5cc8e3c5
            • Opcode Fuzzy Hash: d18bd164c1d4f887cbb5b489e91213f7a17c15fb8ed0707554b1df43d6cd0788
            • Instruction Fuzzy Hash: 1A012C71E50209AFDB04DFA9D591EAEB7B8EF88304F10806AF914E7390D6749A01CFA0
            Function 02DBC310 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction ID: f8b0f5c0608df7409f5eaf63ef229ffb97815c87c0287aad6fb9907c1ee0db7a
            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction Fuzzy Hash: E8F04C33215A22DFC73317594860BABA597EFC5F64F190037E1479B300CA64CC01DAE4
            Function 02DEC073 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction ID: 1ca1c8706c7c8e7f307cabba0a1f7aa10ee74520a491c12c0d615cfcc513a0b7
            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction Fuzzy Hash: 29F0C2B2600A11ABD324DF4DDC40E57F7EADBC0B80F148129E505C7360EA31DD05CB90
            Function 02DFCA6F Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction ID: 3f9b67a6dc6b55e70b38b93bfe7620dd314a9460faa5534633d6727ca9c1011e
            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction Fuzzy Hash: 7501F4326446889BD333D719C809F59BB99EF41768F0A80A2FA448BBA1D778DC10CA25
            Function 02E463C0 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction ID: 136dccc4942315d31859541760fe78c4078a3d87a2540584553d3425de99233b
            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction Fuzzy Hash: 9DF01D7220005DBFEF019F94DD80DAF7B7EEB59398F114165FA1192160D631DD21ABA0
            Function 02E961E5 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 464e6e28cfc72ed7f6b13feb68e5498868fc11b2cdce74eb4c335ddff8ebbf33
            • Instruction ID: 1ace62d816c54326c761216dcc417c7104c4c4e32d649c902885d994b8f87c9d
            • Opcode Fuzzy Hash: 464e6e28cfc72ed7f6b13feb68e5498868fc11b2cdce74eb4c335ddff8ebbf33
            • Instruction Fuzzy Hash: C0017C71E402489BCB00DFA9D441EEEB7B8AF48714F14405AF904A7290D774AA02CBA4
            Function 02E4A4B0 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b5e4d787c02860bef8b8cc18913f6a59dcf26b78debefb1e1a052ba325104f12
            • Instruction ID: 5a0adb19c7ce3d3d30c4dd84e7cf7a6596561e96cda1acc4d2acfcec612daf7a
            • Opcode Fuzzy Hash: b5e4d787c02860bef8b8cc18913f6a59dcf26b78debefb1e1a052ba325104f12
            • Instruction Fuzzy Hash: FB018536580109ABCF129E84E950EDE3B6AFB4C764F068111FE1866220C636D9B0EF81
            Function 02DBC0F0 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9ef2d6de306b0b341204877b97bfb124ba5fec5679a43b5895b24dc66bd55923
            • Instruction ID: da41bc5000409eaaeab40e9d47af2500132f23beaf0ced3d59ad6730a624f6a9
            • Opcode Fuzzy Hash: 9ef2d6de306b0b341204877b97bfb124ba5fec5679a43b5895b24dc66bd55923
            • Instruction Fuzzy Hash: 1EF0F6712242019FF7959615CC21FA3729AFBD0790F25802BEA0A9B3C0EA70DC01C2A4
            Function 02DF656A Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c51e82655db0917943febada74fb76de1d01961725e4fb6f59c7670fcd5d0974
            • Instruction ID: b9ed9e26727f2190dfbacf92cfdfb38f982a5c700bbcac5bb5c897e155f81d33
            • Opcode Fuzzy Hash: c51e82655db0917943febada74fb76de1d01961725e4fb6f59c7670fcd5d0974
            • Instruction Fuzzy Hash: 9501A470680A809BE3639738DD4CF2633A9EB41B08F898690FB119BBD1D728D841C914
            Function 02E6437C Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction ID: 5da65dd922fff95aa7e9a376ffcc4272d58f7756bfbc032fc28a98821a319c27
            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction Fuzzy Hash: 0EF0B4313C191247DB75AA29A414F3AA2979F80A88B09A53C9401CB6C0DF20DC008B90
            Function 02E4C89D Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 533e53606ac3ad8a79376e040b2e6d5ba04031a8734c389f949fddfcb5d28fec
            • Instruction ID: 6f033e58fd465c04964fc36baf5081f7cef58f492c238d3b32b0e215baba8c15
            • Opcode Fuzzy Hash: 533e53606ac3ad8a79376e040b2e6d5ba04031a8734c389f949fddfcb5d28fec
            • Instruction Fuzzy Hash: 29F0C270A457049FC310EF29C541E1BB7E4EF88704F40965EB898DB3D0EA34E901CB96
            Function 02E4E872 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction ID: 8a46fe7d222ec369af85c022c82a29964adfcf4d842f46535c7adef6b24e38d5
            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction Fuzzy Hash: E9F0BE32B80A519BCB318B4DEC80F12B3A9FFC9A64F1D0064A504AB660CB70EC41CBE0
            Function 02DF0854 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction ID: 7817cfc18536df5dfe92dfef5f185a3901f62de8be2ff883adb8ef021dfe9114
            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction Fuzzy Hash: 23F0B472610204AFE714EB21CC01F96B6EAEF98744F1580789645DB265FAB0DD01CA68
            Function 02DC47FB Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fe3d8e947c6e154daddca977e782d56267796a05e779d6f33f38f0f8f478a8dc
            • Instruction ID: ed52bcdda0187fccb54d6de3323864f2c9b20ab0cfc25b762e6b693f6633fe94
            • Opcode Fuzzy Hash: fe3d8e947c6e154daddca977e782d56267796a05e779d6f33f38f0f8f478a8dc
            • Instruction Fuzzy Hash: 68F0BE3191A6E29FEB32CB68C474B22B7D89F00724F28896ED48987741C724DC80CA50
            Function 02E80115 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 282085a6606c8932986b0f14807ae4610ff0e54bc66ff969a2e8e48845eeb8f0
            • Instruction ID: 37e9fed4964c60dce01bc25fc9f609dd73b6ff271150cc4b9650950f344c241e
            • Opcode Fuzzy Hash: 282085a6606c8932986b0f14807ae4610ff0e54bc66ff969a2e8e48845eeb8f0
            • Instruction Fuzzy Hash: 45F05C268D56C006CF277B38B8513E33B5E9B4A238F19B885D8EC57205C77484D7C634
            Function 02E02619 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction ID: d8cc39d5a3e16a9cde89213a994dac7f6aa7df1aafefa9c53333b901dba17c18
