Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
Analysis ID:1501379
MD5:fdc2585397f6e5daa7368d90bd4c1818
SHA1:87bcde6fe5aff75e27ba27d63e5ba6ae9c5a31da
SHA256:c5a4b944207f26a6625931bffe1cd9565bb20202ad1f49612342edf8df7995c4
Tags:exe
Infos:

Detection

FormBook
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f957:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17c56:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe PID: 5632JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2f957:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x17c56:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ed57:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17056:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeReversingLabs: Detection: 26%
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: xseT.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: Binary string: xseT.pdbSHA256BnK source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeString found in binary or memory: http://tempuri.org/DataSet1.xsdSAll
          Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0042CCA7 NtClose,3_2_0042CCA7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_02E92DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E94340 NtSetContextThread,3_2_02E94340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E94650 NtSuspendThread,3_2_02E94650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92AF0 NtWriteFile,3_2_02E92AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92AD0 NtReadFile,3_2_02E92AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92AB0 NtWaitForSingleObject,3_2_02E92AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92BE0 NtQueryValueKey,3_2_02E92BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92BF0 NtAllocateVirtualMemory,3_2_02E92BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92BA0 NtEnumerateValueKey,3_2_02E92BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92B80 NtQueryInformationFile,3_2_02E92B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92B60 NtClose,3_2_02E92B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92EE0 NtQueueApcThread,3_2_02E92EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92EA0 NtAdjustPrivilegesToken,3_2_02E92EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92E80 NtReadVirtualMemory,3_2_02E92E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92E30 NtWriteVirtualMemory,3_2_02E92E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92FE0 NtCreateFile,3_2_02E92FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92FA0 NtQuerySection,3_2_02E92FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92FB0 NtResumeThread,3_2_02E92FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92F90 NtProtectVirtualMemory,3_2_02E92F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92F60 NtCreateProcessEx,3_2_02E92F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92F30 NtCreateSection,3_2_02E92F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92CF0 NtOpenProcess,3_2_02E92CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92CC0 NtQueryVirtualMemory,3_2_02E92CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92CA0 NtQueryInformationToken,3_2_02E92CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92C60 NtCreateKey,3_2_02E92C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92C70 NtFreeVirtualMemory,3_2_02E92C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92C00 NtQueryInformationProcess,3_2_02E92C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92DD0 NtDelayExecution,3_2_02E92DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92DB0 NtEnumerateKey,3_2_02E92DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92D30 NtUnmapViewOfSection,3_2_02E92D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92D00 NtSetInformationFile,3_2_02E92D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92D10 NtMapViewOfSection,3_2_02E92D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E93090 NtSetValueKey,3_2_02E93090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E93010 NtOpenDirectoryObject,3_2_02E93010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E935C0 NtCreateMutant,3_2_02E935C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E939B0 NtGetContextThread,3_2_02E939B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E93D70 NtOpenThread,3_2_02E93D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E93D10 NtOpenProcessToken,3_2_02E93D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_030BDE4C0_2_030BDE4C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_056C05080_2_056C0508
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_056C05180_2_056C0518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_074010D00_2_074010D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_074066F80_2_074066F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_074045480_2_07404548
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_07405D480_2_07405D48
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_074045380_2_07404538
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_07403CD80_2_07403CD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_07405AD80_2_07405AD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_074041010_2_07404101
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_074041100_2_07404110
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_074010C00_2_074010C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0040E8FE3_2_0040E8FE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004108873_2_00410887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0040E9073_2_0040E907
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004031243_2_00403124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004039E43_2_004039E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0042F2473_2_0042F247
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00401A943_2_00401A94
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004014403_2_00401440
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00404CA33_2_00404CA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0041065E3_2_0041065E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004106673_2_00410667
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00402E143_2_00402E14
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00416FC73_2_00416FC7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE02C03_2_02EE02C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F002743_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F203E63_2_02F203E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6E3F03_2_02E6E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1A3523_2_02F1A352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF20003_2_02EF2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F181CC3_2_02F181CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F141A23_2_02F141A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F201AA3_2_02F201AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE81583_2_02EE8158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E501003_2_02E50100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFA1183_2_02EFA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7C6E03_2_02E7C6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5C7C03_2_02E5C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E607703_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E847503_2_02E84750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F0E4F63_2_02F0E4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F124463_2_02F12446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F044203_2_02F04420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F205913_2_02F20591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E605353_2_02E60535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5EA803_2_02E5EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F16BD73_2_02F16BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1AB403_2_02F1AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E8F03_2_02E8E8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E468B83_2_02E468B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E628403_2_02E62840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6A8403_2_02E6A840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A03_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F2A9A63_2_02F2A9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E769623_2_02E76962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1EEDB3_2_02F1EEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1CE933_2_02F1CE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E72E903_2_02E72E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60E593_2_02E60E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1EE263_2_02F1EE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6CFE03_2_02E6CFE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E52FC83_2_02E52FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDEFA03_2_02EDEFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED4F403_2_02ED4F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F02F303_2_02F02F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EA2F283_2_02EA2F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E80F303_2_02E80F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E50CF23_2_02E50CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00CB53_2_02F00CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60C003_2_02E60C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5ADE03_2_02E5ADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E78DBF3_2_02E78DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6AD003_2_02E6AD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFCD1F3_2_02EFCD1F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F012ED3_2_02F012ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7B2C03_2_02E7B2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E652A03_2_02E652A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EA739A3_2_02EA739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4D34C3_2_02E4D34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1132D3_2_02F1132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1F0E03_2_02F1F0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F170E93_2_02F170E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E670C03_2_02E670C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F0F0CC3_2_02F0F0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6B1B03_2_02E6B1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E9516C3_2_02E9516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4F1723_2_02E4F172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F2B16B3_2_02F2B16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F116CC3_2_02F116CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EA56303_2_02EA5630
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1F7B03_2_02F1F7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E514603_2_02E51460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1F43F3_2_02F1F43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F295C33_2_02F295C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFD5B03_2_02EFD5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F175713_2_02F17571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F0DAC63_2_02F0DAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFDAAC3_2_02EFDAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EA5AA03_2_02EA5AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F01AA33_2_02F01AA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED3A6C3_2_02ED3A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F17A463_2_02F17A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1FA493_2_02F1FA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E9DBF93_2_02E9DBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED5BF03_2_02ED5BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7FB803_2_02E7FB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1FB763_2_02F1FB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E638E03_2_02E638E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECD8003_2_02ECD800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E699503_2_02E69950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7B9503_2_02E7B950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF59103_2_02EF5910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E69EB03_2_02E69EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E23FD23_2_02E23FD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E23FD53_2_02E23FD5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1FFB13_2_02F1FFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E61F923_2_02E61F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1FF093_2_02F1FF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1FCF23_2_02F1FCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED9C323_2_02ED9C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7FDC03_2_02E7FDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F17D733_2_02F17D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E63D403_2_02E63D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F11D5A3_2_02F11D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: String function: 02E4B970 appears 280 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: String function: 02E95130 appears 59 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: String function: 02ECEA12 appears 86 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: String function: 02EDF290 appears 105 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: String function: 02EA7E54 appears 111 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 240
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000000.00000002.2012410149.00000000012EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000000.00000000.1988558146.0000000000E42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamexseT.exeF vs SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000000.00000002.2015617071.0000000004119000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000000.00000002.2013517187.0000000003111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000000.00000002.2017709295.0000000005C60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000000.00000002.2018143718.0000000007340000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000003.00000002.2328972056.0000000002F4D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeBinary or memory string: OriginalFilenamexseT.exeF vs SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, qW3oPmKbfFSdIeQrE5.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, qW3oPmKbfFSdIeQrE5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, qW3oPmKbfFSdIeQrE5.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, MC2JBYLIIZges5Th4X.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, MC2JBYLIIZges5Th4X.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, qW3oPmKbfFSdIeQrE5.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, qW3oPmKbfFSdIeQrE5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, qW3oPmKbfFSdIeQrE5.csSecurity API names: _0020.AddAccessRule
          Source: classification engineClassification label: mal88.troj.evad.winEXE@4/6@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.logJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeMutant created: NULL
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6544
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\370ff846-fc9b-4542-a0f9-312c7b783b07Jump to behavior
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeReversingLabs: Detection: 26%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: xseT.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: Binary string: xseT.pdbSHA256BnK source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe, 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, qW3oPmKbfFSdIeQrE5.cs.Net Code: VSck9ui1av System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.5c60000.4.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.3146f30.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, qW3oPmKbfFSdIeQrE5.cs.Net Code: VSck9ui1av System.Reflection.Assembly.Load(byte[])
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic PE information: 0xA853240E [Sat Jun 28 10:16:46 2059 UTC]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004488DB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_004488DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_030BD4E0 pushfd ; ret 0_2_030BD4E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_0740A7A5 push 00000000h; retf 0_2_0740A7BC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 0_2_0740AA55 push FFFFFF8Bh; iretd 0_2_0740AA57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00402040 push FFFFFFC2h; iretd 3_2_0040205C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00409028 push edx; iretd 3_2_0040903D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0040D909 push 00000049h; retf 3_2_0040D914
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004129C7 push edi; iretd 3_2_004129D7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0040299A push cs; iretd 3_2_0040299D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004029B3 push 0000000Eh; iretd 3_2_004029B7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004129BE push edi; iretd 3_2_004129D7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0042EAD7 push esi; ret 3_2_0042EAFF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00402AF5 push edi; iretd 3_2_00402B0B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00419327 push 68868784h; retf 3_2_00419350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00402BC9 push ecx; iretd 3_2_00402BCC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00403C54 push eax; ret 3_2_00403C56
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00403400 push cs; iretd 3_2_00403401
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0040B43A push 0000005Fh; iretd 3_2_0040B44C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00447D15 push ecx; ret 3_2_00447D28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00416E06 push ebp; ret 3_2_00416E07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0040DE92 push 3C5FAE21h; ret 3_2_0040DEB2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00411E9F push edx; iretd 3_2_00411EA9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00401F48 push FFFFFFC1h; iretd 3_2_00401F5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00401F48 push esp; iretd 3_2_00401F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00401F8A push esp; iretd 3_2_00401F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E2225F pushad ; ret 3_2_02E227F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E227FA pushad ; ret 3_2_02E227F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E2283D push eax; iretd 3_2_02E22858
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E509AD push ecx; mov dword ptr [esp], ecx3_2_02E509B6
          Source: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeStatic PE information: section name: .text entropy: 7.931610915250254
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, YtRy2WELdLpIVJsvFh.csHigh entropy of concatenated method names: 'A5sWqgmNfK', 'UV1WgCtpgg', 'yI0W9n2GY9', 'DQfWZcNU3J', 'RFTWh4lEIT', 'bpZW3XB9XA', 'wArWNSeMdv', 'E6hWJ8Gvs3', 'SRO8auGii4LJMYeDIIT', 'BaR7JDGFOCBnWKBE9oJ'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, XUPw0X9LpPWF2W1b5i.csHigh entropy of concatenated method names: 'Yt6OZu6Dtw', 'G6iOhZlqsR', 'cFqOPiKsEY', 'UmPONG7Zux', 'vbiOdDTrt7', 'BeWODErL4F', 'tRhOH92ISy', 'STTOfIUyRN', 'KBaOscwf0u', 'As4OGUxvJe'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, jXe44KcwnkjDykoFFLo.csHigh entropy of concatenated method names: 'G1DGgE1fb3', 'X9JGvsJa5w', 'NSXG9CmyCD', 'Vbj5v9m03WIHkNU00o2', 'tW2unhmtIYvT3WrZph5', 'JH26AumdhquCXEq8iat', 'xe4OxjmzK50lHb3OfJE'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, r7jukJciXBqyGCnNTun.csHigh entropy of concatenated method names: 'W7Wsg7h7hy', 'KvqsvFXT1R', 'JNZs9HxIAD', 'KBCsZTO2nD', 'BS9s1vdWJn', 'jsTshSGvWK', 'URQs3cFu77', 'AFisPvdIkI', 'hlRsNaBi5P', 'olksJSx9ZY'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, Btociwfbe1wbtMmVZT.csHigh entropy of concatenated method names: 'A7xHENmgu2', 'lYwHbC0kJQ', 'ToString', 'C1UHTdFAw1', 'S0DHMWqxAX', 'YRZHOOtyqk', 'ye9Hu1xS7V', 'cUBHWBCGA1', 'fgcHmExgSf', 'lpfHpQbx81'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, qd8To9h6m8hXD4lasj.csHigh entropy of concatenated method names: 'Dispose', 'L6xKU779GU', 'iF55BEvgap', 'grKxxxaeAY', 'PtTKjNwJoH', 'hDhKzhBCUi', 'ProcessDialogKey', 'U775LHenDa', 'skw5K7DC93', 'ABs55awseX'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, TKsIknyRW79IkZdlgi.csHigh entropy of concatenated method names: 'iOeWa3VWBG', 'AWEWMhGp6E', 'GZlWu7mVkR', 'YQ9Wmcu03x', 'GcRWpxYiUu', 'wsrunGptjW', 'KuEuYDir7O', 'TuluVy0jMJ', 'VJwu8ptZLa', 'xnnuUlEggu'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, QK6kJfMYLv0FgtQIDB.csHigh entropy of concatenated method names: 'hqoH8PUYrj', 'pdfHjrC0HB', 'n75fLKn4lw', 'XTBfKjZnBU', 'SrKHeLQkE2', 'L5xHrPt88d', 'E4YHl7f1O8', 'p2GHXlnn5U', 'dnOHol1swc', 'PwYHCG37AA'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, JG7WZLeiTwcJY5p2IY.csHigh entropy of concatenated method names: 'l16fSa4Vej', 'CwKfBekjtg', 'y1Df6liIre', 'Muwf4YtKUO', 'MUpfX3rDuQ', 'PClfIf27n7', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, n6R3wSc2FwDYmXxEkuj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'my8GXm6tZv', 'UUJGoVSv58', 'wb8GCDGGr1', 'HoWG24JTih', 'qS1GnQc9Ar', 'D0BGYN0Vf8', 'RmPGVgxkEX'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, w1I8kICS0AERahopd7.csHigh entropy of concatenated method names: 'LLCfTkSTvC', 'fXRfMnGQxI', 'ON2fOKoitb', 'crIfuH6mqu', 'nFVfW4vADh', 'QQqfmWyqZK', 'dFwfpo0cfy', 'P98fAUmBaP', 'eu1fEe6Fkf', 'lrffb9p73A'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, MC2JBYLIIZges5Th4X.csHigh entropy of concatenated method names: 'x9BMX52JUf', 'eTUMotJWci', 'h1bMCegEPj', 'QdsM2Jvr9J', 'XLqMnMsSyD', 'HoWMYU4MZO', 'fGeMV71FOS', 'gcFM8mH3Ok', 'kbkMUPwMh5', 'hgwMj3YNvc'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, ib348tzEC454HdMBJC.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VAbsR6MVqI', 'JRksd5sktY', 'L6FsDDs367', 'n2jsHMcE1Q', 'a4TsfPnCve', 'fj4ssxnijN', 'NJisGGXe2x'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, qW3oPmKbfFSdIeQrE5.csHigh entropy of concatenated method names: 'GVawafUMc7', 'WCRwTNDXWY', 'OU6wMB8ygl', 'cqAwO8Nkij', 'JhewuisY8v', 'DfiwWZckr4', 'PpIwmLBW5t', 'YVQwpv1NCT', 'sfewA0T2jk', 'z0WwE7u1Qe'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, EPYWKmqssZjO7OKMQu.csHigh entropy of concatenated method names: 'TvRmgFjXP6', 'BgkmvZ6wbg', 'bcsm94isaL', 'ytimZCW7kr', 't7vm1QcR4K', 'H4fmhJAX6X', 'U4Zm3qYlud', 'fkpmP8sZiW', 'XXkmNy1AIa', 'n9ZmJtTCIL'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, aSHBZwT1hqJmWy6URV.csHigh entropy of concatenated method names: 'EBgu1K4qud', 'UKLu3GRBlv', 'tKZO6toKyW', 'bTPO4L1QyW', 'oBIOId02HC', 'jFcOtH0XC8', 'j16OiG6yZM', 'Wt7Oc27lBu', 'cLlOFNrOVp', 'E7SOyWvULh'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, UxgBotAGPTylo3v1Hh.csHigh entropy of concatenated method names: 'nn6dyGpLOa', 'rn6driYAU7', 'cQbdXDLTm9', 'kNWdoM0bKt', 'fyRdB2jTyv', 'cYtd6BNXpo', 'ybwd4KvpuC', 'bwWdIU26K6', 'K0rdt4ahfp', 'e1Idi665Am'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, g6mP31wk0aYeyOCkvQ.csHigh entropy of concatenated method names: 'Bxa9J08R0', 'rJMZ0xjDe', 'aCeh2WUrW', 'yir3WWMAq', 'Wx5NES9Ft', 'CgAJDSQT7', 'kSOHNjLo1bCXYCMyWR', 'Css2TjMofMvyb7MBHJ', 'Katfy5qJ3', 'YcGG8hZxI'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, iImVntPmxV3vdocuYL.csHigh entropy of concatenated method names: 'CG7KmEKYRj', 'fxCKpn89MK', 'mKkKEaEZ09', 'SR3Kb4g0Pu', 'Hm1KdJaUFw', 'jchKDGtror', 'Cda3fD5LTYPMLj74Xn', 'fPLLdmKYQSwr6pJ7ae', 'IUOKKwMSBI', 'JmOKw2HJbM'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, hSEnC658EMEqM5ffAF.csHigh entropy of concatenated method names: 'tOXsK90pTV', 'hN7swXEvf2', 'yQjsknRBhk', 'l1ZsTLAVhM', 'OQQsMqAgyy', 'qltsul1arL', 'WuVsWRI51b', 'g24fVnxTIs', 'GC5f8FsbhV', 'kEffUiVCI2'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.7340000.5.raw.unpack, JZBLdZ3taFKA3Yj6mn.csHigh entropy of concatenated method names: 'xZnRP3xiLo', 'd3MRN366MC', 'tsTRSYIPUQ', 'PlXRBNg3Ye', 'rTeR4tJhWH', 'oe7RIp5tpK', 'dtrRiFfrTa', 'GccRccRsP5', 'kXRRy230fr', 'veSRewWdlD'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, YtRy2WELdLpIVJsvFh.csHigh entropy of concatenated method names: 'A5sWqgmNfK', 'UV1WgCtpgg', 'yI0W9n2GY9', 'DQfWZcNU3J', 'RFTWh4lEIT', 'bpZW3XB9XA', 'wArWNSeMdv', 'E6hWJ8Gvs3', 'SRO8auGii4LJMYeDIIT', 'BaR7JDGFOCBnWKBE9oJ'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, XUPw0X9LpPWF2W1b5i.csHigh entropy of concatenated method names: 'Yt6OZu6Dtw', 'G6iOhZlqsR', 'cFqOPiKsEY', 'UmPONG7Zux', 'vbiOdDTrt7', 'BeWODErL4F', 'tRhOH92ISy', 'STTOfIUyRN', 'KBaOscwf0u', 'As4OGUxvJe'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, jXe44KcwnkjDykoFFLo.csHigh entropy of concatenated method names: 'G1DGgE1fb3', 'X9JGvsJa5w', 'NSXG9CmyCD', 'Vbj5v9m03WIHkNU00o2', 'tW2unhmtIYvT3WrZph5', 'JH26AumdhquCXEq8iat', 'xe4OxjmzK50lHb3OfJE'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, r7jukJciXBqyGCnNTun.csHigh entropy of concatenated method names: 'W7Wsg7h7hy', 'KvqsvFXT1R', 'JNZs9HxIAD', 'KBCsZTO2nD', 'BS9s1vdWJn', 'jsTshSGvWK', 'URQs3cFu77', 'AFisPvdIkI', 'hlRsNaBi5P', 'olksJSx9ZY'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, Btociwfbe1wbtMmVZT.csHigh entropy of concatenated method names: 'A7xHENmgu2', 'lYwHbC0kJQ', 'ToString', 'C1UHTdFAw1', 'S0DHMWqxAX', 'YRZHOOtyqk', 'ye9Hu1xS7V', 'cUBHWBCGA1', 'fgcHmExgSf', 'lpfHpQbx81'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, qd8To9h6m8hXD4lasj.csHigh entropy of concatenated method names: 'Dispose', 'L6xKU779GU', 'iF55BEvgap', 'grKxxxaeAY', 'PtTKjNwJoH', 'hDhKzhBCUi', 'ProcessDialogKey', 'U775LHenDa', 'skw5K7DC93', 'ABs55awseX'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, TKsIknyRW79IkZdlgi.csHigh entropy of concatenated method names: 'iOeWa3VWBG', 'AWEWMhGp6E', 'GZlWu7mVkR', 'YQ9Wmcu03x', 'GcRWpxYiUu', 'wsrunGptjW', 'KuEuYDir7O', 'TuluVy0jMJ', 'VJwu8ptZLa', 'xnnuUlEggu'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, QK6kJfMYLv0FgtQIDB.csHigh entropy of concatenated method names: 'hqoH8PUYrj', 'pdfHjrC0HB', 'n75fLKn4lw', 'XTBfKjZnBU', 'SrKHeLQkE2', 'L5xHrPt88d', 'E4YHl7f1O8', 'p2GHXlnn5U', 'dnOHol1swc', 'PwYHCG37AA'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, JG7WZLeiTwcJY5p2IY.csHigh entropy of concatenated method names: 'l16fSa4Vej', 'CwKfBekjtg', 'y1Df6liIre', 'Muwf4YtKUO', 'MUpfX3rDuQ', 'PClfIf27n7', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, n6R3wSc2FwDYmXxEkuj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'my8GXm6tZv', 'UUJGoVSv58', 'wb8GCDGGr1', 'HoWG24JTih', 'qS1GnQc9Ar', 'D0BGYN0Vf8', 'RmPGVgxkEX'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, w1I8kICS0AERahopd7.csHigh entropy of concatenated method names: 'LLCfTkSTvC', 'fXRfMnGQxI', 'ON2fOKoitb', 'crIfuH6mqu', 'nFVfW4vADh', 'QQqfmWyqZK', 'dFwfpo0cfy', 'P98fAUmBaP', 'eu1fEe6Fkf', 'lrffb9p73A'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, MC2JBYLIIZges5Th4X.csHigh entropy of concatenated method names: 'x9BMX52JUf', 'eTUMotJWci', 'h1bMCegEPj', 'QdsM2Jvr9J', 'XLqMnMsSyD', 'HoWMYU4MZO', 'fGeMV71FOS', 'gcFM8mH3Ok', 'kbkMUPwMh5', 'hgwMj3YNvc'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, ib348tzEC454HdMBJC.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VAbsR6MVqI', 'JRksd5sktY', 'L6FsDDs367', 'n2jsHMcE1Q', 'a4TsfPnCve', 'fj4ssxnijN', 'NJisGGXe2x'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, qW3oPmKbfFSdIeQrE5.csHigh entropy of concatenated method names: 'GVawafUMc7', 'WCRwTNDXWY', 'OU6wMB8ygl', 'cqAwO8Nkij', 'JhewuisY8v', 'DfiwWZckr4', 'PpIwmLBW5t', 'YVQwpv1NCT', 'sfewA0T2jk', 'z0WwE7u1Qe'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, EPYWKmqssZjO7OKMQu.csHigh entropy of concatenated method names: 'TvRmgFjXP6', 'BgkmvZ6wbg', 'bcsm94isaL', 'ytimZCW7kr', 't7vm1QcR4K', 'H4fmhJAX6X', 'U4Zm3qYlud', 'fkpmP8sZiW', 'XXkmNy1AIa', 'n9ZmJtTCIL'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, aSHBZwT1hqJmWy6URV.csHigh entropy of concatenated method names: 'EBgu1K4qud', 'UKLu3GRBlv', 'tKZO6toKyW', 'bTPO4L1QyW', 'oBIOId02HC', 'jFcOtH0XC8', 'j16OiG6yZM', 'Wt7Oc27lBu', 'cLlOFNrOVp', 'E7SOyWvULh'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, UxgBotAGPTylo3v1Hh.csHigh entropy of concatenated method names: 'nn6dyGpLOa', 'rn6driYAU7', 'cQbdXDLTm9', 'kNWdoM0bKt', 'fyRdB2jTyv', 'cYtd6BNXpo', 'ybwd4KvpuC', 'bwWdIU26K6', 'K0rdt4ahfp', 'e1Idi665Am'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, g6mP31wk0aYeyOCkvQ.csHigh entropy of concatenated method names: 'Bxa9J08R0', 'rJMZ0xjDe', 'aCeh2WUrW', 'yir3WWMAq', 'Wx5NES9Ft', 'CgAJDSQT7', 'kSOHNjLo1bCXYCMyWR', 'Css2TjMofMvyb7MBHJ', 'Katfy5qJ3', 'YcGG8hZxI'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, iImVntPmxV3vdocuYL.csHigh entropy of concatenated method names: 'CG7KmEKYRj', 'fxCKpn89MK', 'mKkKEaEZ09', 'SR3Kb4g0Pu', 'Hm1KdJaUFw', 'jchKDGtror', 'Cda3fD5LTYPMLj74Xn', 'fPLLdmKYQSwr6pJ7ae', 'IUOKKwMSBI', 'JmOKw2HJbM'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, hSEnC658EMEqM5ffAF.csHigh entropy of concatenated method names: 'tOXsK90pTV', 'hN7swXEvf2', 'yQjsknRBhk', 'l1ZsTLAVhM', 'OQQsMqAgyy', 'qltsul1arL', 'WuVsWRI51b', 'g24fVnxTIs', 'GC5f8FsbhV', 'kEffUiVCI2'
          Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.4374a80.2.raw.unpack, JZBLdZ3taFKA3Yj6mn.csHigh entropy of concatenated method names: 'xZnRP3xiLo', 'd3MRN366MC', 'tsTRSYIPUQ', 'PlXRBNg3Ye', 'rTeR4tJhWH', 'oe7RIp5tpK', 'dtrRiFfrTa', 'GccRccRsP5', 'kXRRy230fr', 'veSRewWdlD'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe PID: 5632, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeMemory allocated: 3060000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeMemory allocated: 3110000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeMemory allocated: 5110000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeMemory allocated: 7FB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeMemory allocated: 7550000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeMemory allocated: 8FB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeMemory allocated: 9FB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E9096E rdtsc 3_2_02E9096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeAPI coverage: 0.3 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe TID: 4956Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Amcache.hve.7.drBinary or memory string: VMware
          Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.7.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.7.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.7.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.7.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.7.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.7.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.7.drBinary or memory string: vmci.sys
          Source: Amcache.hve.7.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
          Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.7.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.7.drBinary or memory string: VMware20,1
          Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.7.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.7.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.7.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.7.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E9096E rdtsc 3_2_02E9096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92C0A LdrInitializeThunk,3_2_02E92C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004468DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_004468DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004488DB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_004488DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E602E1 mov eax, dword ptr fs:[00000030h]3_2_02E602E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E602E1 mov eax, dword ptr fs:[00000030h]3_2_02E602E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E602E1 mov eax, dword ptr fs:[00000030h]3_2_02E602E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F262D6 mov eax, dword ptr fs:[00000030h]3_2_02F262D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A2C3 mov eax, dword ptr fs:[00000030h]3_2_02E5A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A2C3 mov eax, dword ptr fs:[00000030h]3_2_02E5A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A2C3 mov eax, dword ptr fs:[00000030h]3_2_02E5A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A2C3 mov eax, dword ptr fs:[00000030h]3_2_02E5A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A2C3 mov eax, dword ptr fs:[00000030h]3_2_02E5A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E602A0 mov eax, dword ptr fs:[00000030h]3_2_02E602A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E602A0 mov eax, dword ptr fs:[00000030h]3_2_02E602A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE62A0 mov eax, dword ptr fs:[00000030h]3_2_02EE62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE62A0 mov ecx, dword ptr fs:[00000030h]3_2_02EE62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE62A0 mov eax, dword ptr fs:[00000030h]3_2_02EE62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE62A0 mov eax, dword ptr fs:[00000030h]3_2_02EE62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE62A0 mov eax, dword ptr fs:[00000030h]3_2_02EE62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE62A0 mov eax, dword ptr fs:[00000030h]3_2_02EE62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E284 mov eax, dword ptr fs:[00000030h]3_2_02E8E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E284 mov eax, dword ptr fs:[00000030h]3_2_02E8E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED0283 mov eax, dword ptr fs:[00000030h]3_2_02ED0283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED0283 mov eax, dword ptr fs:[00000030h]3_2_02ED0283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED0283 mov eax, dword ptr fs:[00000030h]3_2_02ED0283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F00274 mov eax, dword ptr fs:[00000030h]3_2_02F00274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E54260 mov eax, dword ptr fs:[00000030h]3_2_02E54260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E54260 mov eax, dword ptr fs:[00000030h]3_2_02E54260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E54260 mov eax, dword ptr fs:[00000030h]3_2_02E54260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4826B mov eax, dword ptr fs:[00000030h]3_2_02E4826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F0A250 mov eax, dword ptr fs:[00000030h]3_2_02F0A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F0A250 mov eax, dword ptr fs:[00000030h]3_2_02F0A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED8243 mov eax, dword ptr fs:[00000030h]3_2_02ED8243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED8243 mov ecx, dword ptr fs:[00000030h]3_2_02ED8243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F2625D mov eax, dword ptr fs:[00000030h]3_2_02F2625D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4A250 mov eax, dword ptr fs:[00000030h]3_2_02E4A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E56259 mov eax, dword ptr fs:[00000030h]3_2_02E56259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4823B mov eax, dword ptr fs:[00000030h]3_2_02E4823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E603E9 mov eax, dword ptr fs:[00000030h]3_2_02E603E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E603E9 mov eax, dword ptr fs:[00000030h]3_2_02E603E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E603E9 mov eax, dword ptr fs:[00000030h]3_2_02E603E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E603E9 mov eax, dword ptr fs:[00000030h]3_2_02E603E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E603E9 mov eax, dword ptr fs:[00000030h]3_2_02E603E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E603E9 mov eax, dword ptr fs:[00000030h]3_2_02E603E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E603E9 mov eax, dword ptr fs:[00000030h]3_2_02E603E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E603E9 mov eax, dword ptr fs:[00000030h]3_2_02E603E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6E3F0 mov eax, dword ptr fs:[00000030h]3_2_02E6E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6E3F0 mov eax, dword ptr fs:[00000030h]3_2_02E6E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6E3F0 mov eax, dword ptr fs:[00000030h]3_2_02E6E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E863FF mov eax, dword ptr fs:[00000030h]3_2_02E863FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A3C0 mov eax, dword ptr fs:[00000030h]3_2_02E5A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A3C0 mov eax, dword ptr fs:[00000030h]3_2_02E5A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A3C0 mov eax, dword ptr fs:[00000030h]3_2_02E5A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A3C0 mov eax, dword ptr fs:[00000030h]3_2_02E5A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A3C0 mov eax, dword ptr fs:[00000030h]3_2_02E5A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A3C0 mov eax, dword ptr fs:[00000030h]3_2_02E5A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E583C0 mov eax, dword ptr fs:[00000030h]3_2_02E583C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E583C0 mov eax, dword ptr fs:[00000030h]3_2_02E583C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E583C0 mov eax, dword ptr fs:[00000030h]3_2_02E583C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E583C0 mov eax, dword ptr fs:[00000030h]3_2_02E583C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED63C0 mov eax, dword ptr fs:[00000030h]3_2_02ED63C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE3DB mov eax, dword ptr fs:[00000030h]3_2_02EFE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE3DB mov eax, dword ptr fs:[00000030h]3_2_02EFE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE3DB mov ecx, dword ptr fs:[00000030h]3_2_02EFE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE3DB mov eax, dword ptr fs:[00000030h]3_2_02EFE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF43D4 mov eax, dword ptr fs:[00000030h]3_2_02EF43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF43D4 mov eax, dword ptr fs:[00000030h]3_2_02EF43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F0C3CD mov eax, dword ptr fs:[00000030h]3_2_02F0C3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7438F mov eax, dword ptr fs:[00000030h]3_2_02E7438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7438F mov eax, dword ptr fs:[00000030h]3_2_02E7438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4E388 mov eax, dword ptr fs:[00000030h]3_2_02E4E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4E388 mov eax, dword ptr fs:[00000030h]3_2_02E4E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4E388 mov eax, dword ptr fs:[00000030h]3_2_02E4E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E48397 mov eax, dword ptr fs:[00000030h]3_2_02E48397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E48397 mov eax, dword ptr fs:[00000030h]3_2_02E48397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E48397 mov eax, dword ptr fs:[00000030h]3_2_02E48397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF437C mov eax, dword ptr fs:[00000030h]3_2_02EF437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1A352 mov eax, dword ptr fs:[00000030h]3_2_02F1A352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED2349 mov eax, dword ptr fs:[00000030h]3_2_02ED2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED035C mov eax, dword ptr fs:[00000030h]3_2_02ED035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED035C mov eax, dword ptr fs:[00000030h]3_2_02ED035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED035C mov eax, dword ptr fs:[00000030h]3_2_02ED035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED035C mov ecx, dword ptr fs:[00000030h]3_2_02ED035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED035C mov eax, dword ptr fs:[00000030h]3_2_02ED035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED035C mov eax, dword ptr fs:[00000030h]3_2_02ED035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F2634F mov eax, dword ptr fs:[00000030h]3_2_02F2634F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF8350 mov ecx, dword ptr fs:[00000030h]3_2_02EF8350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F28324 mov eax, dword ptr fs:[00000030h]3_2_02F28324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F28324 mov ecx, dword ptr fs:[00000030h]3_2_02F28324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F28324 mov eax, dword ptr fs:[00000030h]3_2_02F28324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F28324 mov eax, dword ptr fs:[00000030h]3_2_02F28324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A30B mov eax, dword ptr fs:[00000030h]3_2_02E8A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A30B mov eax, dword ptr fs:[00000030h]3_2_02E8A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A30B mov eax, dword ptr fs:[00000030h]3_2_02E8A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4C310 mov ecx, dword ptr fs:[00000030h]3_2_02E4C310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E70310 mov ecx, dword ptr fs:[00000030h]3_2_02E70310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4A0E3 mov ecx, dword ptr fs:[00000030h]3_2_02E4A0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E580E9 mov eax, dword ptr fs:[00000030h]3_2_02E580E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED60E0 mov eax, dword ptr fs:[00000030h]3_2_02ED60E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4C0F0 mov eax, dword ptr fs:[00000030h]3_2_02E4C0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E920F0 mov ecx, dword ptr fs:[00000030h]3_2_02E920F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED20DE mov eax, dword ptr fs:[00000030h]3_2_02ED20DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E480A0 mov eax, dword ptr fs:[00000030h]3_2_02E480A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE80A8 mov eax, dword ptr fs:[00000030h]3_2_02EE80A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F160B8 mov eax, dword ptr fs:[00000030h]3_2_02F160B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F160B8 mov ecx, dword ptr fs:[00000030h]3_2_02F160B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5208A mov eax, dword ptr fs:[00000030h]3_2_02E5208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7C073 mov eax, dword ptr fs:[00000030h]3_2_02E7C073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E52050 mov eax, dword ptr fs:[00000030h]3_2_02E52050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED6050 mov eax, dword ptr fs:[00000030h]3_2_02ED6050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4A020 mov eax, dword ptr fs:[00000030h]3_2_02E4A020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4C020 mov eax, dword ptr fs:[00000030h]3_2_02E4C020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE6030 mov eax, dword ptr fs:[00000030h]3_2_02EE6030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED4000 mov ecx, dword ptr fs:[00000030h]3_2_02ED4000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF2000 mov eax, dword ptr fs:[00000030h]3_2_02EF2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF2000 mov eax, dword ptr fs:[00000030h]3_2_02EF2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF2000 mov eax, dword ptr fs:[00000030h]3_2_02EF2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF2000 mov eax, dword ptr fs:[00000030h]3_2_02EF2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF2000 mov eax, dword ptr fs:[00000030h]3_2_02EF2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF2000 mov eax, dword ptr fs:[00000030h]3_2_02EF2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF2000 mov eax, dword ptr fs:[00000030h]3_2_02EF2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF2000 mov eax, dword ptr fs:[00000030h]3_2_02EF2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6E016 mov eax, dword ptr fs:[00000030h]3_2_02E6E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6E016 mov eax, dword ptr fs:[00000030h]3_2_02E6E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6E016 mov eax, dword ptr fs:[00000030h]3_2_02E6E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6E016 mov eax, dword ptr fs:[00000030h]3_2_02E6E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E801F8 mov eax, dword ptr fs:[00000030h]3_2_02E801F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F261E5 mov eax, dword ptr fs:[00000030h]3_2_02F261E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F161C3 mov eax, dword ptr fs:[00000030h]3_2_02F161C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F161C3 mov eax, dword ptr fs:[00000030h]3_2_02F161C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECE1D0 mov eax, dword ptr fs:[00000030h]3_2_02ECE1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECE1D0 mov eax, dword ptr fs:[00000030h]3_2_02ECE1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECE1D0 mov ecx, dword ptr fs:[00000030h]3_2_02ECE1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECE1D0 mov eax, dword ptr fs:[00000030h]3_2_02ECE1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECE1D0 mov eax, dword ptr fs:[00000030h]3_2_02ECE1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E90185 mov eax, dword ptr fs:[00000030h]3_2_02E90185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF4180 mov eax, dword ptr fs:[00000030h]3_2_02EF4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF4180 mov eax, dword ptr fs:[00000030h]3_2_02EF4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED019F mov eax, dword ptr fs:[00000030h]3_2_02ED019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED019F mov eax, dword ptr fs:[00000030h]3_2_02ED019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED019F mov eax, dword ptr fs:[00000030h]3_2_02ED019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED019F mov eax, dword ptr fs:[00000030h]3_2_02ED019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4A197 mov eax, dword ptr fs:[00000030h]3_2_02E4A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4A197 mov eax, dword ptr fs:[00000030h]3_2_02E4A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4A197 mov eax, dword ptr fs:[00000030h]3_2_02E4A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F0C188 mov eax, dword ptr fs:[00000030h]3_2_02F0C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F0C188 mov eax, dword ptr fs:[00000030h]3_2_02F0C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24164 mov eax, dword ptr fs:[00000030h]3_2_02F24164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24164 mov eax, dword ptr fs:[00000030h]3_2_02F24164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE4144 mov eax, dword ptr fs:[00000030h]3_2_02EE4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE4144 mov eax, dword ptr fs:[00000030h]3_2_02EE4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE4144 mov ecx, dword ptr fs:[00000030h]3_2_02EE4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE4144 mov eax, dword ptr fs:[00000030h]3_2_02EE4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE4144 mov eax, dword ptr fs:[00000030h]3_2_02EE4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E56154 mov eax, dword ptr fs:[00000030h]3_2_02E56154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E56154 mov eax, dword ptr fs:[00000030h]3_2_02E56154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4C156 mov eax, dword ptr fs:[00000030h]3_2_02E4C156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE8158 mov eax, dword ptr fs:[00000030h]3_2_02EE8158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E80124 mov eax, dword ptr fs:[00000030h]3_2_02E80124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE10E mov eax, dword ptr fs:[00000030h]3_2_02EFE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE10E mov ecx, dword ptr fs:[00000030h]3_2_02EFE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE10E mov eax, dword ptr fs:[00000030h]3_2_02EFE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE10E mov eax, dword ptr fs:[00000030h]3_2_02EFE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE10E mov ecx, dword ptr fs:[00000030h]3_2_02EFE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE10E mov eax, dword ptr fs:[00000030h]3_2_02EFE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE10E mov eax, dword ptr fs:[00000030h]3_2_02EFE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE10E mov ecx, dword ptr fs:[00000030h]3_2_02EFE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE10E mov eax, dword ptr fs:[00000030h]3_2_02EFE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFE10E mov ecx, dword ptr fs:[00000030h]3_2_02EFE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F10115 mov eax, dword ptr fs:[00000030h]3_2_02F10115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFA118 mov ecx, dword ptr fs:[00000030h]3_2_02EFA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFA118 mov eax, dword ptr fs:[00000030h]3_2_02EFA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFA118 mov eax, dword ptr fs:[00000030h]3_2_02EFA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFA118 mov eax, dword ptr fs:[00000030h]3_2_02EFA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED06F1 mov eax, dword ptr fs:[00000030h]3_2_02ED06F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED06F1 mov eax, dword ptr fs:[00000030h]3_2_02ED06F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECE6F2 mov eax, dword ptr fs:[00000030h]3_2_02ECE6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECE6F2 mov eax, dword ptr fs:[00000030h]3_2_02ECE6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECE6F2 mov eax, dword ptr fs:[00000030h]3_2_02ECE6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECE6F2 mov eax, dword ptr fs:[00000030h]3_2_02ECE6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A6C7 mov ebx, dword ptr fs:[00000030h]3_2_02E8A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A6C7 mov eax, dword ptr fs:[00000030h]3_2_02E8A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8C6A6 mov eax, dword ptr fs:[00000030h]3_2_02E8C6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E866B0 mov eax, dword ptr fs:[00000030h]3_2_02E866B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E54690 mov eax, dword ptr fs:[00000030h]3_2_02E54690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E54690 mov eax, dword ptr fs:[00000030h]3_2_02E54690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A660 mov eax, dword ptr fs:[00000030h]3_2_02E8A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A660 mov eax, dword ptr fs:[00000030h]3_2_02E8A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E82674 mov eax, dword ptr fs:[00000030h]3_2_02E82674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1866E mov eax, dword ptr fs:[00000030h]3_2_02F1866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1866E mov eax, dword ptr fs:[00000030h]3_2_02F1866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6C640 mov eax, dword ptr fs:[00000030h]3_2_02E6C640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6E627 mov eax, dword ptr fs:[00000030h]3_2_02E6E627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E86620 mov eax, dword ptr fs:[00000030h]3_2_02E86620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E88620 mov eax, dword ptr fs:[00000030h]3_2_02E88620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5262C mov eax, dword ptr fs:[00000030h]3_2_02E5262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECE609 mov eax, dword ptr fs:[00000030h]3_2_02ECE609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6260B mov eax, dword ptr fs:[00000030h]3_2_02E6260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6260B mov eax, dword ptr fs:[00000030h]3_2_02E6260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6260B mov eax, dword ptr fs:[00000030h]3_2_02E6260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6260B mov eax, dword ptr fs:[00000030h]3_2_02E6260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6260B mov eax, dword ptr fs:[00000030h]3_2_02E6260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6260B mov eax, dword ptr fs:[00000030h]3_2_02E6260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E6260B mov eax, dword ptr fs:[00000030h]3_2_02E6260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92619 mov eax, dword ptr fs:[00000030h]3_2_02E92619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E727ED mov eax, dword ptr fs:[00000030h]3_2_02E727ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E727ED mov eax, dword ptr fs:[00000030h]3_2_02E727ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E727ED mov eax, dword ptr fs:[00000030h]3_2_02E727ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDE7E1 mov eax, dword ptr fs:[00000030h]3_2_02EDE7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E547FB mov eax, dword ptr fs:[00000030h]3_2_02E547FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E547FB mov eax, dword ptr fs:[00000030h]3_2_02E547FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5C7C0 mov eax, dword ptr fs:[00000030h]3_2_02E5C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED07C3 mov eax, dword ptr fs:[00000030h]3_2_02ED07C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E507AF mov eax, dword ptr fs:[00000030h]3_2_02E507AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F047A0 mov eax, dword ptr fs:[00000030h]3_2_02F047A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF678E mov eax, dword ptr fs:[00000030h]3_2_02EF678E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E58770 mov eax, dword ptr fs:[00000030h]3_2_02E58770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60770 mov eax, dword ptr fs:[00000030h]3_2_02E60770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8674D mov esi, dword ptr fs:[00000030h]3_2_02E8674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8674D mov eax, dword ptr fs:[00000030h]3_2_02E8674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8674D mov eax, dword ptr fs:[00000030h]3_2_02E8674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDE75D mov eax, dword ptr fs:[00000030h]3_2_02EDE75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E50750 mov eax, dword ptr fs:[00000030h]3_2_02E50750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED4755 mov eax, dword ptr fs:[00000030h]3_2_02ED4755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92750 mov eax, dword ptr fs:[00000030h]3_2_02E92750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E92750 mov eax, dword ptr fs:[00000030h]3_2_02E92750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8C720 mov eax, dword ptr fs:[00000030h]3_2_02E8C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8C720 mov eax, dword ptr fs:[00000030h]3_2_02E8C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8273C mov eax, dword ptr fs:[00000030h]3_2_02E8273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8273C mov ecx, dword ptr fs:[00000030h]3_2_02E8273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8273C mov eax, dword ptr fs:[00000030h]3_2_02E8273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECC730 mov eax, dword ptr fs:[00000030h]3_2_02ECC730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8C700 mov eax, dword ptr fs:[00000030h]3_2_02E8C700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E50710 mov eax, dword ptr fs:[00000030h]3_2_02E50710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E80710 mov eax, dword ptr fs:[00000030h]3_2_02E80710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E504E5 mov ecx, dword ptr fs:[00000030h]3_2_02E504E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E564AB mov eax, dword ptr fs:[00000030h]3_2_02E564AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E844B0 mov ecx, dword ptr fs:[00000030h]3_2_02E844B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDA4B0 mov eax, dword ptr fs:[00000030h]3_2_02EDA4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F0A49A mov eax, dword ptr fs:[00000030h]3_2_02F0A49A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDC460 mov ecx, dword ptr fs:[00000030h]3_2_02EDC460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7A470 mov eax, dword ptr fs:[00000030h]3_2_02E7A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7A470 mov eax, dword ptr fs:[00000030h]3_2_02E7A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7A470 mov eax, dword ptr fs:[00000030h]3_2_02E7A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F0A456 mov eax, dword ptr fs:[00000030h]3_2_02F0A456