            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction Fuzzy Hash: ADE0D872340A002BD711AE599CC4F4777AFDFC2B14F044079BA045F292CAE2DC4A86A4
            Function 02DFC5ED Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 16294327c8f97ebdb2da7e9bb623adfb0fe22273ebd3d1774ce6386460ab9247
            • Instruction ID: bfabae7f4b5700ecdf0888ee31791cfeb419d77fdf590122cb161c9ce5565bee
            • Opcode Fuzzy Hash: 16294327c8f97ebdb2da7e9bb623adfb0fe22273ebd3d1774ce6386460ab9247
            • Instruction Fuzzy Hash: 81F0E2715396D8AFD7B2D718C148B52B3D8DB04BA8F0A9467D64687772C360CCA1CA58
            Function 02E56030 Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction ID: bc45445772fb4cf6b6dfade6a622a2a5559788c44490d1a0ac936da1da6d5c19
            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction Fuzzy Hash: D7F0A0721502149FE3309F05D880F92B7ECEB05368F81C025EA088B260D339EC40CBA0
            Function 02DC0710 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction ID: 5a2a6dfded152f17a577e7ad4b4626cd63440518133a7d6feec30d6cb7a729b2
            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction Fuzzy Hash: 67F0E539204741DBDB19CF15C050AE57BE9EB41354F2440A8FC428B351D731ED81CF50
            Function 02DF49D0 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction ID: 139e8ba4fca2cda9edcd2ab736caa7ab7fc53d9b184e3050c1e7103cf67450c7
            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction Fuzzy Hash: F2E0D83224C745ABC3612A5D9800B6777A6DBC07A4F1B0429E3408B350DB74DC40E7EC
            Function 02E94164 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 938ff4b7a7ba9f3def5c264a11cf3ce4fd6dfae07ee97fda587211baf04bda8b
            • Instruction ID: c497d0a82f54657a06387bc952d6f111e2cfbf704458a1068966f2bd2d43d27a
            • Opcode Fuzzy Hash: 938ff4b7a7ba9f3def5c264a11cf3ce4fd6dfae07ee97fda587211baf04bda8b
            • Instruction Fuzzy Hash: 10F02B319659914FDF71D729F240F5273E4EF00778F0AA996D40497A91C320DC42CE70
            Function 02E6678E Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction ID: 18dc9ea331adc40793fbbeeba7f748a4c125a32036177ae8029217ac59aac36b
            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction Fuzzy Hash: 9FE0DF32A80110BFDB21AB998D05FABBABDDB80FA4F054054BA00E7290D530EE00DAA0
            Function 02E908C0 Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction ID: 955705f63f5795efc07d2104b83bb7c0e3e24904569480386d4778dc7263dc98
            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction Fuzzy Hash: 48E065727803508BCF348B19C140B93B7A9DF95A64F55D06BDA0947611C331E882C6D0
            Function 02E7A456 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction ID: 24b958310132715ea129fd93bd49d70550df81cfad2de4e8cccd5ae1f556302e
            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction Fuzzy Hash: EAE06531050A51DBDB326B26C848B56B6E2EF40719F14CC3DA09A026B0D7B69CC1CE40
            Function 02DC25E0 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ca080a6ca170aef3cecb3f09c778274fe6e26468f570a1928e4010de7b4d40f0
            • Instruction ID: 4f8654ef08f1602deec63f50a80e91e7e8c86345019a6d3fd770f1f995479806
            • Opcode Fuzzy Hash: ca080a6ca170aef3cecb3f09c778274fe6e26468f570a1928e4010de7b4d40f0
            • Instruction Fuzzy Hash: 49E09232140A949BC322BB29DD15F8B77ABEF50364F114519F115572A0CA34AC50CFA4
            Function 02E44000 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction ID: c00b7e47603faffca31dee52920374fa786c85022ab87990fe34e7b191f9e0cf
            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction Fuzzy Hash: A6E0C2743403058FD715CF19D040B6277B6BFD5A18F28C068A8488F245EB33E852CB41
            Function 02DFCA38 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ed8f52e9b3cd08809bcc1a055199bf5684d3a01146664f85ef4f0cf67a8a9d1
            • Instruction ID: 2374a59cc1df54faa916e18e38c961d25a5ae4d32767b9dd0eeb8f9330655e36
            • Opcode Fuzzy Hash: 6ed8f52e9b3cd08809bcc1a055199bf5684d3a01146664f85ef4f0cf67a8a9d1
            • Instruction Fuzzy Hash: 7DD02B328D91306ACBA5F125BC04FA33A9ADB40320F034C72F30892310D554DCA1DAD8
            Function 02DB823B Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction ID: 03ed31458f297df2d812e1eb9a8c85eb3e891e0435bd218f9c31bf3bfed69f80
            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction Fuzzy Hash: 08E08C31880A20EEDB322F26DC24B9176AAFF44B10F14D829F282461A48774ACC2EE54
            Function 02DC2050 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1768c013bbcdba6ef813dd12777bb1c7e9c0784bdfabe933cf7995572dec4de8
            • Instruction ID: 8c00db45eed6fa131c8c2fa5b7116d09225883e77bc72204aa56a5b6e8d29d10
            • Opcode Fuzzy Hash: 1768c013bbcdba6ef813dd12777bb1c7e9c0784bdfabe933cf7995572dec4de8
            • Instruction Fuzzy Hash: 59E0C2331405A06BC312FB6DDD10F4A73AFEF94360F100129F151873A0CA20AC40CBA4
            Function 02DF8A90 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
            • Instruction ID: e23bfd9672abb6d5544ff20ac90a8218c57b83777e1e92837b92720a0888714b
            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
            • Instruction Fuzzy Hash: 1CE08633115B1487C728DE18D511B7277A4EF45720F09463EA65787780C634E944D799
            Function 02E16AA4 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction ID: d6d9ba49196dfa66d0b57c67aa7746dbcc40fa9a6015ba56b39040426c789475
            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction Fuzzy Hash: C5D05E36511A50AFC7329F1BEA00C13BBF9FBC4B107050A7EA44583A20C770AC46CFA0
            Function 02DFE59C Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction ID: 939d72194bb32b4e66538b2a0ce640adf928afba24f0226aa9aaa1c26335bdff