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E443 mov eax, dword ptr fs:[00000030h]3_2_02E8E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E443 mov eax, dword ptr fs:[00000030h]3_2_02E8E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E443 mov eax, dword ptr fs:[00000030h]3_2_02E8E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E443 mov eax, dword ptr fs:[00000030h]3_2_02E8E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E443 mov eax, dword ptr fs:[00000030h]3_2_02E8E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E443 mov eax, dword ptr fs:[00000030h]3_2_02E8E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E443 mov eax, dword ptr fs:[00000030h]3_2_02E8E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E443 mov eax, dword ptr fs:[00000030h]3_2_02E8E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4645D mov eax, dword ptr fs:[00000030h]3_2_02E4645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7245A mov eax, dword ptr fs:[00000030h]3_2_02E7245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4C427 mov eax, dword ptr fs:[00000030h]3_2_02E4C427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4E420 mov eax, dword ptr fs:[00000030h]3_2_02E4E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4E420 mov eax, dword ptr fs:[00000030h]3_2_02E4E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4E420 mov eax, dword ptr fs:[00000030h]3_2_02E4E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED6420 mov eax, dword ptr fs:[00000030h]3_2_02ED6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED6420 mov eax, dword ptr fs:[00000030h]3_2_02ED6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED6420 mov eax, dword ptr fs:[00000030h]3_2_02ED6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED6420 mov eax, dword ptr fs:[00000030h]3_2_02ED6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED6420 mov eax, dword ptr fs:[00000030h]3_2_02ED6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED6420 mov eax, dword ptr fs:[00000030h]3_2_02ED6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED6420 mov eax, dword ptr fs:[00000030h]3_2_02ED6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A430 mov eax, dword ptr fs:[00000030h]3_2_02E8A430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E88402 mov eax, dword ptr fs:[00000030h]3_2_02E88402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E88402 mov eax, dword ptr fs:[00000030h]3_2_02E88402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E88402 mov eax, dword ptr fs:[00000030h]3_2_02E88402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E5E7 mov eax, dword ptr fs:[00000030h]3_2_02E7E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E5E7 mov eax, dword ptr fs:[00000030h]3_2_02E7E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E5E7 mov eax, dword ptr fs:[00000030h]3_2_02E7E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E5E7 mov eax, dword ptr fs:[00000030h]3_2_02E7E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E5E7 mov eax, dword ptr fs:[00000030h]3_2_02E7E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E5E7 mov eax, dword ptr fs:[00000030h]3_2_02E7E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E5E7 mov eax, dword ptr fs:[00000030h]3_2_02E7E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E5E7 mov eax, dword ptr fs:[00000030h]3_2_02E7E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E525E0 mov eax, dword ptr fs:[00000030h]3_2_02E525E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8C5ED mov eax, dword ptr fs:[00000030h]3_2_02E8C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8C5ED mov eax, dword ptr fs:[00000030h]3_2_02E8C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E5CF mov eax, dword ptr fs:[00000030h]3_2_02E8E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E5CF mov eax, dword ptr fs:[00000030h]3_2_02E8E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E565D0 mov eax, dword ptr fs:[00000030h]3_2_02E565D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A5D0 mov eax, dword ptr fs:[00000030h]3_2_02E8A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A5D0 mov eax, dword ptr fs:[00000030h]3_2_02E8A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED05A7 mov eax, dword ptr fs:[00000030h]3_2_02ED05A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED05A7 mov eax, dword ptr fs:[00000030h]3_2_02ED05A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED05A7 mov eax, dword ptr fs:[00000030h]3_2_02ED05A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E745B1 mov eax, dword ptr fs:[00000030h]3_2_02E745B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E745B1 mov eax, dword ptr fs:[00000030h]3_2_02E745B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E84588 mov eax, dword ptr fs:[00000030h]3_2_02E84588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E52582 mov eax, dword ptr fs:[00000030h]3_2_02E52582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E52582 mov ecx, dword ptr fs:[00000030h]3_2_02E52582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8E59C mov eax, dword ptr fs:[00000030h]3_2_02E8E59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8656A mov eax, dword ptr fs:[00000030h]3_2_02E8656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8656A mov eax, dword ptr fs:[00000030h]3_2_02E8656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8656A mov eax, dword ptr fs:[00000030h]3_2_02E8656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E58550 mov eax, dword ptr fs:[00000030h]3_2_02E58550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E58550 mov eax, dword ptr fs:[00000030h]3_2_02E58550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60535 mov eax, dword ptr fs:[00000030h]3_2_02E60535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60535 mov eax, dword ptr fs:[00000030h]3_2_02E60535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60535 mov eax, dword ptr fs:[00000030h]3_2_02E60535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60535 mov eax, dword ptr fs:[00000030h]3_2_02E60535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60535 mov eax, dword ptr fs:[00000030h]3_2_02E60535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60535 mov eax, dword ptr fs:[00000030h]3_2_02E60535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E53E mov eax, dword ptr fs:[00000030h]3_2_02E7E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E53E mov eax, dword ptr fs:[00000030h]3_2_02E7E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E53E mov eax, dword ptr fs:[00000030h]3_2_02E7E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E53E mov eax, dword ptr fs:[00000030h]3_2_02E7E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E53E mov eax, dword ptr fs:[00000030h]3_2_02E7E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE6500 mov eax, dword ptr fs:[00000030h]3_2_02EE6500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24500 mov eax, dword ptr fs:[00000030h]3_2_02F24500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24500 mov eax, dword ptr fs:[00000030h]3_2_02F24500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24500 mov eax, dword ptr fs:[00000030h]3_2_02F24500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24500 mov eax, dword ptr fs:[00000030h]3_2_02F24500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24500 mov eax, dword ptr fs:[00000030h]3_2_02F24500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24500 mov eax, dword ptr fs:[00000030h]3_2_02F24500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24500 mov eax, dword ptr fs:[00000030h]3_2_02F24500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8AAEE mov eax, dword ptr fs:[00000030h]3_2_02E8AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8AAEE mov eax, dword ptr fs:[00000030h]3_2_02E8AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EA6ACC mov eax, dword ptr fs:[00000030h]3_2_02EA6ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EA6ACC mov eax, dword ptr fs:[00000030h]3_2_02EA6ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EA6ACC mov eax, dword ptr fs:[00000030h]3_2_02EA6ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E50AD0 mov eax, dword ptr fs:[00000030h]3_2_02E50AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E84AD0 mov eax, dword ptr fs:[00000030h]3_2_02E84AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E84AD0 mov eax, dword ptr fs:[00000030h]3_2_02E84AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E58AA0 mov eax, dword ptr fs:[00000030h]3_2_02E58AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E58AA0 mov eax, dword ptr fs:[00000030h]3_2_02E58AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EA6AA4 mov eax, dword ptr fs:[00000030h]3_2_02EA6AA4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5EA80 mov eax, dword ptr fs:[00000030h]3_2_02E5EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5EA80 mov eax, dword ptr fs:[00000030h]3_2_02E5EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5EA80 mov eax, dword ptr fs:[00000030h]3_2_02E5EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5EA80 mov eax, dword ptr fs:[00000030h]3_2_02E5EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5EA80 mov eax, dword ptr fs:[00000030h]3_2_02E5EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5EA80 mov eax, dword ptr fs:[00000030h]3_2_02E5EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5EA80 mov eax, dword ptr fs:[00000030h]3_2_02E5EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5EA80 mov eax, dword ptr fs:[00000030h]3_2_02E5EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5EA80 mov eax, dword ptr fs:[00000030h]3_2_02E5EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24A80 mov eax, dword ptr fs:[00000030h]3_2_02F24A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E88A90 mov edx, dword ptr fs:[00000030h]3_2_02E88A90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8CA6F mov eax, dword ptr fs:[00000030h]3_2_02E8CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8CA6F mov eax, dword ptr fs:[00000030h]3_2_02E8CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8CA6F mov eax, dword ptr fs:[00000030h]3_2_02E8CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFEA60 mov eax, dword ptr fs:[00000030h]3_2_02EFEA60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECCA72 mov eax, dword ptr fs:[00000030h]3_2_02ECCA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECCA72 mov eax, dword ptr fs:[00000030h]3_2_02ECCA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E56A50 mov eax, dword ptr fs:[00000030h]3_2_02E56A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E56A50 mov eax, dword ptr fs:[00000030h]3_2_02E56A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E56A50 mov eax, dword ptr fs:[00000030h]3_2_02E56A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E56A50 mov eax, dword ptr fs:[00000030h]3_2_02E56A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E56A50 mov eax, dword ptr fs:[00000030h]3_2_02E56A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E56A50 mov eax, dword ptr fs:[00000030h]3_2_02E56A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E56A50 mov eax, dword ptr fs:[00000030h]3_2_02E56A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60A5B mov eax, dword ptr fs:[00000030h]3_2_02E60A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60A5B mov eax, dword ptr fs:[00000030h]3_2_02E60A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7EA2E mov eax, dword ptr fs:[00000030h]3_2_02E7EA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8CA24 mov eax, dword ptr fs:[00000030h]3_2_02E8CA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8CA38 mov eax, dword ptr fs:[00000030h]3_2_02E8CA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E74A35 mov eax, dword ptr fs:[00000030h]3_2_02E74A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E74A35 mov eax, dword ptr fs:[00000030h]3_2_02E74A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDCA11 mov eax, dword ptr fs:[00000030h]3_2_02EDCA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E58BF0 mov eax, dword ptr fs:[00000030h]3_2_02E58BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E58BF0 mov eax, dword ptr fs:[00000030h]3_2_02E58BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E58BF0 mov eax, dword ptr fs:[00000030h]3_2_02E58BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7EBFC mov eax, dword ptr fs:[00000030h]3_2_02E7EBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDCBF0 mov eax, dword ptr fs:[00000030h]3_2_02EDCBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E50BCD mov eax, dword ptr fs:[00000030h]3_2_02E50BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E50BCD mov eax, dword ptr fs:[00000030h]3_2_02E50BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E50BCD mov eax, dword ptr fs:[00000030h]3_2_02E50BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E70BCB mov eax, dword ptr fs:[00000030h]3_2_02E70BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E70BCB mov eax, dword ptr fs:[00000030h]3_2_02E70BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E70BCB mov eax, dword ptr fs:[00000030h]3_2_02E70BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFEBD0 mov eax, dword ptr fs:[00000030h]3_2_02EFEBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F04BB0 mov eax, dword ptr fs:[00000030h]3_2_02F04BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F04BB0 mov eax, dword ptr fs:[00000030h]3_2_02F04BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60BBE mov eax, dword ptr fs:[00000030h]3_2_02E60BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E60BBE mov eax, dword ptr fs:[00000030h]3_2_02E60BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E4CB7E mov eax, dword ptr fs:[00000030h]3_2_02E4CB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F22B57 mov eax, dword ptr fs:[00000030h]3_2_02F22B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F22B57 mov eax, dword ptr fs:[00000030h]3_2_02F22B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F22B57 mov eax, dword ptr fs:[00000030h]3_2_02F22B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F22B57 mov eax, dword ptr fs:[00000030h]3_2_02F22B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF8B42 mov eax, dword ptr fs:[00000030h]3_2_02EF8B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE6B40 mov eax, dword ptr fs:[00000030h]3_2_02EE6B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE6B40 mov eax, dword ptr fs:[00000030h]3_2_02EE6B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1AB40 mov eax, dword ptr fs:[00000030h]3_2_02F1AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E48B50 mov eax, dword ptr fs:[00000030h]3_2_02E48B50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F04B4B mov eax, dword ptr fs:[00000030h]3_2_02F04B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F04B4B mov eax, dword ptr fs:[00000030h]3_2_02F04B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EFEB50 mov eax, dword ptr fs:[00000030h]3_2_02EFEB50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7EB20 mov eax, dword ptr fs:[00000030h]3_2_02E7EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7EB20 mov eax, dword ptr fs:[00000030h]3_2_02E7EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F18B28 mov eax, dword ptr fs:[00000030h]3_2_02F18B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F18B28 mov eax, dword ptr fs:[00000030h]3_2_02F18B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECEB1D mov eax, dword ptr fs:[00000030h]3_2_02ECEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECEB1D mov eax, dword ptr fs:[00000030h]3_2_02ECEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECEB1D mov eax, dword ptr fs:[00000030h]3_2_02ECEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECEB1D mov eax, dword ptr fs:[00000030h]3_2_02ECEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECEB1D mov eax, dword ptr fs:[00000030h]3_2_02ECEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECEB1D mov eax, dword ptr fs:[00000030h]3_2_02ECEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECEB1D mov eax, dword ptr fs:[00000030h]3_2_02ECEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECEB1D mov eax, dword ptr fs:[00000030h]3_2_02ECEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ECEB1D mov eax, dword ptr fs:[00000030h]3_2_02ECEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F24B00 mov eax, dword ptr fs:[00000030h]3_2_02F24B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8C8F9 mov eax, dword ptr fs:[00000030h]3_2_02E8C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8C8F9 mov eax, dword ptr fs:[00000030h]3_2_02E8C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1A8E4 mov eax, dword ptr fs:[00000030h]3_2_02F1A8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E7E8C0 mov eax, dword ptr fs:[00000030h]3_2_02E7E8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F208C0 mov eax, dword ptr fs:[00000030h]3_2_02F208C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E50887 mov eax, dword ptr fs:[00000030h]3_2_02E50887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDC89D mov eax, dword ptr fs:[00000030h]3_2_02EDC89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE6870 mov eax, dword ptr fs:[00000030h]3_2_02EE6870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE6870 mov eax, dword ptr fs:[00000030h]3_2_02EE6870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDE872 mov eax, dword ptr fs:[00000030h]3_2_02EDE872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDE872 mov eax, dword ptr fs:[00000030h]3_2_02EDE872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E62840 mov ecx, dword ptr fs:[00000030h]3_2_02E62840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E54859 mov eax, dword ptr fs:[00000030h]3_2_02E54859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E54859 mov eax, dword ptr fs:[00000030h]3_2_02E54859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E80854 mov eax, dword ptr fs:[00000030h]3_2_02E80854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E72835 mov eax, dword ptr fs:[00000030h]3_2_02E72835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E72835 mov eax, dword ptr fs:[00000030h]3_2_02E72835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E72835 mov eax, dword ptr fs:[00000030h]3_2_02E72835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E72835 mov ecx, dword ptr fs:[00000030h]3_2_02E72835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E72835 mov eax, dword ptr fs:[00000030h]3_2_02E72835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E72835 mov eax, dword ptr fs:[00000030h]3_2_02E72835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF483A mov eax, dword ptr fs:[00000030h]3_2_02EF483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EF483A mov eax, dword ptr fs:[00000030h]3_2_02EF483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E8A830 mov eax, dword ptr fs:[00000030h]3_2_02E8A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDC810 mov eax, dword ptr fs:[00000030h]3_2_02EDC810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDE9E0 mov eax, dword ptr fs:[00000030h]3_2_02EDE9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E829F9 mov eax, dword ptr fs:[00000030h]3_2_02E829F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E829F9 mov eax, dword ptr fs:[00000030h]3_2_02E829F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02F1A9D3 mov eax, dword ptr fs:[00000030h]3_2_02F1A9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EE69C0 mov eax, dword ptr fs:[00000030h]3_2_02EE69C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A9D0 mov eax, dword ptr fs:[00000030h]3_2_02E5A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A9D0 mov eax, dword ptr fs:[00000030h]3_2_02E5A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A9D0 mov eax, dword ptr fs:[00000030h]3_2_02E5A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A9D0 mov eax, dword ptr fs:[00000030h]3_2_02E5A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A9D0 mov eax, dword ptr fs:[00000030h]3_2_02E5A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E5A9D0 mov eax, dword ptr fs:[00000030h]3_2_02E5A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E849D0 mov eax, dword ptr fs:[00000030h]3_2_02E849D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E629A0 mov eax, dword ptr fs:[00000030h]3_2_02E629A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E509AD mov eax, dword ptr fs:[00000030h]3_2_02E509AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E509AD mov eax, dword ptr fs:[00000030h]3_2_02E509AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED89B3 mov esi, dword ptr fs:[00000030h]3_2_02ED89B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED89B3 mov eax, dword ptr fs:[00000030h]3_2_02ED89B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02ED89B3 mov eax, dword ptr fs:[00000030h]3_2_02ED89B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E76962 mov eax, dword ptr fs:[00000030h]3_2_02E76962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E76962 mov eax, dword ptr fs:[00000030h]3_2_02E76962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E76962 mov eax, dword ptr fs:[00000030h]3_2_02E76962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E9096E mov eax, dword ptr fs:[00000030h]3_2_02E9096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E9096E mov edx, dword ptr fs:[00000030h]3_2_02E9096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02E9096E mov eax, dword ptr fs:[00000030h]3_2_02E9096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_02EDC97C mov eax, dword ptr fs:[00000030h]3_2_02EDC97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_004468DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_004468DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_0044838B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0044838B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeCode function: 3_2_00447EBF GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_00447EBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.7.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.7.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API          		1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		OS Credential Dumping1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory41
          Security Software Discovery          		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager1
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS41
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets13
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
          Obfuscated Files or Information          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe26%ReversingLabs
          SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://upx.sf.net0%URL Reputationsafe
          http://tempuri.org/DataSet1.xsdSAll0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://upx.sf.netAmcache.hve.7.drfalse
          • URL Reputation: safe
          		unknown
          http://tempuri.org/DataSet1.xsdSAllSecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exefalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1501379
          Start date and time:2024-08-29 20:33:04 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 5m 38s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:10
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Detection:MAL
          Classification:mal88.troj.evad.winEXE@4/6@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 96%
          • Number of executed functions: 40
          • Number of non-executed functions: 282
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 20.189.173.21
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
          • VT rate limit hit for: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe

          Simulations

          Behavior and APIs

          TimeTypeDescription
          14:33:49API Interceptor1x Sleep call for process: SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe modified
          14:34:23API Interceptor1x Sleep call for process: WerFault.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_2eb6d214a432b8d55a6462a97f540e151133ce4_9d9eda31_62f5daf5-5cb9-4d59-90ac-c69c7a9e79a6\Report.wer

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.7222744011926295
          Encrypted:false
          SSDEEP:96:QzFl6EBBArKpssgOSmCO3fsQXIDcQvc6QcEVcw3cE/n+HbHgnoW6HeOyWZAX/d5T:q3dXCKpV0BU/gjzqzuiFsZ24IO8r1
          MD5:73EAA72EFD9B2228622C9B02C71B2E5D
          SHA1:264EAE53A4E49CC18620A84E82EDD81E74203735
          SHA-256:E341FB4699EF477B7D14AF244E1074EC8C883CFB47C9627A52A88224D6831FB6
          SHA-512:EC82BDE2305BDBE9CFA0640DFFC6F374C9EB38F3E51466414A4D752964F5A7377D7C9AC0F29085356B35D65F48A67D29637CDC4799B060F4811EB6B82D8B0B83
          Malicious:false
          Reputation:low
          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.4.3.0.0.4.6.6.3.3.9.5.2.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.9.4.3.0.0.4.6.9.6.2.0.8.4.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.f.5.d.a.f.5.-.5.c.b.9.-.4.d.5.9.-.9.0.a.c.-.c.6.9.c.7.a.9.e.7.9.a.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.6.d.d.4.e.9.9.-.a.2.a.f.-.4.6.6.1.-.b.1.b.b.-.d.3.d.3.9.f.b.9.4.a.8.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...C.r.y.p.t.e.r.X.-.g.e.n...1.3.3.8.0...2.9.8.3.0...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.x.s.e.T...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.9.0.-.0.0.0.1.-.0.0.1.4.-.4.a.3.2.-.6.1.f.e.4.1.f.a.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.b.d.8.b.f.f.c.c.4.f.b.e.6.8.a.d.1.4.6.6.6.2.6.a.1.c.1.e.c.0.b.0.0.0.0.0.0.0.0.!.0.0.0.0.8.7.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA548.tmp.dmp

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Mini DuMP crash report, 14 streams, Thu Aug 29 18:34:06 2024, 0x1205a4 type
          Category:dropped
          Size (bytes):38994
          Entropy (8bit):1.6908458213678672
          Encrypted:false
          SSDEEP:96:5K8KHrrDuo+6FmS9EYi7kix3XY9r1FV35yEShOBnLgdjI4wMwXWIkWIRTIeFHW/P:TGjVOSr7WEkYLgJmMw4FHGT8
          MD5:0386F1D7FACC2F38D2FF85F9BB6BD997
          SHA1:CE0971AC8DC1551774DFBB0E0CC67764AD186B7C
          SHA-256:7615D4A0BE81EBE42A5DABEE87E932A188C1E8C71B5CEC4C3122B9CCC0796F86
          SHA-512:42C8FB205C6606B8E6D4CE3A519AC59898E5279A5807A5FA05DFD98BCD6D8C515FDF1C83EFAA6AF1750A5C912C1DC936E8965CA95D05DA128B833714AA52945E
          Malicious:false
          Reputation:low
          Preview:MDMP..a..... ..........f....................................................T.......8...........T.......................................................................................................................eJ..............GenuineIntel............T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA598.tmp.WERInternalMetadata.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):6512
          Entropy (8bit):3.7226280362912676
          Encrypted:false
          SSDEEP:192:R6l7wVeJDi61P4xHYPeSpr+89b1fsfqnm:R6lXJm61P4xHYPeg1EfD
          MD5:E0AEC52FA70882A630E4893D0BE9D866
          SHA1:F744D9FE49E3BE1822AECB1A18D7500DB19AF388
          SHA-256:AAD70CCAAA52145F16CCD5EE9E54BC028478A2986CA02437F238AD348C15D10F
          SHA-512:E34FB22B97E28B51FFD5015E3E9AD2951247FAEDB8E1D3526F4E01F9DF957D359AC0DDBB7992CC5699A84B3F49C8D18C259C518419363C28C2EF89E28F06489E
          Malicious:false
          Reputation:low
          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.4.4.<./.P.i.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA5B8.tmp.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):4897
          Entropy (8bit):4.566913066867297
          Encrypted:false
          SSDEEP:96:uIjfvI7Mc7VMJymQgMz0Cigw0Kj7EW7vd:uIzYMc7a87KnHl
          MD5:A3EF1FE433D6CA2F7CCE841604CD7064
          SHA1:3D6DCC4C9B9EF43E9B5E2F53FBF183923C810FF4
          SHA-256:70CBE44C4A1CF7115291216395389B981F87030F41D9F7AD7AEBF2091ECEFB77
          SHA-512:4D7066B60628386800858FDCBD460636387485C1DEFCEF74C1D989F65ADD231D7FBAF08B94909D576B0CAF3AC42646A3FB7CA39CDED561ED2B3978F0ABE71F83
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="477216" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe.log

          Download File
          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1216
          Entropy (8bit):5.34331486778365
          Encrypted:false
          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
          MD5:1330C80CAAC9A0FB172F202485E9B1E8
          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
          Malicious:true
          Reputation:high, very likely benign file
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

          C:\Windows\appcompat\Programs\Amcache.hve

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):1835008
          Entropy (8bit):4.421920960775022
          Encrypted:false
          SSDEEP:6144:XSvfpi6ceLP/9skLmb0OTFWSPHaJG8nAgeMZMMhA2fX4WABlEnNY0uhiTw:CvloTFW+EZMM6DFyO03w
          MD5:0206F3360EE99BFD9A322D19590BC2C0
          SHA1:B1C1D1D4650694EB00F6C71CE80945A58B4DBE79
          SHA-256:AAC249F6D7E05E3DAB8514D35C7DC9CBDDF38CBA9EF10D4E54B03BDA696BAD61
          SHA-512:52EB0D02294388165CC3B0787E2879DEEC6D00F1B240EBDB6B75460C4409BB40ADF28AE1D77CBF8EB979DF56613817CCA3C97C7073C5B32FE23359BDBE6C48F7
          Malicious:false
          Reputation:low
          Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmj...B................................................................................................................................................................................................................................................................................................................................................4.3........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):7.925708427461349
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          • Win32 Executable (generic) a (10002005/4) 49.75%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Windows Screen Saver (13104/52) 0.07%
          • Generic Win/DOS Executable (2004/3) 0.01%
          File name:SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          File size:782'848 bytes
          MD5:fdc2585397f6e5daa7368d90bd4c1818
          SHA1:87bcde6fe5aff75e27ba27d63e5ba6ae9c5a31da
          SHA256:c5a4b944207f26a6625931bffe1cd9565bb20202ad1f49612342edf8df7995c4
          SHA512:2114e1c4f9bc226b27f37018f66c678cdc3fe2d5df15f10b4c25da33c3285a94f446b12bb5d0b85c4a428482821a549e361a35db3373736e5ce69092e81633e0
          SSDEEP:12288:7vVVkSQKQuYE0jR30BFQ7Bw8O8ZkZqNYqCRy3PZ5YRSNFH8aLfFH/4lf:3k7RBEMECQ8ZoWtZ8I8a7kf
          TLSH:38F422487679DB12CA6C07B0409BC7A52377AD025412E246BEC97F4FBE73B1893647C6
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$S...............0.............z.... ... ....@.. .......................`............@................................