            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction Fuzzy Hash: E8D0A932244A60ABD772AA1CFC04FC333E9BB88721F060899B008C7150C3A0AC81CA84
            Function 02DBA0E3 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction ID: 4054ee89405b5e079622c29792e7e07931de9ddbedd193e120d90c6fd7ffca72
            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction Fuzzy Hash: 34D012326164B0D7CB7A57556924FA76A16DF85A94F1A006D740B93A04C5158C82DAE0
            Function 02DFCA24 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d7bca5e37ec169a9ac757957b88be33f6779783d789396da3b005f7e2563a35f
            • Instruction ID: feb30b125d72b94e4eb6e138ab6d6366ed368c9f5825443d0b5f83b65f4e985f
            • Opcode Fuzzy Hash: d7bca5e37ec169a9ac757957b88be33f6779783d789396da3b005f7e2563a35f
            • Instruction Fuzzy Hash: 6CD0A730995645CBCF5BCF14C514E2E3274EB00645F4000A8F70051620D325EC51CA10
            Function 02DFA830 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction ID: a15897ae8455d67398baddba798a8f72dbe5405db3fa2236b7da24ece9311043
            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction Fuzzy Hash: 4FD012371D054CBBCB219F65DC01F957BA9E754BA0F444420B504875A0C63AE990D994
            Function 02DD02A0 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction ID: af16791ac22e3f7e94571a1a8fdc60a6e8f3cab8f799df10e64d32dfea256dce
            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction Fuzzy Hash: 3BD0C935653E80CFD62ACF0CC5A4B6533A4BB84B45F8184A0E402CBB61D72CED44CA00
            Function 02DFC700 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction ID: d4537315b1aab8df12ac4971b395cc6a10372f256d9b50f39d7da6e1627d2fa4
            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction Fuzzy Hash: 62C08033150644AFC711DF98CD01F0177A9E798B40F000461F30447670C531FC50DE54
            Function 02DE0310 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction ID: 21e2fde94b5136521ba9b798ae7b4da3844fe33a5027869be115d0cd6759beb7
            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction Fuzzy Hash: 96D01236100248EFCB02EF41C890D9A772BFBC8710F108019FD1A077118A75ED62DA50
            Function 02DC0750 Relevance: .0, Instructions: 9COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction ID: ddd94a0a259da07fff7981b8cfa84b0b6455b01bfe9ee8a7d9bd29a09e5c3d28
            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction Fuzzy Hash: 23C00179641A828BCF16DB2AD694F8977E4FB84744F1958A0E8058BB21E624EC01CE21
            Function 02E04340 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f4ce9715790590b55bce61dbc8248423c98f1b7f3be9225e790684fd30fa9e88
            • Instruction ID: 29b88fdb4d5e7accc51dd4bd0db0e45b1ebc76fc3a43c90abf742b7f2b5152a1
            • Opcode Fuzzy Hash: f4ce9715790590b55bce61dbc8248423c98f1b7f3be9225e790684fd30fa9e88
            • Instruction Fuzzy Hash: 3290023168580013A580B1584885547500597E1301B95D021E0424558C8B148A569361
            Function 02E04650 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 23d599e8276832c21caad28a192ef0cf4341ce556458e26c33ab37dc775f358b
            • Instruction ID: da981791447e882cbd3237083ad9a560dd015de4b7a9e0743c904776c0f3d07b
            • Opcode Fuzzy Hash: 23d599e8276832c21caad28a192ef0cf4341ce556458e26c33ab37dc775f358b
            • Instruction Fuzzy Hash: 22900271681500435580B1584805407700597E23013D5D125A0554564C87188955D269
            Function 02E02AF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1a21326c0debe85a227f8ec8bae8236f62fa6be96d3b7050fa4057be0d2baf4a
            • Instruction ID: c752737970b4007845c8dbe9528dca01a0d1ccbd44b911b67fdc349574dec21d
            • Opcode Fuzzy Hash: 1a21326c0debe85a227f8ec8bae8236f62fa6be96d3b7050fa4057be0d2baf4a
            • Instruction Fuzzy Hash: CA9002352A1400031585F558060550B144597D73513D5D025F1416594CC72189659321
            Function 02E02AD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3bf0a9fb1e52458e01fb0a7a88385e754f67ce539ebdd43d482a618d619ebc24
            • Instruction ID: 9dcad566afe8711857a94c976f5d0fd53fbfc7da1448e5629cc0b4e81bc7f545
            • Opcode Fuzzy Hash: 3bf0a9fb1e52458e01fb0a7a88385e754f67ce539ebdd43d482a618d619ebc24
            • Instruction Fuzzy Hash: A29004353D1400031545F55C07055071047C7D73513D5D031F1015554CD731CD71D131
            Function 02E02AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee2809919a678500a82a600e386ff8a1e1537ee48cf124582bb05ab4ce2d16df
            • Instruction ID: 940125b3dd84ce8b3b83ece2b59caeff4c2046ff6379a634bc8d0e1ef8f25765
            • Opcode Fuzzy Hash: ee2809919a678500a82a600e386ff8a1e1537ee48cf124582bb05ab4ce2d16df
            • Instruction Fuzzy Hash: CC9002B1281540935940F2588405B0B550587E1201B95D026E1054564CC6258951D135
            Function 02E02BE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f7dc650f459995941f84944ba8c64a0843a47e760b44b13b2920b19d8b76c6a0
            • Instruction ID: 3f656014b2bf1a8d3fbd2df7eaa0699bc9d4c1f805281c9dbf08b330b02dc27d
            • Opcode Fuzzy Hash: f7dc650f459995941f84944ba8c64a0843a47e760b44b13b2920b19d8b76c6a0
            • Instruction Fuzzy Hash: E990023128544843E580B1584405A47101587D1305F95D021A0064698D97258E55F661
            Function 02E02BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9d3c07b704c32d9ad0e4fd561d2bb499bad6588abefabc157da811baab8d489
            • Instruction ID: e56446ee7718add1c2296e98ebdd6be7aba603f7dcea9645de134f1b8dd65c61
            • Opcode Fuzzy Hash: e9d3c07b704c32d9ad0e4fd561d2bb499bad6588abefabc157da811baab8d489
            • Instruction Fuzzy Hash: 0B90023128140803E5C0B158440564B100587D2301FD5D025A0025658DCB158B59B7A1