          File Icon

          Icon Hash:00928e8e8686b000

          Static PE Info

          General

          Entrypoint:0x4c077a
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0xA853240E [Sat Jun 28 10:16:46 2059 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Entrypoint Preview

          Instruction
          jmp dword ptr [00402000h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xc07280x4f.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc20000x5c4.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc40000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0xbf1d00x70.text
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000xbe7800xbe8005ce94100c0e9d8b280ddae603cdddb0cFalse0.9612168840223098data7.931610915250254IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rsrc0xc20000x5c40x600a97982635b6dea13243281012c0475eaFalse0.4270833333333333data4.137567293134044IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0xc40000xc0x200817a7d7a0116e2cc61a45fe2176c942eFalse0.041015625data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_VERSION0xc20900x334data0.4304878048780488
          RT_MANIFEST0xc23d40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

          Imports

          DLLImport
          mscoree.dll_CorExeMain

          Network Behavior

          No network behavior found

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:14:33:49
          Start date:29/08/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe"
          Imagebase:0xd80000
          File size:782'848 bytes
          MD5 hash:FDC2585397F6E5DAA7368D90BD4C1818
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:3
          Start time:14:33:50
          Start date:29/08/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.13380.29830.exe"
          Imagebase:0x980000
          File size:782'848 bytes
          MD5 hash:FDC2585397F6E5DAA7368D90BD4C1818
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
          Reputation:low
          Has exited:true

          General

          Target ID:7
          Start time:14:34:06
          Start date:29/08/2024
          Path:C:\Windows\SysWOW64\WerFault.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 240
          Imagebase:0x830000
          File size:483'680 bytes
          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:9.7%
            Dynamic/Decrypted Code Coverage:100%
            Signature Coverage:4.6%
            Total number of Nodes:197
            Total number of Limit Nodes:12
            execution_graph 31830 7408e50 31831 7408fdb 31830->31831 31833 7408e76 31830->31833 31833->31831 31834 7405420 31833->31834 31835 74090d0 PostMessageW 31834->31835 31837 740913c 31835->31837 31837->31833 31838 30bd558 31839 30bd59e 31838->31839 31843 30bd738 31839->31843 31846 30bd727 31839->31846 31840 30bd68b 31844 30bd766 31843->31844 31849 30bb7f0 31843->31849 31844->31840 31847 30bb7f0 DuplicateHandle 31846->31847 31848 30bd766 31847->31848 31848->31840 31850 30bd7a0 DuplicateHandle 31849->31850 31851 30bd836 31850->31851 31851->31844 31852 30b4668 31853 30b467a 31852->31853 31854 30b4686 31853->31854 31856 30b4778 31853->31856 31857 30b479d 31856->31857 31861 30b4888 31857->31861 31865 30b4877 31857->31865 31862 30b48af 31861->31862 31864 30b498c 31862->31864 31869 30b44b4 31862->31869 31866 30b48af 31865->31866 31867 30b498c 31866->31867 31868 30b44b4 CreateActCtxA 31866->31868 31868->31867 31870 30b5918 CreateActCtxA 31869->31870 31872 30b59db 31870->31872 31872->31872 31873 30bb0a8 31874 30bb0b7 31873->31874 31876 30bb18f 31873->31876 31877 30bb1b1 31876->31877 31878 30bb1d4 31876->31878 31877->31878 31884 30bb829 31877->31884 31888 30bb838 31877->31888 31878->31874 31879 30bb1cc 31879->31878 31880 30bb3d8 GetModuleHandleW 31879->31880 31881 30bb405 31880->31881 31881->31874 31885 30bb84c 31884->31885 31886 30bb871 31885->31886 31892 30bb428 31885->31892 31886->31879 31889 30bb84c 31888->31889 31890 30bb428 LoadLibraryExW 31889->31890 31891 30bb871 31889->31891 31890->31891 31891->31879 31893 30bba18 LoadLibraryExW 31892->31893 31895 30bba91 31893->31895 31895->31886 31896 74072a5 31901 7407ca8 31896->31901 31916 7407d1e 31896->31916 31932 7407cb8 31896->31932 31897 74072da 31902 7407cac 31901->31902 31947 74081b0 31902->31947 31951 740829f 31902->31951 31955 740877d 31902->31955 31959 74089bc 31902->31959 31964 740830b 31902->31964 31971 7408808 31902->31971 31975 7408848 31902->31975 31980 7408965 31902->31980 31985 7408343 31902->31985 31989 74085b3 31902->31989 31997 7408122 31902->31997 32001 7408331 31902->32001 31903 7407cda 31903->31897 31917 7407cac 31916->31917 31918 7407d21 31916->31918 31920 74081b0 3 API calls 31917->31920 31921 7408331 6 API calls 31917->31921 31922 7408122 2 API calls 31917->31922 31923 74085b3 5 API calls 31917->31923 31924 7408343 4 API calls 31917->31924 31925 7408965 3 API calls 31917->31925 31926 7408848 4 API calls 31917->31926 31927 7408808 4 API calls 31917->31927 31928 740830b 6 API calls 31917->31928 31929 74089bc 2 API calls 31917->31929 31930 740877d 4 API calls 31917->31930 31931 740829f 3 API calls 31917->31931 31919 7407cda 31919->31897 31920->31919 31921->31919 31922->31919 31923->31919 31924->31919 31925->31919 31926->31919 31927->31919 31928->31919 31929->31919 31930->31919 31931->31919 31933 7407cbb 31932->31933 31935 74081b0 3 API calls 31933->31935 31936 7408331 6 API calls 31933->31936 31937 7408122 2 API calls 31933->31937 31938 74085b3 5 API calls 31933->31938 31939 7408343 4 API calls 31933->31939 31940 7408965 3 API calls 31933->31940 31941 7408848 4 API calls 31933->31941 31942 7408808 4 API calls 31933->31942 31943 740830b 6 API calls 31933->31943 31944 74089bc 2 API calls 31933->31944 31945 740877d 4 API calls 31933->31945 31946 740829f 3 API calls 31933->31946 31934 7407cda 31934->31897 31935->31934 31936->31934 31937->31934 31938->31934 31939->31934 31940->31934 31941->31934 31942->31934 31943->31934 31944->31934 31945->31934 31946->31934 32008 7406bf0 31947->32008 32012 7406be8 31947->32012 31948 74081de 31948->31903 31953 7406bf0 WriteProcessMemory 31951->31953 31954 7406be8 2 API calls 31951->31954 31952 7408184 31952->31903 31953->31952 31954->31952 31956 7408797 31955->31956 32019 7406570 31956->32019 32027 7406568 31956->32027 31960 7408a79 31959->31960 32035 7406ce0 31960->32035 32039 7406cd8 31960->32039 31961 7408a9b 31965 740892b 31964->31965 31968 7406570 2 API calls 31965->31968 31969 7406568 2 API calls 31965->31969 32043 7406620 31965->32043 32047 7406619 31965->32047 31966 7408946 31968->31966 31969->31966 31972 7408798 31971->31972 31973 7406570 2 API calls 31972->31973 31974 7406568 2 API calls 31972->31974 31973->31972 31974->31972 31976 7408851 31975->31976 31977 7408798 31975->31977 31978 7406570 2 API calls 31977->31978 31979 7406568 2 API calls 31977->31979 31978->31977 31979->31977 31981 740896b 31980->31981 31982 7408ac7 31981->31982 31983 7406bf0 WriteProcessMemory 31981->31983 31984 7406be8 2 API calls 31981->31984 31982->31903 31983->31981 31984->31981 31986 7408350 31985->31986 31987 7406570 2 API calls 31986->31987 31988 7406568 2 API calls 31986->31988 31987->31986 31988->31986 31994 7406be8 2 API calls 31989->31994 32051 7406b30 31989->32051 32055 7406b28 31989->32055 31990 7408ac7 31990->31903 31991 74085d1 31991->31990 31995 7406bf0 WriteProcessMemory 31991->31995 31996 7406be8 2 API calls 31991->31996 31994->31991 31995->31991 31996->31991 32059 7406e6f 31997->32059 32063 7406e78 31997->32063 32002 7408a3f 32001->32002 32004 7406620 Wow64SetThreadContext 32002->32004 32005 7406570 2 API calls 32002->32005 32006 7406568 2 API calls 32002->32006 32007 7406619 Wow64SetThreadContext 32002->32007 32003 7408a5a 32004->32003 32005->32003 32006->32003 32007->32003 32009 7406bf3 WriteProcessMemory 32008->32009 32011 7406c8f 32009->32011 32011->31948 32013 7406bed WriteProcessMemory 32012->32013 32014 7406b6f 32012->32014 32017 7406c8f 32013->32017 32014->32012 32014->32013 32015 7406b7a VirtualAllocEx 32014->32015 32018 7406bad 32015->32018 32017->31948 32018->31948 32020 74065ae 32019->32020 32021 74065b0 ResumeThread 32020->32021 32022 740661b Wow64SetThreadContext 32020->32022 32024 74065e1 32021->32024 32026 74066ad 32022->32026 32024->31956 32026->31956 32028 740656f 32027->32028 32029 74065b0 ResumeThread 32028->32029 32030 740661b Wow64SetThreadContext 32028->32030 32033 74065e1 32029->32033 32034 74066ad 32030->32034 32033->31956 32034->31956 32036 7406ce3 ReadProcessMemory 32035->32036 32038 7406d6f 32036->32038 32038->31961 32040 7406cdc ReadProcessMemory 32039->32040 32042 7406d6f 32040->32042 32042->31961 32044 7406665 Wow64SetThreadContext 32043->32044 32046 74066ad 32044->32046 32046->31966 32048 7406620 Wow64SetThreadContext 32047->32048 32050 74066ad 32048->32050 32050->31966 32052 7406b70 VirtualAllocEx 32051->32052 32054 7406bad 32052->32054 32054->31991 32056 7406b30 VirtualAllocEx 32055->32056 32058 7406bad 32056->32058 32058->31991 32060 7406e74 CreateProcessA 32059->32060 32062 74070c3 32060->32062 32064 7406e7b CreateProcessA 32063->32064 32066 74070c3 32064->32066 32067 7409fa8 32068 7409fab 32067->32068 32069 7409fd0 32068->32069 32072 740a010 32068->32072 32077 7409ffb 32068->32077 32073 740a013 32072->32073 32076 740a03d 32073->32076 32082 7405520 32073->32082 32076->32069 32078 740a004 32077->32078 32079 7405520 FindCloseChangeNotification 32078->32079 32081 740a03d 32078->32081 32080 740a039 32079->32080 32080->32069 32081->32069 32083 740a188 FindCloseChangeNotification 32082->32083 32084 740a039 32083->32084 32084->32069 31826 56c43a0 31827 56c43e2 31826->31827 31829 56c43e9 31826->31829 31828 56c443a CallWindowProcW 31827->31828 31827->31829 31828->31829

            Executed Functions

            Function 07406BE8 Relevance: 3.1, APIs: 2, Instructions: 111memoryinjectionCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 351 7406be8-7406bea 352 7406bf3-7406c3e 351->352 353 7406bec 351->353 362 7406c40-7406c4c 352->362 363 7406c4e-7406c57 352->363 354 7406bed-7406bf1 353->354 355 7406b6f-7406b78 353->355 354->352 356 7406be5-7406be7 355->356 357 7406b7a-7406bab VirtualAllocEx 355->357 356->351 360 7406bb4-7406bd9 357->360 361 7406bad-7406bb3 357->361 361->360 362->363 366 7406c5e-7406c8d WriteProcessMemory 363->366 367 7406c96-7406cc6 366->367 368 7406c8f-7406c95 366->368 368->367
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07406B9E
            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07406C80
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocMemoryProcessVirtualWrite
            • String ID:
            • API String ID: 645232735-0
            • Opcode ID: edeb7aa3e9cd3813da56a53229707b4ec2c3623742f2235487b5110fa3e795d7
            • Instruction ID: 044e2e4026a836c8ae8f42707e7808424ae4c45757bddcf0669a25895b798b12
            • Opcode Fuzzy Hash: edeb7aa3e9cd3813da56a53229707b4ec2c3623742f2235487b5110fa3e795d7
            • Instruction Fuzzy Hash: 6B4187B68003499FDF10DFA9C844BEEBBF5FF48310F10842AE519A72A0C7789554CBA1
            Function 074010C0 Relevance: .1, Instructions: 62COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e7eb2a71dfd0ca3ef643c07dcc81f794cbe04a1b37ed3c4cd1f44cc9b785814a
            • Instruction ID: b621b2c563039aad0ca58c7ff1056e462ebfd0f06eb497b858ffad6870d07403
            • Opcode Fuzzy Hash: e7eb2a71dfd0ca3ef643c07dcc81f794cbe04a1b37ed3c4cd1f44cc9b785814a
            • Instruction Fuzzy Hash: BE21F8B1D046588BEB19CFA7C8143DEFFB2AF89304F14C06AD418AA294DB790546CFA0
            Function 074010D0 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 550e3cc787c85ea5826e75ac523428feb4cb6ce91550d3bf3d42dc6e81a98aa1
            • Instruction ID: 3ebe8e168e2dd4f20b0ee1950c4fc1d01ffd6f4922ec8b668f98913938d368e5
            • Opcode Fuzzy Hash: 550e3cc787c85ea5826e75ac523428feb4cb6ce91550d3bf3d42dc6e81a98aa1
            • Instruction Fuzzy Hash: BA21A2B1D046189BEB18CFABC8547DEFAF7AFC9304F14C06AD4086A294DB750946CFA0
            Function 07406568 Relevance: 3.1, APIs: 2, Instructions: 117threadCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 330 7406568-740656d 331 74065ae 330->331 332 740656f-74065a9 330->332 334 74065b0-74065df ResumeThread 331->334 335 740661b-740666b 331->335 332->331 340 74065e1-74065e7 334->340 341 74065e8-740660d 334->341 337 740667b-74066ab Wow64SetThreadContext 335->337 338 740666d-7406679 335->338 344 74066b4-74066e4 337->344 345 74066ad-74066b3 337->345 338->337 340->341 345->344
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: 7987cf525db5bdaf1a8f64f49fe9ce5aa695d9fd639cd0132049069e2ef596f5
            • Instruction ID: c7f0c080e5006550c98a5e5449190bf7d26d55dffe187fb43ea8d656b59e99c0
            • Opcode Fuzzy Hash: 7987cf525db5bdaf1a8f64f49fe9ce5aa695d9fd639cd0132049069e2ef596f5
            • Instruction Fuzzy Hash: 9E4148B59006098FDB14DFAAC4457EEFBF5EF88324F14842AD51AA7240CB78A945CFA1
            Function 07406E6F Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 417 7406e6f-7406e72 418 7406e74-7406e79 417->418 419 7406e7b-7406f0d 417->419 418->419 422 7406f46-7406f66 419->422 423 7406f0f-7406f19 419->423 430 7406f68-7406f72 422->430 431 7406f9f-7406fce 422->431 423->422 424 7406f1b-7406f1d 423->424 425 7406f40-7406f43 424->425 426 7406f1f-7406f29 424->426 425->422 428 7406f2b 426->428 429 7406f2d-7406f3c 426->429 428->429 429->429 432 7406f3e 429->432 430->431 433 7406f74-7406f76 430->433 437 7406fd0-7406fda 431->437 438 7407007-74070c1 CreateProcessA 431->438 432->425 435 7406f78-7406f82 433->435 436 7406f99-7406f9c 433->436 439 7406f84 435->439 440 7406f86-7406f95 435->440 436->431 437->438 441 7406fdc-7406fde 437->441 451 74070c3-74070c9 438->451 452 74070ca-7407150 438->452 439->440 440->440 442 7406f97 440->442 443 7406fe0-7406fea 441->443 444 7407001-7407004 441->444 442->436 446 7406fec 443->446 447 7406fee-7406ffd 443->447 444->438 446->447 447->447 448 7406fff 447->448 448->444 451->452 462 7407160-7407164 452->462 463 7407152-7407156 452->463 465 7407174-7407178 462->465 466 7407166-740716a 462->466 463->462 464 7407158 463->464 464->462 468 7407188-740718c 465->468 469 740717a-740717e 465->469 466->465 467 740716c 466->467 467->465 470 740719e-74071a5 468->470 471 740718e-7407194 468->471 469->468 472 7407180 469->472 473 74071a7-74071b6 470->473 474 74071bc 470->474 471->470 472->468 473->474 476 74071bd 474->476 476->476
            APIs
            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 074070AE
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: 8b5f6d9f8b10b786b9df282f6621c4e4c07813cb606d554906bb62fe73274129
            • Instruction ID: 653fa7a2835d239dd696fbb2ad7da8999333bc9a34b7fcb3b2af35f02c13f923
            • Opcode Fuzzy Hash: 8b5f6d9f8b10b786b9df282f6621c4e4c07813cb606d554906bb62fe73274129
            • Instruction Fuzzy Hash: 9DA13AB1D0021ADFDF15CF68C840BDEBBB2BF44314F14856AD809A7290DB74A985CF92
            Function 07406E78 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 477 7406e78-7406f0d 480 7406f46-7406f66 477->480 481 7406f0f-7406f19 477->481 488 7406f68-7406f72 480->488 489 7406f9f-7406fce 480->489 481->480 482 7406f1b-7406f1d 481->482 483 7406f40-7406f43 482->483 484 7406f1f-7406f29 482->484 483->480 486 7406f2b 484->486 487 7406f2d-7406f3c 484->487 486->487 487->487 490 7406f3e 487->490 488->489 491 7406f74-7406f76 488->491 495 7406fd0-7406fda 489->495 496 7407007-74070c1 CreateProcessA 489->496 490->483 493 7406f78-7406f82 491->493 494 7406f99-7406f9c 491->494 497 7406f84 493->497 498 7406f86-7406f95 493->498 494->489 495->496 499 7406fdc-7406fde 495->499 509 74070c3-74070c9 496->509 510 74070ca-7407150 496->510 497->498 498->498 500 7406f97 498->500 501 7406fe0-7406fea 499->501 502 7407001-7407004 499->502 500->494 504 7406fec 501->504 505 7406fee-7406ffd 501->505 502->496 504->505 505->505 506 7406fff 505->506 506->502 509->510 520 7407160-7407164 510->520 521 7407152-7407156 510->521 523 7407174-7407178 520->523 524 7407166-740716a 520->524 521->520 522 7407158 521->522 522->520 526 7407188-740718c 523->526 527 740717a-740717e 523->527 524->523 525 740716c 524->525 525->523 528 740719e-74071a5 526->528 529 740718e-7407194 526->529 527->526 530 7407180 527->530 531 74071a7-74071b6 528->531 532 74071bc 528->532 529->528 530->526 531->532 534 74071bd 532->534 534->534
            APIs
            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 074070AE
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: 615ab749823bc29ca6dab9fe934b3c76d7f63efe325e8c5d7aa76c7456caa958
            • Instruction ID: 2c2d0edd2016fb9a93a2faf84c59fc541843c5c9fb728d573f3ed0c9021f57a5
            • Opcode Fuzzy Hash: 615ab749823bc29ca6dab9fe934b3c76d7f63efe325e8c5d7aa76c7456caa958
            • Instruction Fuzzy Hash: 98912AB1D0021ADFDF15CF68C941BDEBBB2BF44314F1485AAD819A7280DB74A985CF92
            Function 030BB18F Relevance: 1.7, APIs: 1, Instructions: 201COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 535 30bb18f-30bb1af 536 30bb1db-30bb1df 535->536 537 30bb1b1-30bb1be call 30ba0f0 535->537 539 30bb1f3-30bb234 536->539 540 30bb1e1-30bb1eb 536->540 544 30bb1c0 537->544 545 30bb1d4 537->545 546 30bb241-30bb24f 539->546 547 30bb236-30bb23e 539->547 540->539 590 30bb1c6 call 30bb829 544->590 591 30bb1c6 call 30bb838 544->591 545->536 548 30bb273-30bb275 546->548 549 30bb251-30bb256 546->549 547->546 554 30bb278-30bb27f 548->554 551 30bb258-30bb25f call 30ba0fc 549->551 552 30bb261 549->552 550 30bb1cc-30bb1ce 550->545 553 30bb310-30bb3d0 550->553 556 30bb263-30bb271 551->556 552->556 585 30bb3d8-30bb403 GetModuleHandleW 553->585 586 30bb3d2-30bb3d5 553->586 557 30bb28c-30bb293 554->557 558 30bb281-30bb289 554->558 556->554 559 30bb2a0-30bb2a9 call 30ba10c 557->559 560 30bb295-30bb29d 557->560 558->557 566 30bb2ab-30bb2b3 559->566 567 30bb2b6-30bb2bb 559->567 560->559 566->567 568 30bb2d9-30bb2e6 567->568 569 30bb2bd-30bb2c4 567->569 575 30bb309-30bb30f 568->575 576 30bb2e8-30bb306 568->576 569->568 571 30bb2c6-30bb2d6 call 30ba11c call 30ba12c 569->571 571->568 576->575 587 30bb40c-30bb420 585->587 588 30bb405-30bb40b 585->588 586->585 588->587 590->550 591->550
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 030BB3F6
            Memory Dump Source
            • Source File: 00000000.00000002.2013316412.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: 5f8c2e5171b5a815ae7cb811f59caec14a00b03e9aab12b742c0140ab960a6dc
            • Instruction ID: 27295093103702098d0b933a828647ed14ebb90c667f3d75f3a2257c3ce157e2
            • Opcode Fuzzy Hash: 5f8c2e5171b5a815ae7cb811f59caec14a00b03e9aab12b742c0140ab960a6dc
            • Instruction Fuzzy Hash: 7C8174B0A01B058FD764DF6AD54179ABBF5FF88300F04896ED48ADBA50DB74E809CB91
            Function 030B44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 592 30b44b4-30b59d9 CreateActCtxA 595 30b59db-30b59e1 592->595 596 30b59e2-30b5a3c 592->596 595->596 603 30b5a4b-30b5a4f 596->603 604 30b5a3e-30b5a41 596->604 605 30b5a51-30b5a5d 603->605 606 30b5a60 603->606 604->603 605->606 608 30b5a61 606->608 608->608
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 030B59C9
            Memory Dump Source
            • Source File: 00000000.00000002.2013316412.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: f0983ae7e64916039173b88895fae08916306d627671ce877195495d6f5d93cd
            • Instruction ID: 059cc79e0c4a72cddf2a4a5445fe019dab269d90bcfea9d6488bdd0c74fa0633
            • Opcode Fuzzy Hash: f0983ae7e64916039173b88895fae08916306d627671ce877195495d6f5d93cd
            • Instruction Fuzzy Hash: 2341DFB0C0061DCBDB24DFA9C885BDEBBF5BF49304F24806AD409AB255DB75694ACF90
            Function 030B590D Relevance: 1.6, APIs: 1, Instructions: 94COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 609 30b590d-30b59d9 CreateActCtxA 611 30b59db-30b59e1 609->611 612 30b59e2-30b5a3c 609->612 611->612 619 30b5a4b-30b5a4f 612->619 620 30b5a3e-30b5a41 612->620 621 30b5a51-30b5a5d 619->621 622 30b5a60 619->622 620->619 621->622 624 30b5a61 622->624 624->624
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 030B59C9
            Memory Dump Source
            • Source File: 00000000.00000002.2013316412.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 7357a9d7c6fd1235ecd3457038907c03b2fa1b937ee90976e04535c69b870aa0
            • Instruction ID: e11587062e5dc1d7670a6e493815561333f7e32675ae6da5939d10194b0ca55e
            • Opcode Fuzzy Hash: 7357a9d7c6fd1235ecd3457038907c03b2fa1b937ee90976e04535c69b870aa0
            • Instruction Fuzzy Hash: 3341E2B0C0071DCADB24DFA9C885BDEBBF5BF49304F24846AD409AB254DB75594ACF50
            Function 056C43A0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 625 56c43a0-56c43dc 626 56c448c-56c44ac 625->626 627 56c43e2-56c43e7 625->627 633 56c44af-56c44bc 626->633 628 56c43e9-56c4420 627->628 629 56c443a-56c4472 CallWindowProcW 627->629 636 56c4429-56c4438 628->636 637 56c4422-56c4428 628->637 630 56c447b-56c448a 629->630 631 56c4474-56c447a 629->631 630->633 631->630 636->633 637->636
            APIs
            • CallWindowProcW.USER32(?,?,?,?,?), ref: 056C4461
            Memory Dump Source
            • Source File: 00000000.00000002.2017381788.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_56c0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CallProcWindow
            • String ID:
            • API String ID: 2714655100-0
            • Opcode ID: 09636cdb7fbe51312c5865e5ef93192fa69b406ad06eb8092737fcabd0d872ab
            • Instruction ID: 20ba10548df669c86d1c8fe615320fda6d353ba6fddc6d928b1eae1b9a8e87f9
            • Opcode Fuzzy Hash: 09636cdb7fbe51312c5865e5ef93192fa69b406ad06eb8092737fcabd0d872ab
            • Instruction Fuzzy Hash: 684107B49003098FDB14CF99C448AAABFF5FF88315F24C599E519AB321D774A841CFA0
            Function 07406BF0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 639 7406bf0-7406c3e 642 7406c40-7406c4c 639->642 643 7406c4e-7406c8d WriteProcessMemory 639->643 642->643 645 7406c96-7406cc6 643->645 646 7406c8f-7406c95 643->646 646->645
            APIs
            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07406C80
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: 7cf9f48ff10f47e10d3b0c89a56c646b84a1113ab1672f52fb6f9640fa2b35d1
            • Instruction ID: 231a1014114e47bc05bd3b0964eeecd635bae6a644a0c9b4b2ad439f69241745
            • Opcode Fuzzy Hash: 7cf9f48ff10f47e10d3b0c89a56c646b84a1113ab1672f52fb6f9640fa2b35d1
            • Instruction Fuzzy Hash: 2B2139B19003099FDB10DFAAC885BEEBBF5FF48310F10842AE919A7240C7789954CBA1
            Function 07406619 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 650 7406619-740666b 653 740667b-74066ab Wow64SetThreadContext 650->653 654 740666d-7406679 650->654 656 74066b4-74066e4 653->656 657 74066ad-74066b3 653->657 654->653 657->656
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0740669E
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: 421886b0d4cdfc01e14a7f23a3b792ca435709aa5b7b0803eb74aa4a0b5fae29
            • Instruction ID: c4e9bba9f9fa9809a4dd5d099ca4c8003b71240f8521b79d36c38349ca175fb9
            • Opcode Fuzzy Hash: 421886b0d4cdfc01e14a7f23a3b792ca435709aa5b7b0803eb74aa4a0b5fae29
            • Instruction Fuzzy Hash: A2213AB5D002099FDB10DFAAC4857EEBBF4EF48314F14842AD559A7240CB789545CFA1
            Function 030BB7F0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 661 30bb7f0-30bd834 DuplicateHandle 663 30bd83d-30bd85a 661->663 664 30bd836-30bd83c 661->664 664->663
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,030BD766,?,?,?,?,?), ref: 030BD827
            Memory Dump Source
            • Source File: 00000000.00000002.2013316412.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: a988efb01a0a130002b85eb9da1947474d03c3bc1d1169efda4825133694c18c
            • Instruction ID: a1f3513e81aceb5ae44619fc019dd4d4ba2f3d1a92f32ed8edf07ad739880bd2
            • Opcode Fuzzy Hash: a988efb01a0a130002b85eb9da1947474d03c3bc1d1169efda4825133694c18c
            • Instruction Fuzzy Hash: E221E4B59012489FDB10DF9AD584AEEFFF9FB48310F14842AE918A3310D378A944CFA4
            Function 07406CD8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
            Download Yara Rule
            APIs
            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07406D60
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: c4d7b3be91ebebddcd55d39d46a798347704b90d4d2dd059fbc3fa43d68837b2
            • Instruction ID: ad7f54f254f4eaeb2c1604e3326fd35ef276b3850fa9ca347842d287d0434fdf
            • Opcode Fuzzy Hash: c4d7b3be91ebebddcd55d39d46a798347704b90d4d2dd059fbc3fa43d68837b2
            • Instruction Fuzzy Hash: 822145B1D006599FCB10CFAAC884AEEFBF5FF48310F10842AE959A7240D7389955CBA1
            Function 07406620 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
            Download Yara Rule
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0740669E
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: 4940c6c9c80932ab85b6390a5f3ad2f236cefea23061f0e2aa59111fa862904c
            • Instruction ID: 27bcdb95e95af4673110157d600fe4341f4466fff88a2643c105f7a96adabb3d
            • Opcode Fuzzy Hash: 4940c6c9c80932ab85b6390a5f3ad2f236cefea23061f0e2aa59111fa862904c
            • Instruction Fuzzy Hash: 662129B5D003098FDB10DFAAC485BEEBBF5EF48314F14842AD519A7240CB789945CFA5
            Function 07406CE0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
            Download Yara Rule
            APIs
            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07406D60
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: 348bea203c9950faf827447825fc61aa8d9129b7f9084c3b1d22c3249d62473c
            • Instruction ID: ab34cc95ec3d3d66633f54b70141428ac546813bf316aef7e4a7c31a8951a00a
            • Opcode Fuzzy Hash: 348bea203c9950faf827447825fc61aa8d9129b7f9084c3b1d22c3249d62473c
            • Instruction Fuzzy Hash: A02138B1C007499FDB10DFAAC885AEEFBF5FF48310F10842AE919A7250D7389954CBA1
            Function 030BD79B Relevance: 1.6, APIs: 1, Instructions: 61COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,030BD766,?,?,?,?,?), ref: 030BD827
            Memory Dump Source
            • Source File: 00000000.00000002.2013316412.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 560d774782e617ea2ef203003624dbd1cd487a2419df91b1910b3e6a32813166
            • Instruction ID: 8099c4717ed1d6369534fd2ed06e46106a35984efc6d843292f0a7d942c939f2
            • Opcode Fuzzy Hash: 560d774782e617ea2ef203003624dbd1cd487a2419df91b1910b3e6a32813166
            • Instruction Fuzzy Hash: 6C21B2B59012089FDB10CF99D585ADEBBF9EB48310F14841AE918A7250D378A954CFA4
            Function 030BB428 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
            Download Yara Rule
            APIs
            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,030BB871,00000800,00000000,00000000), ref: 030BBA82
            Memory Dump Source
            • Source File: 00000000.00000002.2013316412.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: LibraryLoad
            • String ID:
            • API String ID: 1029625771-0
            • Opcode ID: de7f5e34e7f2e5b6e9e33c45adbe7cd09a205bb34ec67c285394737940615f62
            • Instruction ID: 586232ee7e0045af7424fb2fb51e6dadbdbc85f4bbb1c0edbad164fc87a5e786
            • Opcode Fuzzy Hash: de7f5e34e7f2e5b6e9e33c45adbe7cd09a205bb34ec67c285394737940615f62
            • Instruction Fuzzy Hash: 201100B6C002498FDB20DF9AC448ADEFBF9EB48310F14842AE919B7210C379A544CFA4
            Function 07406B28 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07406B9E
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: 599590bae16d81e60438dad20e27dd67da0ef5ad181ccbead8b2a1571fcc9d09
            • Instruction ID: 657fde3db78ac78223af23c4e11e441c67e591f483a51056324d8a62f05becbe
            • Opcode Fuzzy Hash: 599590bae16d81e60438dad20e27dd67da0ef5ad181ccbead8b2a1571fcc9d09
            • Instruction Fuzzy Hash: 3C1159B18002499FDB10DFAAC844BEFBFF5EF48310F148419E559A7250C779A550CFA1
            Function 030BBA10 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
            Download Yara Rule
            APIs
            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,030BB871,00000800,00000000,00000000), ref: 030BBA82
            Memory Dump Source
            • Source File: 00000000.00000002.2013316412.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: LibraryLoad
            • String ID:
            • API String ID: 1029625771-0
            • Opcode ID: e2515cf4c5dc29cbff59fbf303d15138c54a74814787be7959666905fe2900db
            • Instruction ID: a10997441a90dc7fa6d799c7c0599a29d8ab20d7c981770de9325ee1b222291a
            • Opcode Fuzzy Hash: e2515cf4c5dc29cbff59fbf303d15138c54a74814787be7959666905fe2900db
            • Instruction Fuzzy Hash: 0111D0B6C00249CFDB10CF9AC544ADEFBF9EB88710F14842AD919A7610C379A545CFA0
            Function 07406B30 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07406B9E
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: 5d10eca465b0f3d38544e0290799a1f082a53bc032773c3c53274792c1a2704a
            • Instruction ID: 2016ed0a3f670b65dcf0a7b4d9ae86d608f0345a1b2767d921cbb1b97d393015
            • Opcode Fuzzy Hash: 5d10eca465b0f3d38544e0290799a1f082a53bc032773c3c53274792c1a2704a
            • Instruction Fuzzy Hash: C2113AB18002499FDB10DFAAC845AEFBFF5FF48314F108419D519A7250C7799554CFA1
            Function 07405520 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0740A039,?,?), ref: 0740A1E0
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 98996e24245d1fde2ab997046d039442a965452b367f03f4f4c76de5576ad72f
            • Instruction ID: bd875ece8cb179577b03681412202e5d68b4c37cb6a644908de3727d653dd002
            • Opcode Fuzzy Hash: 98996e24245d1fde2ab997046d039442a965452b367f03f4f4c76de5576ad72f
            • Instruction Fuzzy Hash: 891125B19007499FDB20DF9AC445BEEBBF8EB48320F10842AD958A7340D738A944CFA5
            Function 07406570 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: 09789971bdea7c1e587eef03c90c41537b410417e170d7fe17aeb47c1b861c93
            • Instruction ID: 641798ec56a97899ad538dbcde4c5db5075cf3848c99dfd64cda94dfef6d7736
            • Opcode Fuzzy Hash: 09789971bdea7c1e587eef03c90c41537b410417e170d7fe17aeb47c1b861c93
            • Instruction Fuzzy Hash: 391128B19002498BDB24DFAAC4457EEFBF9EF88314F20841AD519A7240CB79A544CBA1
            Function 0740A186 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0740A039,?,?), ref: 0740A1E0
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 9f436a97f7d51e2838da3552f352e7eb9f05bd00825fc151cc5d883b5538b8a2
            • Instruction ID: 8dc866c01f7d99bb8b89aa0b4360b35a37a25e1b97b929a3c5f262ed98432815
            • Opcode Fuzzy Hash: 9f436a97f7d51e2838da3552f352e7eb9f05bd00825fc151cc5d883b5538b8a2
            • Instruction Fuzzy Hash: 341136B58007498FDB20DF9AC445BDEBBF8EB48320F10842AD558A7340C738A584CFA5
            Function 074090C9 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0740912D
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 00f84ed4fef45a37d640ef0f7b4ffd38316143b304468a4085949bcd9d702918
            • Instruction ID: 1c224b18b575b907dd5267ea69af0157822efab43228e6249ff0fb5f76fd1520
            • Opcode Fuzzy Hash: 00f84ed4fef45a37d640ef0f7b4ffd38316143b304468a4085949bcd9d702918
            • Instruction Fuzzy Hash: 5711F5B58003499FDB10DF99D849BDEFFF8EB48310F14841AE958A7251C379A584CFA1
            Function 030BB390 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
            Download Yara Rule
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 030BB3F6
            Memory Dump Source
            • Source File: 00000000.00000002.2013316412.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: d5cfc1154d3b18eed6208576c017f4ba0076d8466d909b46d5a9985873f41dc1
            • Instruction ID: 7b3124eddc8d2b971f093a05f4a5f664ea4b6e75c37074966a868f044aad6145
            • Opcode Fuzzy Hash: d5cfc1154d3b18eed6208576c017f4ba0076d8466d909b46d5a9985873f41dc1
            • Instruction Fuzzy Hash: C9110FB5C007498FDB10DF9AC444ADEFBF8EB88310F14842AD928B7210C3B9A545CFA5
            Function 07405420 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0740912D
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: f09c5dd8501984ed6c01d30581719122ac29b2af49fd861299f8788539fb33b9
            • Instruction ID: b0eeeab152f3a1116c6d37ddd1c2aaca24a961d0e24014420ef656ebb2035319
            • Opcode Fuzzy Hash: f09c5dd8501984ed6c01d30581719122ac29b2af49fd861299f8788539fb33b9
            • Instruction Fuzzy Hash: 9511F2B59003499FDB10DF9AD889BDEBBF8EB48310F10845AE918A7241C379A944CFA5
            Function 02ECD3D8 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2012776657.0000000002ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ECD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2ecd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eb303f066b8225b4415a7f4ef7f4e1cb8948497b76ded518209cd1f107fdc327
            • Instruction ID: 219f3c398a2feda849cfc708d9d4be3780dfc54d063bc9b3458ef6b8dc358f65
            • Opcode Fuzzy Hash: eb303f066b8225b4415a7f4ef7f4e1cb8948497b76ded518209cd1f107fdc327
            • Instruction Fuzzy Hash: 0B21E271580204DFDB09DF54DAC0B26BF65FB98324F20C57DDA094A256C33AE457C6A1
            Function 02EDD01C Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2012892186.0000000002EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EDD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2edd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 419b725f83abea753dd18e7f401e8773cf62f03d0c27a47f7354632dbf3386a4
            • Instruction ID: 99c1338b9bfe21296d9790d63c00fc78f8de4fec033035763343b3e38a6117aa
            • Opcode Fuzzy Hash: 419b725f83abea753dd18e7f401e8773cf62f03d0c27a47f7354632dbf3386a4
            • Instruction Fuzzy Hash: 5221F272684204DFDB15DF24D984B26BF66FBC8318F64C569D90A4B296C33AD807CAA1
            Function 02EDD1D4 Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2012892186.0000000002EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EDD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2edd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dc58c52a9eafb8524dac84fbf23e06914e26b90b849c13b94caedee82b5096f6
            • Instruction ID: 355b12590907acb3a8a92b651c0a40be7ad7a1bfce9ee20c812a91f5f2c0abb0
            • Opcode Fuzzy Hash: dc58c52a9eafb8524dac84fbf23e06914e26b90b849c13b94caedee82b5096f6
            • Instruction Fuzzy Hash: FB21F272584204EFDB05DF64D9C0F26BBA5FB88318F20C56DE94D4B256C33AD407CA61
            Function 02EDD005 Relevance: .1, Instructions: 62COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2012892186.0000000002EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EDD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2edd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 85fbd0fb4ba215af67d0b75755de643a8d3d3f0e8a4c1b875ecc631e33881254
            • Instruction ID: 93ac4826b3b28786cb8309a891a8b20963294325007e82fbbe2f33bde3e4aebd
            • Opcode Fuzzy Hash: 85fbd0fb4ba215af67d0b75755de643a8d3d3f0e8a4c1b875ecc631e33881254
            • Instruction Fuzzy Hash: DF21A7755493C08FD712CF24D994715BF71EB46218F28C5DAD8498F6A7C33A940BCB62
            Function 02ECD3D3 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2012776657.0000000002ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ECD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2ecd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
            • Instruction ID: a7b60857334c14722cc4c107692bf68298a665d0d061d76b7c14756c5122ce77
            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
            • Instruction Fuzzy Hash: 6611E172444240DFCB16CF40DAC4B16BF71FB84328F24C6ADD9094B256C33AE45ACBA2
            Function 02EDD1CF Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2012892186.0000000002EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EDD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2edd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
            • Instruction ID: c328f09c2552f11d6e393dc77e89099d38557f6fc16e0f51f85e7c2bb5551ce8
            • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
            • Instruction Fuzzy Hash: 0111BB76544280DFCB02CF50C9C4B15BBB1FB84218F24C6A9D8494B696C33AD41ACB62
            Function 02ECD759 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2012776657.0000000002ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ECD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2ecd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7643a0acf0923b47704761991ebc9c1547a71570e3b33b05f2765f672e79e1fa
            • Instruction ID: 1eb484ff7e823b00a91be4b3f6e9a30afceb2e5a6eff23718dcfcd1b1a2d102f
            • Opcode Fuzzy Hash: 7643a0acf0923b47704761991ebc9c1547a71570e3b33b05f2765f672e79e1fa
            • Instruction Fuzzy Hash: 4101DB710447449EE7209B95CE84BA7FFDCEF45324F28D53EED091A286C37A9841C671
            Function 02ECD758 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2012776657.0000000002ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ECD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2ecd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1ba00598bf930bfdc6e3e4eb18d45a888c904e875b4ce28c0ed7497928022eb1
            • Instruction ID: 79a7bebb38602caebbd527c24c246e55b794041eb81dd91064c8e8767d7b90a8
            • Opcode Fuzzy Hash: 1ba00598bf930bfdc6e3e4eb18d45a888c904e875b4ce28c0ed7497928022eb1
            • Instruction Fuzzy Hash: 73F0C271004344AEE7208A06CD84B66FFA8EF41628F28C46AED081A286C37A9844CAB0