            Function 02E02BA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a090bcbf051e79391ae71b891a02e68a559b6787507e4476a7162fcf71e7393b
            • Instruction ID: 307dfe35a012506b4bca1294f5ee3a35a9c433af0986a6a8dcb8035e79bc0f2c
            • Opcode Fuzzy Hash: a090bcbf051e79391ae71b891a02e68a559b6787507e4476a7162fcf71e7393b
            • Instruction Fuzzy Hash: 8A90023168540803E590B1584415747100587D1301F95D021A0024658D87558B55B6A1
            Function 02E02B80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8f1b438b0f6a5c02d62765bdaded12e07479235b2ebef8857e963414a81aac6f
            • Instruction ID: e694be61748caebe772e68f9a6bbed9451bb4864a2892d4a5f2cc26506651633
            • Opcode Fuzzy Hash: 8f1b438b0f6a5c02d62765bdaded12e07479235b2ebef8857e963414a81aac6f
            • Instruction Fuzzy Hash: 3890023128140803E544B1584805687100587D1301F95D021A6024659E97658991B131
            Function 02E02B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: afec81a2cd86986f0a3dd8fc96f97c7394d6e3981f53355c80e0cb00235d935f
            • Instruction ID: 2dfd1031a598cf7885b76228005bbd6442696b044a72399fa279b4630a269a68
            • Opcode Fuzzy Hash: afec81a2cd86986f0a3dd8fc96f97c7394d6e3981f53355c80e0cb00235d935f
            • Instruction Fuzzy Hash: FA900271282400035545B1584415617500A87E1201B95D031E1014594DC6258991A125
            Function 02E02EE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 007fc7e699d1db875f5a3f886c05a06bc03585e4cc67c0e8d7c743a4827144a1
            • Instruction ID: bf474a1a20493ed17ca20a4baf6824e36719c6a0953c27d7cdf7f83c25b7e162
            • Opcode Fuzzy Hash: 007fc7e699d1db875f5a3f886c05a06bc03585e4cc67c0e8d7c743a4827144a1
            • Instruction Fuzzy Hash: AD90027128180403E580B5584805607100587D1302F95D021A2064559E8B298D51A135
            Function 02E02EA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7b2de1df4d97aca82311d9c323daf30107265887607869053e6f1db822ef436a
            • Instruction ID: fbfe07cb701e32c44f8724e7d98cd81b1e653b4233f643edcb76f062d1ab6444
            • Opcode Fuzzy Hash: 7b2de1df4d97aca82311d9c323daf30107265887607869053e6f1db822ef436a
            • Instruction Fuzzy Hash: 2290027128140403E580B1584405747100587D1301F95D021A5064558E87598ED5A665
            Function 02E02E80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e41b53a0e4598fcc00d95c9092aafe073244fa7a1615c12229cf47c46da59851
            • Instruction ID: bf6304f6226867a43687e0c828aec7b096eecb57a73966dfbb96cccbdf2c4ba4
            • Opcode Fuzzy Hash: e41b53a0e4598fcc00d95c9092aafe073244fa7a1615c12229cf47c46da59851
            • Instruction Fuzzy Hash: C890023168140503E541B1584405617100A87D1241FD5D032A1024559ECB258A92E131
            Function 02E02E30 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c979102665f5891dfb96255883fd88862bcc7a3b8b4a3f9dc5ce456d821818be
            • Instruction ID: 3716109c4169c979d95f8f757cfd640daae29afcc78fe1f482df0f99ef774270
            • Opcode Fuzzy Hash: c979102665f5891dfb96255883fd88862bcc7a3b8b4a3f9dc5ce456d821818be
            • Instruction Fuzzy Hash: BB90023138140403E542B15844156071009C7D2345FD5D022E1424559D87258A53E132
            Function 02E02FE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 72adc2e1a6b94e1cf9eb37d215e46c6660b7825fd292d93b6bfb73709995c3b7
            • Instruction ID: 9a071464ca5eec8523058d935db4ef11a1fd18eff70f3df316a273c1ef32e471
            • Opcode Fuzzy Hash: 72adc2e1a6b94e1cf9eb37d215e46c6660b7825fd292d93b6bfb73709995c3b7
            • Instruction Fuzzy Hash: A8900231291C0043E640B5684C15B07100587D1303F95D125A0154558CCA1589619521
            Function 02E02FA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e8b715b1512bf05eeb4c9f23bad4fc04fd9da2b5d7c911a76b3c2ede357cba1
            • Instruction ID: d596274ca9042ce1886fcc9d63ae62899442fa79b89cb1118e9479417ad5e95a
            • Opcode Fuzzy Hash: 1e8b715b1512bf05eeb4c9f23bad4fc04fd9da2b5d7c911a76b3c2ede357cba1
            • Instruction Fuzzy Hash: 2090023128180403E540B1584809747100587D1302F95D021A5164559E8765C991A531
            Function 02E02FB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c98085fded638c1ee2401e94b82bd93bd5a71ee26b24fc817607a8c2c5d15dcf
            • Instruction ID: 9273265853d65d3bd5416334db5c7832da79a8a7b32aa219321a7fcdb7781556
            • Opcode Fuzzy Hash: c98085fded638c1ee2401e94b82bd93bd5a71ee26b24fc817607a8c2c5d15dcf
            • Instruction Fuzzy Hash: 9B900231681400435580B16888459075005ABE2211795D131A0998554D865989659665
            Function 02E02F90 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ec7ee671999e956dc23704cc63dcc714599c44b896418a17e433b18dd5de784
            • Instruction ID: e0eafc806fff4646a64076dacab3683a09d021ca56ea193c3ea3a284d2cf1e8e
            • Opcode Fuzzy Hash: 6ec7ee671999e956dc23704cc63dcc714599c44b896418a17e433b18dd5de784
            • Instruction Fuzzy Hash: 3090023128180403E540B158481570B100587D1302F95D021A1164559D87258951A571
            Function 02E02F60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 630180bc40c666e1136ac579cff3850e5b1ecbccf3a1d70553fdfc47481e6a94
            • Instruction ID: fade69a78860bab0e9afa3e098cb8ffbc8e270b73a7ee6f3b169765040729db7
            • Opcode Fuzzy Hash: 630180bc40c666e1136ac579cff3850e5b1ecbccf3a1d70553fdfc47481e6a94
            • Instruction Fuzzy Hash: 5D90027129140043E544B1584405707104587E2201F95D022A2154558CC6298D619125
            Function 02E02F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ce7b0fdfe78dbaf2c13b896885ed3d602c25a7daa7394ab5ff69f11680fb6fe2
            • Instruction ID: 29aa723355dd44300cfb42196a06c02f314b04b8de818b2f7c7c60b68da849bb