            Non-executed Functions

            Function 07405AD8 Relevance: .4, Instructions: 353COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 03bf4852d3c158d939a651ed0a93bec3e441226f9571f4fc50f0656ad4948c32
            • Instruction ID: 8508567f94104bee2f0f70f32b9db23f7a293babb65c4400c1794e49a93554e1
            • Opcode Fuzzy Hash: 03bf4852d3c158d939a651ed0a93bec3e441226f9571f4fc50f0656ad4948c32
            • Instruction Fuzzy Hash: FDE15EB0A042198FDB14CF59C5849AEFBF2EF85215F24816AD458AB392D735DC92CFE0
            Function 056C0518 Relevance: .3, Instructions: 315COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2017381788.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_56c0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 29e5b695120536782557052a1e4b3e01bed211e7b17492a6c52910d2ff365435
            • Instruction ID: 9fdf9b38bc134ca3a7f1a30c1f52915a4416954140e9ee649b92a99b952952f9
            • Opcode Fuzzy Hash: 29e5b695120536782557052a1e4b3e01bed211e7b17492a6c52910d2ff365435
            • Instruction Fuzzy Hash: 961293B04037458EE320EF65ED4C1893AF1BB86319B905209DE652B2EDDBBC156ACF64
            Function 074066F8 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f7999572748e2fbd4d125e0395d76971266892049b06ac8f7e86fad898521cb6
            • Instruction ID: a935a9b0b744613eb5766abc4d925d6f32ee54b00299965601fbc9f946c14330
            • Opcode Fuzzy Hash: f7999572748e2fbd4d125e0395d76971266892049b06ac8f7e86fad898521cb6
            • Instruction Fuzzy Hash: 58E1E7B4E001198FDB14DFA9C5809AEFBB2FF89305F24816AD415AB396D731AD41CFA1
            Function 07404548 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be5033834e36ecd339d74db1d0074f2e511b6bd3ba72c77412bbdbd27e4d50cc
            • Instruction ID: e05484dd61139f2a9ad65465025560b47295a33b2b0a5ea60ce543eda72c28a0
            • Opcode Fuzzy Hash: be5033834e36ecd339d74db1d0074f2e511b6bd3ba72c77412bbdbd27e4d50cc
            • Instruction Fuzzy Hash: 02E119B4E001598FDB14DFA9C5809AEFBB2FF89305F24816AD515AB396D730AD41CFA0
            Function 07405D48 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 19dfb4746f205faff10e99dd736db9571ac9f29f22b490f1f7c830f4840e8d79
            • Instruction ID: ee0cd4b1386d81b50e643711759042a2528238730ee0951e349e4010eedafcfb
            • Opcode Fuzzy Hash: 19dfb4746f205faff10e99dd736db9571ac9f29f22b490f1f7c830f4840e8d79
            • Instruction Fuzzy Hash: 94E1FBB4E001198FDB14DFA9C5809AEFBB2FF89305F24816AD415AB396D734AD41CFA1
            Function 07404110 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 272ee54d4a3a246d580847616efc347a3b6504b1349470678f1a06e70040ab94
            • Instruction ID: 33062662b39b9a3dc66a51a356e275a1573964c1a9e23538dff4ab08a6b47ebf
            • Opcode Fuzzy Hash: 272ee54d4a3a246d580847616efc347a3b6504b1349470678f1a06e70040ab94
            • Instruction Fuzzy Hash: 42E11BB4E001598FDB14DFA9C5809AEFBB2FF89305F24816AD515AB396D730AD41CFA0
            Function 07403CD8 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e515f8c9d23048ec6315ded963d0330786ddf38c6bdb0d24fe93f055a9ec8301
            • Instruction ID: 11d1ba4271aa6078a3c22418063e799de1d3b41a59a5d0c796bb366d3eb0473a
            • Opcode Fuzzy Hash: e515f8c9d23048ec6315ded963d0330786ddf38c6bdb0d24fe93f055a9ec8301
            • Instruction Fuzzy Hash: 1DE10BB4E001598FDB14DFA9C5809AEFBB2FF89305F24816AD415A7396D731AD41CFA0
            Function 030BDE4C Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2013316412.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30b0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0f72b552c9ef387fbff8a777217b4a8370c1eb567e69221d69bb643dca568ad0
            • Instruction ID: fb622a9b962d65d43fa604059d98a1056fc45532ced0577fea06250fc52f31e9
            • Opcode Fuzzy Hash: 0f72b552c9ef387fbff8a777217b4a8370c1eb567e69221d69bb643dca568ad0
            • Instruction Fuzzy Hash: D6A15C36A0130A9FCF09DFB4C8845DEBBF2FF88300B1545AAE815AB265DB75E955CB40
            Function 056C0508 Relevance: .2, Instructions: 221COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2017381788.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_56c0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 30f41a6f66aec7b2fc203a0f41730db9728faff3e6f96f8648e74fc10a9d8820
            • Instruction ID: a741dc7fc60026f35f131e7fc4d9a64f2f90beb45f451ba1ac7f650a9e8428f6
            • Opcode Fuzzy Hash: 30f41a6f66aec7b2fc203a0f41730db9728faff3e6f96f8648e74fc10a9d8820
            • Instruction Fuzzy Hash: BCC1F5B08037468ED720EF65EC481897BF1BB86318F605219DD616B2ECDBBC15AACF54
            Function 07404538 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d51792f42c7c7440295180fcd0481d74dfc7ffca47b71f6e9114b0aa4e9d40ec
            • Instruction ID: b85c3d69139bd4826058ccf67f7ae64c83bd9d27746760e509f23360176377b4
            • Opcode Fuzzy Hash: d51792f42c7c7440295180fcd0481d74dfc7ffca47b71f6e9114b0aa4e9d40ec
            • Instruction Fuzzy Hash: A9513AB4E002598BDB14CFA9C5409EEFBF2FF89305F24816AD418AB356D7359A41CFA1
            Function 07404101 Relevance: .1, Instructions: 135COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2018359549.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7400000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6eefe7d44434b195ee2766cb87a547d0fa407b37761d91724a463ba5061e992c
            • Instruction ID: 487ab644c04a0fbc6592e000f07db0fa80a964b6481c92c493fc1e6e51786cac
            • Opcode Fuzzy Hash: 6eefe7d44434b195ee2766cb87a547d0fa407b37761d91724a463ba5061e992c
            • Instruction Fuzzy Hash: D9511CB4E002598FDB14CFA9C5805EEFBB2BF89305F24816AD518AB356D7319942CFA1

            Execution Graph

            Execution Coverage:0.6%
            Dynamic/Decrypted Code Coverage:6.2%
            Signature Coverage:10.9%
            Total number of Nodes:64
            Total number of Limit Nodes:6
            execution_graph 96824 402454 96825 40246d 96824->96825 96828 430377 96825->96828 96831 42e8d7 96828->96831 96830 4024e2 96832 42e8fa 96831->96832 96837 407e07 96832->96837 96834 42e910 96836 42e92f 96834->96836 96840 41b887 NtClose 96834->96840 96836->96830 96839 407e14 96837->96839 96841 416c37 96837->96841 96839->96834 96840->96836 96842 416c51 96841->96842 96844 416c67 96842->96844 96845 42d6c7 96842->96845 96844->96839 96847 42d6e1 96845->96847 96846 42d710 96846->96844 96847->96846 96852 42c327 96847->96852 96850 42ece7 RtlFreeHeap 96851 42d780 96850->96851 96851->96844 96853 42c344 96852->96853 96856 2e92c0a 96853->96856 96854 42c36d 96854->96850 96857 2e92c1f LdrInitializeThunk 96856->96857 96858 2e92c11 96856->96858 96857->96854 96858->96854 96796 425467 96801 425480 96796->96801 96797 425513 96798 4254cb 96804 42ece7 96798->96804 96801->96797 96801->96798 96802 42550e 96801->96802 96803 42ece7 RtlFreeHeap 96802->96803 96803->96797 96807 42cff7 96804->96807 96806 4254db 96808 42d014 96807->96808 96809 42d022 RtlFreeHeap 96808->96809 96809->96806 96810 42ff07 96811 42ece7 RtlFreeHeap 96810->96811 96812 42ff1c 96811->96812 96813 42fea7 96814 42feb7 96813->96814 96815 42febd 96813->96815 96818 42edc7 96815->96818 96817 42fee3 96821 42cfb7 96818->96821 96820 42ede2 96820->96817 96822 42cfd1 96821->96822 96823 42cfdf RtlAllocateHeap 96822->96823 96823->96820 96859 42c2d7 96860 42c2f4 96859->96860 96863 2e92df0 LdrInitializeThunk 96860->96863 96861 42c319 96863->96861 96864 4250d7 96865 4250f3 96864->96865 96866 42511b 96865->96866 96867 42512f 96865->96867 96868 42cca7 NtClose 96866->96868 96874 42cca7 96867->96874 96870 425124 96868->96870 96871 425138 96877 42ee07 RtlAllocateHeap 96871->96877 96873 425143 96875 42ccc1 96874->96875 96876 42cccf NtClose 96875->96876 96876->96871 96877->96873

            Executed Functions

            Function 0042CCA7 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 10 42cca7-42ccdd call 4050f7 call 42dea7 NtClose
            APIs
            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCD8
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: c8a923d74aaa43b35c1a66fc44d62fec0e82fffb0884a48136f881318f0e9087
            • Instruction ID: 8d802af23a96eb3e2a23b59d206ea9c736b9fb4daf8d4af3e33f4eec0506bef9
            • Opcode Fuzzy Hash: c8a923d74aaa43b35c1a66fc44d62fec0e82fffb0884a48136f881318f0e9087
            • Instruction Fuzzy Hash: 75E086752006147FD220FB5ADC01E9B776CDFC5714F004029FA0867541CA70B901CBF5
            Function 02E92C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 15 2e92c0a-2e92c0f 16 2e92c1f-2e92c26 LdrInitializeThunk 15->16 17 2e92c11-2e92c18 15->17
            APIs
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 4febc4344f3a1533fea2496564cd024aad870b4202b16d71092b1f9d87f6514d
            • Instruction ID: 579fe55573310d1b194db302aa7a751feedee16f415624d1dab251956b838ab4
            • Opcode Fuzzy Hash: 4febc4344f3a1533fea2496564cd024aad870b4202b16d71092b1f9d87f6514d
            • Instruction Fuzzy Hash: 89B09B71D415C5D5DE51E7604A097177D0067D0705F15D062D3030651F4738D1D1F175
            Function 02E92DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 19 2e92df0-2e92dfc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 208a67ea0c5b6abb7b68b280df0657427291874bdfb190321ce6b5ec93df911b
            • Instruction ID: af2a097763596b666b93287769eb9d821e9ed44f5a33f4351a994ca98df09603
            • Opcode Fuzzy Hash: 208a67ea0c5b6abb7b68b280df0657427291874bdfb190321ce6b5ec93df911b
            • Instruction Fuzzy Hash: E890027174140413D551B1984515707040987D0241F95D412A0434958D96569A52E121
            Function 0042CFF7 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 5 42cff7-42d038 call 4050f7 call 42dea7 RtlFreeHeap
            APIs
            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,107A408C,00000007,00000000,00000004,00000000,004177F7,000000F4), ref: 0042D033
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID:
            • API String ID: 3298025750-0
            • Opcode ID: 684f59b4a99ecffe6300779fca406fb77f66ca9d20013df4dcb2258938b19368
            • Instruction ID: 50a970cbb9cf587688883670e7fd4a2bd9f4f6141dc7605489c8062515ee2a89
            • Opcode Fuzzy Hash: 684f59b4a99ecffe6300779fca406fb77f66ca9d20013df4dcb2258938b19368
            • Instruction Fuzzy Hash: 6EE09A72200608BBD620EF4ADC42FAB33ADEFC9710F004419F908A7241DA30B810CBB9
            Function 0042CFB7 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 0 42cfb7-42cff5 call 4050f7 call 42dea7 RtlAllocateHeap
            APIs
            • RtlAllocateHeap.NTDLL(?,0041ED22,?,?,00000000,?,0041ED22,?,?,?), ref: 0042CFF0
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: AllocateHeap
            • String ID:
            • API String ID: 1279760036-0
            • Opcode ID: 7ca60c6cb48d5b57d0494ce1412e428a874c562911fc2f1f7796968a1db6dd3e
            • Instruction ID: 34f0e98fa0a2fdc3a51bb3ba3cb3d15b2438fc244a9af6a793f07796520581a7
            • Opcode Fuzzy Hash: 7ca60c6cb48d5b57d0494ce1412e428a874c562911fc2f1f7796968a1db6dd3e
            • Instruction Fuzzy Hash: F3E092712006047BD614EF59DC42EAB33ACDFC5710F004419F908A7282CA30B911CBB5