            • Opcode Fuzzy Hash: ce7b0fdfe78dbaf2c13b896885ed3d602c25a7daa7394ab5ff69f11680fb6fe2
            • Instruction Fuzzy Hash: CA9002713C140443E540B1584415B071005C7E2301F95D025E1064558D8719CD52A126
            Function 02E02CF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b97656e702958ee8bb8bcd2a66c109f52f65938de25fa20b4347d97299adc1a
            • Instruction ID: 02c950e72ca57d0e0f5e93a17d4abeeb7ad7bff919df317555e3353ea6c001e5
            • Opcode Fuzzy Hash: 2b97656e702958ee8bb8bcd2a66c109f52f65938de25fa20b4347d97299adc1a
            • Instruction Fuzzy Hash: 9190023128140403E540B1585509707100587D1201F95E421A042455CDD7568951A121
            Function 02E02CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e4002012ba72909216ec7e977fed3ec2d1ca31cc122d2edc5c396f33a8ea94d
            • Instruction ID: 40b3a7cd12caf0640bff3624fe1560b8316e76bbc95f26368c73b055ab241bef
            • Opcode Fuzzy Hash: 1e4002012ba72909216ec7e977fed3ec2d1ca31cc122d2edc5c396f33a8ea94d
            • Instruction Fuzzy Hash: 3890023168540403E580B1585419707101587D1201F95E021A0024558DC7598B55A6A1
            Function 02E02CA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: df66db05cc5cd99005e2afd77452c95b1dfe84d2e505da563b5022ada411d263
            • Instruction ID: c925a92eff9082da9993ee96f92d4c612b69241834b85d52f994c874f17d85ea
            • Opcode Fuzzy Hash: df66db05cc5cd99005e2afd77452c95b1dfe84d2e505da563b5022ada411d263
            • Instruction Fuzzy Hash: 1390023128140403E540B5985409647100587E1301F95E021A5024559EC7658991A131
            Function 02E02C60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8e89c7b4e71f4f414100ffe258ba205663eef96fc35bdd34ce24742fe9381e98
            • Instruction ID: 97adb01a4ec771d2423cc14d0d6f4fecf227eb4e564f4bfb4a52f81bdcdee77d
            • Opcode Fuzzy Hash: 8e89c7b4e71f4f414100ffe258ba205663eef96fc35bdd34ce24742fe9381e98
            • Instruction Fuzzy Hash: A090023128140843E540B1584405B47100587E1301F95D026A0124658D8715C951B521
            Function 02E02C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4d2e79e81c06b69a2a51e0d6936ff8cfa45b06024b885a8f0a9e8a09e3e2e0e8
            • Instruction ID: 190890252d9fb453ed09203d234ec254574a775ec8b981350853266a027df9d0
            • Opcode Fuzzy Hash: 4d2e79e81c06b69a2a51e0d6936ff8cfa45b06024b885a8f0a9e8a09e3e2e0e8
            • Instruction Fuzzy Hash: 9690023128148803E550B158840574B100587D1301F99D421A442465CD87958991B121
            Function 02E02DD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 50eb7ed803c21a606c9f3aa696a61f7bb83b59904245fcaae550a7260af7d7c0
            • Instruction ID: 0d3903d2ef1e7a563f05eeccc84586aa3fba78d423ed093dc3fd52850ee35f71
            • Opcode Fuzzy Hash: 50eb7ed803c21a606c9f3aa696a61f7bb83b59904245fcaae550a7260af7d7c0
            • Instruction Fuzzy Hash: 139002312C2441536985F1584405507500697E12417D5D022A1414954C86269956D621
            Function 02E02DB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3e8fa2c53eeb822d8a9547c73c6740e7b77642ac01b02fe3ad22622512aa8c1a
            • Instruction ID: a6f899b7e0be037ce10e5e2d5a9116152fdd5da80460fc1166f46d880a86fea3
            • Opcode Fuzzy Hash: 3e8fa2c53eeb822d8a9547c73c6740e7b77642ac01b02fe3ad22622512aa8c1a
            • Instruction Fuzzy Hash: 309002312C140403E581B1584405607100997D1241FD5D022A0424558E87558B56EA61
            Function 02E02D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee38275e7166ab3f60ce413d612bd7a95f9933e86d59fd06ad825730127bcf41
            • Instruction ID: ee07919acbbf028855303ad935355be5469b7d196ee031fe79d5922137053769
            • Opcode Fuzzy Hash: ee38275e7166ab3f60ce413d612bd7a95f9933e86d59fd06ad825730127bcf41
            • Instruction Fuzzy Hash: F690023138140003E580B15854196075005D7E2301F95E021E0414558CDA1589569222
            Function 02E02D00 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 30e0405c1875b567b71f5ba5b93c4667b9e2799f9a91a875d66893be94cc3706
            • Instruction ID: 03a4ac70c2f5b7d8af4cccee47a875fbcaf81a482557d8bbd39688a05bca373a
            • Opcode Fuzzy Hash: 30e0405c1875b567b71f5ba5b93c4667b9e2799f9a91a875d66893be94cc3706
            • Instruction Fuzzy Hash: 0090023128544443E540B5585409A07100587D1205F95E021A1064599DC7358951E131
            Function 02E02D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c515a385c38e9fa903d1ebc51c8236bfd56df4ad6001d8687972a5a1d440834a
            • Instruction ID: e1a337d597f6d1aa36a5d00f2c1efd068fa937134f53125fc440258f4bcfdfa4
            • Opcode Fuzzy Hash: c515a385c38e9fa903d1ebc51c8236bfd56df4ad6001d8687972a5a1d440834a
            • Instruction Fuzzy Hash: E390023929340003E5C0B158540960B100587D2202FD5E425A001555CCCA1589699321
            Function 02E03090 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fa533d44e87ead702033ba4aff2a6af6965740140a93d3be3a1d1606eb6d2c3b
            • Instruction ID: 3060e4e7d552b0ef923e4e7f7cbdd6893c47f8aaafe0bccc2898f2589a8239ed
            • Opcode Fuzzy Hash: fa533d44e87ead702033ba4aff2a6af6965740140a93d3be3a1d1606eb6d2c3b
            • Instruction Fuzzy Hash: B59002312C140803E580B15884157071006C7D1601F95D021A0024558D87168A65A6B1
            Function 02E03010 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bbc3492876dbfd36b1dcee143ce569a92fe73624f1c032fe9faebd1ee46fefef
            • Instruction ID: 108ec69efb1deaf47c20546cc2b81c8fa3b72c673a3a2bfb0524dfd5e63458a1
            • Opcode Fuzzy Hash: bbc3492876dbfd36b1dcee143ce569a92fe73624f1c032fe9faebd1ee46fefef
            • Instruction Fuzzy Hash: C390023128184443E580B2584805B0F510587E2202FD5D029A4156558CCA1589559721
            Function 02E035C0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 73940f2d8f798249324c96a55f01333e054bc0eb39f8c2842692ff73e2f6258b
            • Instruction ID: ddd0052e55645d464ca28523edb1d2c9a4579bfc3050023752e3e3e231adf380
            • Opcode Fuzzy Hash: 73940f2d8f798249324c96a55f01333e054bc0eb39f8c2842692ff73e2f6258b
            • Instruction Fuzzy Hash: 4490023168550403E540B1584515707200587D1201FA5D421A042456CD87958A51A5A2
            Function 02E039B0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b015587a85ab0718299b6ab8fb76f084aa2cb2770f275d20f0d44f896e7c017
            • Instruction ID: 3e4faa8c8ece4ab06fe1215176301085c56cb3d8869e22c58ca324f4b3f1edb0
            • Opcode Fuzzy Hash: 0b015587a85ab0718299b6ab8fb76f084aa2cb2770f275d20f0d44f896e7c017
            • Instruction Fuzzy Hash: 849002312C545103E590B15C44056175005A7E1201F95D031A0814598D86558955A221
            Function 02E03D70 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f6ab97d712586d8542aad2eae87b49e23ba82fd7c12269c86e4ed85e9860588c
            • Instruction ID: ebce7b5b016f1395a6995fa63424ca49df4e5cfbbfd057928bd8e61254534da1
            • Opcode Fuzzy Hash: f6ab97d712586d8542aad2eae87b49e23ba82fd7c12269c86e4ed85e9860588c
            • Instruction Fuzzy Hash: 1C90023528140403E950B1585805647104687D1301F95E421A042455CD875489A1E121
            Function 02E03D10 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 95885eb9d427b83c2c6ff7cbc930455c104e32dc3b7858584fcb3cdd33601c92
            • Instruction ID: f434087aa2cd9aa45f39fc41b1f39d05dbe7ce9fa2ee72f9a4dc825f1fddf80a
            • Opcode Fuzzy Hash: 95885eb9d427b83c2c6ff7cbc930455c104e32dc3b7858584fcb3cdd33601c92
            • Instruction Fuzzy Hash: A690023128240143A980B2585805A4F510587E2302BD5E425A0015558CCA1489619221
            Function 02E02C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction ID: 8648fe5b8f98b2e9389fd05ecec3ba297e20639bd016af45c03c4303d0415a1b
            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction Fuzzy Hash:
            Function 02E02890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: fefc80f80625b4db6764f39cb273aab24330e27a2b4d334905eaea2b253f3dcd
            • Instruction ID: 93262f45c8519bff3f35f0ed234148194457d5c939b2e8cbbebde51dbba3a5fc
            • Opcode Fuzzy Hash: fefc80f80625b4db6764f39cb273aab24330e27a2b4d334905eaea2b253f3dcd
            • Instruction Fuzzy Hash: 1F5105B6A40116BFDB11DBA8C8D497EF7F8BB08204750D269F995D3680D334DE81CBA0
            Function 02E72410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: 1e5a32992669129d3ae260dcce9d4422c44bc0f4da1cf63c64fa8c8179af435a
            • Instruction ID: 5b8e37a4aff44ac8a64336cba2aac3981c70478fd9f7cc289d9654b995302169
            • Opcode Fuzzy Hash: 1e5a32992669129d3ae260dcce9d4422c44bc0f4da1cf63c64fa8c8179af435a
            • Instruction Fuzzy Hash: 32510475A80645AEDB30DE9CC8A09BFB7F9EF44204B00D469FA96C3641E774EE40CB60
            Function 02DF7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
            Download Yara Rule
            Strings
            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02E346FC
            • CLIENT(ntdll): Processing section info %ws..., xrefs: 02E34787
            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02E34725
            • Execute=1, xrefs: 02E34713
            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02E34742
            • ExecuteOptions, xrefs: 02E346A0
            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02E34655
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
            • API String ID: 0-484625025
            • Opcode ID: 8c609c8606231fdb808440f5c62cfa76812b0ff012c1b0a156c24708f1aec849
            • Instruction ID: 57581c0b984455e3b1c2f6e9ee8a00ef023c4800f995a9ff3a8da53703dba1a0
            • Opcode Fuzzy Hash: 8c609c8606231fdb808440f5c62cfa76812b0ff012c1b0a156c24708f1aec849
            • Instruction Fuzzy Hash: EE5128316402597AFF51ABA4EC99FEAB3B9EF08305F0500A9E605A72C0DB70DE45CF54
            Function 004011D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 100windowregistryCOMMON
            Download Yara Rule
            APIs
            • LoadIconW.USER32(?,0000006B), ref: 00401274
            • LoadCursorW.USER32(00000000,00007F00), ref: 00401280
            • LoadIconW.USER32(?,0000006C), ref: 004012D1
            • RegisterClassExW.USER32(?), ref: 004012F1
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Load$Icon$ClassCursorRegister
            • String ID: 0$VUUU$m$sHM
            • API String ID: 4202395251-3342424473
            • Opcode ID: 202918c9eeb5c8fe49f39048bcb2cf246308ac740278aae72b882ff4b33a2721
            • Instruction ID: ca4d6e09da1b902e87295ee27de22d0438ed49902f25e9eb39b411780a72299e
            • Opcode Fuzzy Hash: 202918c9eeb5c8fe49f39048bcb2cf246308ac740278aae72b882ff4b33a2721
            • Instruction Fuzzy Hash: 5431A2B1E002099BDB04CF99D89479EBBB5EB98344F54817EE505FB3D0E77899058B88
            Function 0044961D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • __getptd.LIBCMT ref: 00449629
              • Part of subcall function 004479E3: __getptd_noexit.LIBCMT ref: 004479E6
              • Part of subcall function 004479E3: __amsg_exit.LIBCMT ref: 004479F3
            • __amsg_exit.LIBCMT ref: 00449649
            • __lock.LIBCMT ref: 00449659
            • InterlockedDecrement.KERNEL32(?), ref: 00449676
            • _free.LIBCMT ref: 00449689
            • InterlockedIncrement.KERNEL32(0044E570), ref: 004496A1
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
            • String ID: pD
            • API String ID: 3470314060-1597287149
            • Opcode ID: b5242df698dcd8bc78609dbd76c77690b5d726534a2e519f20be2f19c423c60c
            • Instruction ID: a8550959e1ce490bcd2475ad29875b9c1c66726fe2ec56502c2b0f8db4dfc514
            • Opcode Fuzzy Hash: b5242df698dcd8bc78609dbd76c77690b5d726534a2e519f20be2f19c423c60c
            • Instruction Fuzzy Hash: 7801AD75902A21ABFB20AB66944675F77A0BF01724F16001FE40467390CB3CAC81EFDD
            Function 00401000 Relevance: 12.2, APIs: 8, Instructions: 167COMMON
            Download Yara Rule
            APIs
            • LoadStringW.USER32(?,00000067,0044F960,00000064), ref: 00401072
            • LoadStringW.USER32(?,0000006D,0044F898,00000064), ref: 0040109F
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: LoadString
            • String ID:
            • API String ID: 2948472770-0
            • Opcode ID: 3c593f117cc8da7faad77f758466e05fa951605f921ab0f5c625403959fa0779
            • Instruction ID: 5f35485787a8ff3f54e8c803505276b5c761e22afa461fbc20778d11b7e619cc
            • Opcode Fuzzy Hash: 3c593f117cc8da7faad77f758466e05fa951605f921ab0f5c625403959fa0779
            • Instruction Fuzzy Hash: F151C871B002099BD718CB69DC95BAE73B9EB4C344F10813AF645FB3E1DA78D9418B98
            Function 02E96940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction ID: 5e50f40674415fcc5bcead54ae803e6bd6821dcf288ada2d1326e881cd9a330b
            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction Fuzzy Hash: 2A022671548341AFCB09DF18C490A6FBBEAEFC8704F04D92EB9995B264DB31E945CB42
            Function 02E0B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-$0$0
            • API String ID: 1302938615-699404926
            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction ID: aadc5c257fbc5c76c8b95c0ae02b8c1e271d7937346da4001d5545d9fa219bec
            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction Fuzzy Hash: 5E81A270E852498ADF288EA8C4D07EE7BA6BF4531CF18E65DD851A72D0C73098C2CB64
            Function 02E720E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$[$]:%u
            • API String ID: 48624451-2819853543
            • Opcode ID: 17aaa595c216caeb664ce7c7fd16dd26ef6df4c5f16a64ba164608bf94f423bd
            • Instruction ID: eb74838a8d3b6f3f1a74053c0de8766f1ac0f8a9fac05261f03487a8ec8bbbdd
            • Opcode Fuzzy Hash: 17aaa595c216caeb664ce7c7fd16dd26ef6df4c5f16a64ba164608bf94f423bd
            • Instruction Fuzzy Hash: 00218E76A40159ABDB10DE79D840AEEBBF9EF44748F449126EE45E3240EB309A018BA0
            Function 00449EEC Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • _malloc.LIBCMT ref: 00449EFA
              • Part of subcall function 00449DD6: __FF_MSGBANNER.LIBCMT ref: 00449DEF
              • Part of subcall function 00449DD6: __NMSG_WRITE.LIBCMT ref: 00449DF6
              • Part of subcall function 00449DD6: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,00448C91,?,00000001,?,?,004480B1,00000018,0044C900,0000000C,00448141), ref: 00449E1B
            • _free.LIBCMT ref: 00449F0D
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: AllocHeap_free_malloc
            • String ID:
            • API String ID: 2734353464-0
            • Opcode ID: 3ea2dd47ea209d101fcf6e61e7c5fd77bb685394ae1030b30874a2797fd652a3
            • Instruction ID: f8ed583710060432ab3b4f98353ccb66e3e867ee3ee9d3bc156e67b9503bbcca
            • Opcode Fuzzy Hash: 3ea2dd47ea209d101fcf6e61e7c5fd77bb685394ae1030b30874a2797fd652a3
            • Instruction Fuzzy Hash: 91112332404615BAEB213B75AC06A6F36A9DB453A1B20042FF958CA250DF3CCC45ABED
            Function 00449381 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • __getptd.LIBCMT ref: 0044938D
              • Part of subcall function 004479E3: __getptd_noexit.LIBCMT ref: 004479E6
              • Part of subcall function 004479E3: __amsg_exit.LIBCMT ref: 004479F3
            • __getptd.LIBCMT ref: 004493A4
            • __amsg_exit.LIBCMT ref: 004493B2
            • __lock.LIBCMT ref: 004493C2
            • __updatetlocinfoEx_nolock.LIBCMT ref: 004493D6
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
            • String ID:
            • API String ID: 938513278-0
            • Opcode ID: 337961a703a547e9e2eed0c1a62e1d7e3f3561656747c3a15fa4ead821fca098
            • Instruction ID: d712c0729728efba049b02b360eef3cb6162a32a26dc7e34bbdef78f9f47da02
            • Opcode Fuzzy Hash: 337961a703a547e9e2eed0c1a62e1d7e3f3561656747c3a15fa4ead821fca098
            • Instruction Fuzzy Hash: 66F09632948B10AAFB20BF76940774F7390AF05719F11410FF804672D2CB6C4D41EA5E
            Function 02DEF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
            Download Yara Rule
            Strings
            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02E302E7
            • RTL: Re-Waiting, xrefs: 02E3031E
            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02E302BD
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
            • API String ID: 0-2474120054
            • Opcode ID: 8e9e3db8b4d3de7b429b51f864e438d8ea9d340aad2c22bae6e3529dff58297f
            • Instruction ID: 60021fdf712505326a2cd40446fb179ac980979b0fe17fa11d9be2d72b99dd92
            • Opcode Fuzzy Hash: 8e9e3db8b4d3de7b429b51f864e438d8ea9d340aad2c22bae6e3529dff58297f
            • Instruction Fuzzy Hash: 7EE1FE706487419FDB26EF28C884B2AB7E1BF84318F144A2DF4A68B7D1D774D844CB52
            Function 02DFBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
            Download Yara Rule
            Strings
            • RTL: Re-Waiting, xrefs: 02E37BAC
            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02E37B7F
            • RTL: Resource at %p, xrefs: 02E37B8E
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 0-871070163
            • Opcode ID: 2e37ee92ebf6f67e0a7bb77c6fcda0b0ccce890f3631d1e11be11297b3a818a5
            • Instruction ID: 73fea1972fb8d05d6b420ff3c16f3521e9487c1121c58d95a9d3cc2eb055d504
            • Opcode Fuzzy Hash: 2e37ee92ebf6f67e0a7bb77c6fcda0b0ccce890f3631d1e11be11297b3a818a5
            • Instruction Fuzzy Hash: D941E1317447029FD721CE25C850B6AB7E6EF88719F014A1EFA9A9B780DB31E805CF95
            Function 02DFB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E3728C
            Strings
            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02E37294
            • RTL: Re-Waiting, xrefs: 02E372C1
            • RTL: Resource at %p, xrefs: 02E372A3
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 885266447-605551621
            • Opcode ID: a6576d3bbee645fb6546a50c8bed8fedd32eaf4d9fa5274ff6836458a365000d
            • Instruction ID: 631898d2385c024ba973e27ef7a8e0324550a5a4dff648f56c31b2d9b78feece
            • Opcode Fuzzy Hash: a6576d3bbee645fb6546a50c8bed8fedd32eaf4d9fa5274ff6836458a365000d
            • Instruction Fuzzy Hash: CD410FB1780202ABD721CE25CC41F66B7A5FF88719F109619FE99AB340DB21E846CBD4
            Function 00401310 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMON
            Download Yara Rule
            APIs
            • CreateWindowExW.USER32(00000001,0044F898,0044F960,00CF0000,80000000,00000001,80000000,00000001,00000001,00000001,00000066,00000001), ref: 0040138E
            • ShowWindow.USER32(00000000,?), ref: 0040141A
            • UpdateWindow.USER32(00000000), ref: 00401421
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Window$CreateShowUpdate
            • String ID: f
            • API String ID: 2944774295-1993550816
            • Opcode ID: 088fa2f01e81952925ac10b6bb96e09ccb2460c433077398809c758167d97183
            • Instruction ID: 555c6f15fa4356f0538b278a80aca9f20311b3c888a0b84d60470cb2e792f657
            • Opcode Fuzzy Hash: 088fa2f01e81952925ac10b6bb96e09ccb2460c433077398809c758167d97183
            • Instruction Fuzzy Hash: AB212831B0020997E7288A5DDC45BAB7AA6D7D5701F14813AFD05EF7E0F6789D1083D8
            Function 00401434 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 93COMMON
            Download Yara Rule
            APIs
            • DefWindowProcW.USER32(?,?,?,?), ref: 0040152C
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: ProcWindow
            • String ID: gp$rm$|'
            • API String ID: 181713994-2630029340
            • Opcode ID: 4b15c5af6174be74e6618b8bd43ecce3d716cd24117a749870ef40dd34e0ff93
            • Instruction ID: 0ea00003b09dd5469a1bee3c2f46837c3ffca6f86c0d4820431bf6aae05950e0
            • Opcode Fuzzy Hash: 4b15c5af6174be74e6618b8bd43ecce3d716cd24117a749870ef40dd34e0ff93
            • Instruction Fuzzy Hash: AC31D1B16182058BD728CF2CD84569B77D5E789304F10873EF989DB3E1D679D9048B8A
            Function 02E72300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$]:%u
            • API String ID: 48624451-3050659472
            • Opcode ID: 88915021bdd239b0aea4dd96509e4970a9aa7b399f9d42f50080e2ef6b9d537f
            • Instruction ID: 61123009013dd96f57d7ba24c730d6337922e68339b083563721bb7bf8cf01b3
            • Opcode Fuzzy Hash: 88915021bdd239b0aea4dd96509e4970a9aa7b399f9d42f50080e2ef6b9d537f
            • Instruction Fuzzy Hash: 99319872A4021AAFDB20DF29DC40BEE77F9EF44714F849555ED49E3240EB30AA459FA0
            Function 02E07D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-
            • API String ID: 1302938615-2137968064
            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction ID: a066c503b539621cc556e1309aeededfe4aec14b09c98543016f13f4f523adfc
            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction Fuzzy Hash: 8D918670E802159ADB24DE69C8C0BBEF7A5EF45768F14E61AE855A72C0D730A9C3CB50
            Function 02DC9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $$@
            • API String ID: 0-1194432280
            • Opcode ID: 070abf8248f7fa6caf26cce6562d47b85e1ea4d76c6c887e6d8a05bf809e4f80
            • Instruction ID: 4986269fcbab6fa4e7fc60d773ebd0939302fcbc9f0d1f84527c974266461b4e
            • Opcode Fuzzy Hash: 070abf8248f7fa6caf26cce6562d47b85e1ea4d76c6c887e6d8a05bf809e4f80
            • Instruction Fuzzy Hash: 30812E72D402699BDB31DB54CC55BEEB7B8AB08714F1081DAAA1AB7240D7705E84CFA0
            Function 00401750 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1896957721.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID:
            • String ID: _O$|'
            • API String ID: 0-2798815937
            • Opcode ID: 3813f26a999af9f717b0e0b31dea97d05fdc979e6cd744f87c3c37987e42c54e
            • Instruction ID: 8b5d8336868ae433b9fef53103a39dcd2916eeb41eb2fac3325db5c87768f0c8
            • Opcode Fuzzy Hash: 3813f26a999af9f717b0e0b31dea97d05fdc979e6cd744f87c3c37987e42c54e
            • Instruction Fuzzy Hash: 1841A1B1F0010A4BDB18DA5DC8556BE77A2EB94304F54853FE505EF3E1E678AE418788
            Function 02E4CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
            Download Yara Rule
            APIs
            • @_EH4_CallFilterFunc@8.LIBCMT ref: 02E4CFBD
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.1897436920.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_10_2_2d90000_SecuriteInfo.jbxd
            Similarity
            • API ID: CallFilterFunc@8
            • String ID: @$@4rw@4rw
            • API String ID: 4062629308-2979693914
            • Opcode ID: d83d104aa7b3295521b7c033e473774547ac1834750e938d386b63121ccf428a
            • Instruction ID: 73c7c8925f27b3564908a88ef7290e89288e322171c187ad3c4bae168c4f8be1
            • Opcode Fuzzy Hash: d83d104aa7b3295521b7c033e473774547ac1834750e938d386b63121ccf428a
            • Instruction Fuzzy Hash: 8841BF71980214DFDB22DFA5D840AAEBBFAFF44B04F10956AE905DB360DB349841CF65