            Non-executed Functions

            Function 02ED2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2160512332
            • Opcode ID: ff30c8f5a8873511fa98a0030e5e6c42a1c3a2d52d1f65a5477bf16aa97d5206
            • Instruction ID: 04345306a83d19c94364a7eb1ceeb8923c09ccfd50b44eff10531b6559a49209
            • Opcode Fuzzy Hash: ff30c8f5a8873511fa98a0030e5e6c42a1c3a2d52d1f65a5477bf16aa97d5206
            • Instruction Fuzzy Hash: 8D92AE71688341AFE721CF24C880B6BB7E9BB84758F04A81DFE95D7251D770E846CB92
            Function 00401440 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 257COMMON
            Download Yara Rule
            APIs
            • DefWindowProcW.USER32(?,?,?,?), ref: 0040152C
            • DefWindowProcW.USER32(?,00000111,?,?,00006D72), ref: 004015E3
            • DestroyWindow.USER32(?,00006D72), ref: 00401602
            • DialogBoxParamW.USER32(?,00000067,?,00401750,00007D08), ref: 00401677
            • BeginPaint.USER32(?,?), ref: 004016B2
            • EndPaint.USER32(?,?), ref: 004016E3
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Window$PaintProc$BeginDestroyDialogParam
            • String ID: VUUU$gfff$gp$rm$|'
            • API String ID: 1747845075-1856886469
            • Opcode ID: 13080e919f97487650c37bc551e8849b830f3dc1133e974430a0e127116b7626
            • Instruction ID: e63953aaf0a57ee63268fd2e31bd4fb6ef8de1a5beb50af963aeee86476893d6
            • Opcode Fuzzy Hash: 13080e919f97487650c37bc551e8849b830f3dc1133e974430a0e127116b7626
            • Instruction Fuzzy Hash: E681A1716042029BD718CF28DC4566BB7E5EBD8305F148A3FF596DB3E0E639D9018B8A
            Function 02E88620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
            Download Yara Rule
            Strings
            • corrupted critical section, xrefs: 02EC54C2
            • Critical section address., xrefs: 02EC5502
            • Thread is in a state in which it cannot own a critical section, xrefs: 02EC5543
            • Address of the debug info found in the active list., xrefs: 02EC54AE, 02EC54FA
            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02EC540A, 02EC5496, 02EC5519
            • double initialized or corrupted critical section, xrefs: 02EC5508
            • Critical section debug info address, xrefs: 02EC541F, 02EC552E
            • Thread identifier, xrefs: 02EC553A
            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02EC54CE
            • Invalid debug info address of this critical section, xrefs: 02EC54B6
            • 8, xrefs: 02EC52E3
            • undeleted critical section in freed memory, xrefs: 02EC542B
            • Critical section address, xrefs: 02EC5425, 02EC54BC, 02EC5534
            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02EC54E2
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
            • API String ID: 0-2368682639
            • Opcode ID: 79ba04c8c014db6828746b10e28ab79bbc13ac3df383ac738ea0f268ceb34fba
            • Instruction ID: ce1fba60df6ee7ec859eef2053d0ca9717d78c91d2df4ed00b1a92ca2cb375cc
            • Opcode Fuzzy Hash: 79ba04c8c014db6828746b10e28ab79bbc13ac3df383ac738ea0f268ceb34fba
            • Instruction Fuzzy Hash: 32819E71A80358AFEB20CF94C945FAEBBB5FB08715F60A119F909B7640D3B1A941CB50
            Function 02E829F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
            Download Yara Rule
            Strings
            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 02EC25EB
            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 02EC2412
            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 02EC2506
            • RtlpResolveAssemblyStorageMapEntry, xrefs: 02EC261F
            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 02EC2602
            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 02EC2624
            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 02EC2409
            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 02EC24C0
            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 02EC22E4
            • @, xrefs: 02EC259B
            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 02EC2498
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
            • API String ID: 0-4009184096
            • Opcode ID: 11aefc1ede7340b3c749b649575528c8b77349b6657eb8c2a7540aff0de0068a
            • Instruction ID: 1a3a6ca59d8d6e64600b05ea6eaf2f12185cdf379e8d8d60e7926a91b723a0dc
            • Opcode Fuzzy Hash: 11aefc1ede7340b3c749b649575528c8b77349b6657eb8c2a7540aff0de0068a
            • Instruction Fuzzy Hash: 520260F1D802689FDB21DB54CD80BEAB7B8AB44304F00A1DAEB4DA7241D7709E85CF59
            Function 02EF8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
            • API String ID: 0-2515994595
            • Opcode ID: 6b7d8ab1fcf6fa0491217c9f55a4c866ff75f8e7bfc457f0821a7c6c33da1358
            • Instruction ID: 62b4bcf28bf4d6ee6bf2da0a8555466c48db4c1fb9551b60d93107012b3984bc
            • Opcode Fuzzy Hash: 6b7d8ab1fcf6fa0491217c9f55a4c866ff75f8e7bfc457f0821a7c6c33da1358
            • Instruction Fuzzy Hash: 0C51E2716953659BD328DF148844BABB7ECEF85348F14E91DFA99C3240E770D508CB92
            Function 004468DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • IsDebuggerPresent.KERNEL32 ref: 00446B46
            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00446B5B
            • UnhandledExceptionFilter.KERNEL32(0D), ref: 00446B66
            • GetCurrentProcess.KERNEL32(C0000409), ref: 00446B82
            • TerminateProcess.KERNEL32(00000000), ref: 00446B89
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
            • String ID: 0D
            • API String ID: 2579439406-130544292
            • Opcode ID: d81b6c25e19a2d9ec8cae1b589d1c6b02e17c022864dc1bb6803dd6e7f13deb2
            • Instruction ID: db24e8c91dee091c23784a222e96b2410af1c8344314e4df57f2b287ac0a89ff
            • Opcode Fuzzy Hash: d81b6c25e19a2d9ec8cae1b589d1c6b02e17c022864dc1bb6803dd6e7f13deb2
            • Instruction Fuzzy Hash: 4721C4BD801308DFE710DF6AF9CA6447BA0FB0A315F10447AE50987361EBB4A9858F5E
            Function 02F00274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
            • API String ID: 0-1700792311
            • Opcode ID: 8033f1b08821755dcafe204b30a059bebbdbaa1d63eefe850acb5e10c26c7abf
            • Instruction ID: fa2ef080910fac2bbc60149a9bd92054ccc739e1092e9b9fefe0987458f3eea5
            • Opcode Fuzzy Hash: 8033f1b08821755dcafe204b30a059bebbdbaa1d63eefe850acb5e10c26c7abf
            • Instruction Fuzzy Hash: B3D1DE35A40688EFDB12DFA8D480BADBBF2EF49744F08805DE64A9B291CB34D941DF14
            Function 02ED89B3 Relevance: 10.3, Strings: 8, Instructions: 259COMMON
            Download Yara Rule
            Strings
            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 02ED8A3D
            • VerifierDlls, xrefs: 02ED8CBD
            • AVRF: -*- final list of providers -*- , xrefs: 02ED8B8F
            • VerifierDebug, xrefs: 02ED8CA5
            • VerifierFlags, xrefs: 02ED8C50
            • x-, xrefs: 02ED8A35, 02ED8A5F
            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 02ED8A67
            • HandleTraces, xrefs: 02ED8C8F
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags$x-
            • API String ID: 0-2804082870
            • Opcode ID: 334aefed06b9bb6e9d1e093ec0bf6850e52cb0018b1014fbe565dc7f1570786a
            • Instruction ID: 1683999f31c7fd40b07b4d12605612a86424c7cecbd592cc70217668c520984f
            • Opcode Fuzzy Hash: 334aefed06b9bb6e9d1e093ec0bf6850e52cb0018b1014fbe565dc7f1570786a
            • Instruction Fuzzy Hash: CE914672AC1704EFD711EF288880B5AB7E9AB51758F44E859F9456B280C7B09D03CB91
            Function 02E863FF Relevance: 9.0, Strings: 7, Instructions: 261COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c$x-
            • API String ID: 0-1849557854
            • Opcode ID: 720bcc83e3affb5761aa337dcdad502b63b0f202ccfd797fa39df639d6623142
            • Instruction ID: 4b1c88ce6e0b98c2afd81d7aa5b63d9dea89f6d1ddc5d5ca90d1971b491198c2
            • Opcode Fuzzy Hash: 720bcc83e3affb5761aa337dcdad502b63b0f202ccfd797fa39df639d6623142
            • Instruction Fuzzy Hash: 74915E30EC03189BEB29EF94D955BAD77E5BF11758F20E41DE9496B2C4DBB05802CB90
            Function 02E4645D Relevance: 8.9, Strings: 7, Instructions: 150COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c$x-
            • API String ID: 0-4211900417
            • Opcode ID: 6f64322b8eb3ab64c1a1de0bb2bcd269ecda5e185cb22069a08be90ecc71dafa
            • Instruction ID: babdfb65c6fda0fb2ec5f4446f95e11efea9300a00c7cc2c796c5717f504fa7c
            • Opcode Fuzzy Hash: 6f64322b8eb3ab64c1a1de0bb2bcd269ecda5e185cb22069a08be90ecc71dafa
            • Instruction Fuzzy Hash: F25105316C83049FE724DF24D851FABB7E9EB84748F00E91AF9869B151DB70E904CB92
            Function 02E5EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
            • API String ID: 0-1109411897
            • Opcode ID: 11cb603d91cd175c69a0b7550ca25c2880cb7fe779f70346380d1f78be84f8c5
            • Instruction ID: 2dcb5dda90e91c57d68d14eb7d5d8e3b4f43781b8451b0f8b1e50b741bedbb98
            • Opcode Fuzzy Hash: 11cb603d91cd175c69a0b7550ca25c2880cb7fe779f70346380d1f78be84f8c5
            • Instruction Fuzzy Hash: E2A26A70A5566A8FDF65DF18CD987EAB7B1AF45308F1492E9D80DA7291DB309E80CF00
            Function 02E8C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 02E8C6C3
            • Unable to build import redirection Table, Status = 0x%x, xrefs: 02EC81E5
            • LdrpInitializeProcess, xrefs: 02E8C6C4
            • Loading import redirection DLL: '%wZ', xrefs: 02EC8170
            • LdrpInitializeImportRedirection, xrefs: 02EC8177, 02EC81EB
            • minkernel\ntdll\ldrredirect.c, xrefs: 02EC8181, 02EC81F5
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-475462383
            • Opcode ID: 59e2b95f5a18dc1321619eb26e1ff66ac3befcb0a1a1d43fac4c26cc305687a5
            • Instruction ID: 859499cb1d3fba290063768d55ce30bfe601771fd9f754717342ec3606b93c22
            • Opcode Fuzzy Hash: 59e2b95f5a18dc1321619eb26e1ff66ac3befcb0a1a1d43fac4c26cc305687a5
            • Instruction Fuzzy Hash: 543145726C43459FD315EF28DA45E1AB7D1EF80B18F14A99CF9896B281D720DC05CBA2
            Function 02E82674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 02EC21BF
            • SXS: %s() passed the empty activation context, xrefs: 02EC2165
            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 02EC2178
            • RtlGetAssemblyStorageRoot, xrefs: 02EC2160, 02EC219A, 02EC21BA
            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 02EC2180
            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 02EC219F
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
            • API String ID: 0-861424205
            • Opcode ID: 9ace9ebadf8eaa0c0e92f6777a9a8396a37e211822d06c3b83c74bc372c6582e
            • Instruction ID: 2d32974a3c541e2606d1a890d17a685203298803c7a2efc5b1f3cf0ca935e9a7
            • Opcode Fuzzy Hash: 9ace9ebadf8eaa0c0e92f6777a9a8396a37e211822d06c3b83c74bc372c6582e
            • Instruction Fuzzy Hash: C5313776BC02647BFB219A958C45FABB769DB55B48F05E059FF0EA7200D2709E02C6E0
            Function 02E9096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 02E92DF0: LdrInitializeThunk.NTDLL ref: 02E92DFA
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E90BA3
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E90BB6
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E90D60
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E90D74
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
            • String ID:
            • API String ID: 1404860816-0
            • Opcode ID: 4700dc158e0e8c4c7362cbdcefd4b6766d98b2ceb42f21d4e7d46303e39aba19
            • Instruction ID: ce7f9bc89af134c913aaa27548427c70daaf592e4d2e3d4a38ff480f4c10bd57
            • Opcode Fuzzy Hash: 4700dc158e0e8c4c7362cbdcefd4b6766d98b2ceb42f21d4e7d46303e39aba19
            • Instruction Fuzzy Hash: EF426A71940715DFDF24CF68C980BAAB7F5BF04304F1495AAE989EB241E770AA85CF60
            Function 02E8C720 Relevance: 6.4, Strings: 5, Instructions: 141COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ,$ ,$Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
            • API String ID: 0-17049119
            • Opcode ID: 702863d1438ce2d649d08e81a9390091993d4453636e05fda448c209babad58d
            • Instruction ID: f5359c48eaee2dbe3aefed02a71366ae37f0c10b77d4d09817104f28916db513
            • Opcode Fuzzy Hash: 702863d1438ce2d649d08e81a9390091993d4453636e05fda448c209babad58d
            • Instruction Fuzzy Hash: 18412175AC0304ABD725EB74D944B5BB7E8AB45794F10A82AF98CD7250EBB0D800CFA1
            Function 02E5A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
            • API String ID: 0-379654539
            • Opcode ID: 716bae05a9f21bbf7425e570f45c4f3ba70cd1c21147eb7833760ba1ab4d3dec
            • Instruction ID: d96ab21d4636fb82be65abe032feb22d58f5d074f30ed75cd13b80821252a66c
            • Opcode Fuzzy Hash: 716bae05a9f21bbf7425e570f45c4f3ba70cd1c21147eb7833760ba1ab4d3dec
            • Instruction Fuzzy Hash: C3C169741983928FC711DF58C544BAAB7E4BF88708F04EA6AFD968B350E734C949CB52
            Function 02E88402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
            Download Yara Rule
            Strings
            • @, xrefs: 02E88591
            • minkernel\ntdll\ldrinit.c, xrefs: 02E88421
            • LdrpInitializeProcess, xrefs: 02E88422
            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 02E8855E
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1918872054
            • Opcode ID: 9e27db9e22b317ada50cfc7865d5075d0fb76a7fb44d5b6ac20ace0fad2ef21c
            • Instruction ID: 69af39d957b09ae69666be0023fc4fd92e02b049f13659766e31070eb69abd1b
            • Opcode Fuzzy Hash: 9e27db9e22b317ada50cfc7865d5075d0fb76a7fb44d5b6ac20ace0fad2ef21c
            • Instruction Fuzzy Hash: B691A5715C8344AFDB21EF61CC50FABB7E9AF84754F80992EFA8996141E330D904CB62
            Function 02E8273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
            Download Yara Rule
            Strings
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 02EC22B6
            • SXS: %s() passed the empty activation context, xrefs: 02EC21DE
            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 02EC21D9, 02EC22B1
            • .Local, xrefs: 02E828D8
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
            • API String ID: 0-1239276146
            • Opcode ID: fc325b450ce7703f2abed1d3ce017956ad7791d63d43cb6113c7d4c1572982b0
            • Instruction ID: 4b98a376a9e85534b625a28ab3d1a24f8725d60ee23b94af8981363f4e16feae
            • Opcode Fuzzy Hash: fc325b450ce7703f2abed1d3ce017956ad7791d63d43cb6113c7d4c1572982b0
            • Instruction Fuzzy Hash: 4CA1B335980269DBDB25DF94CC88BA9B3B1BF58318F2491EADD4CA7251D7309E81CF90
            Function 02E84AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
            Download Yara Rule
            Strings
            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 02EC3456
            • RtlDeactivateActivationContext, xrefs: 02EC3425, 02EC3432, 02EC3451
            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 02EC342A
            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 02EC3437
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
            • API String ID: 0-1245972979
            • Opcode ID: f5d4f6078b537971d877885fc99e112cc3663115849678f424f39287a29a2e34
            • Instruction ID: cc8c9682351de966c2e4052316effe153af79911f21f2b822716e74a94902b2a
            • Opcode Fuzzy Hash: f5d4f6078b537971d877885fc99e112cc3663115849678f424f39287a29a2e34
            • Instruction Fuzzy Hash: 316115326C0B129FD722DF58C941B6AB3A5FF84B58F24D55DF8999B280D730E801CB91
            Function 02E564AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
            Download Yara Rule
            Strings
            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 02EB10AE
            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 02EB106B
            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 02EB1028
            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 02EB0FE5
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
            • API String ID: 0-1468400865
            • Opcode ID: 9d7029254b4bd6ac27ea0dd3e06726d89f3a863409c0ead6ec3d28588f19be64
            • Instruction ID: 401070adb9f5e94d8eb579bc16d4241c488d9576a0d2ef0f2978e4ea5020baf2
            • Opcode Fuzzy Hash: 9d7029254b4bd6ac27ea0dd3e06726d89f3a863409c0ead6ec3d28588f19be64
            • Instruction Fuzzy Hash: 6071E171984314AFCB21DF14C884B9B7BADAF44768F40A869FD498B246D734D588CFD2
            Function 02E7245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 02EBA9A2
            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 02EBA992
            • apphelp.dll, xrefs: 02E72462
            • LdrpDynamicShimModule, xrefs: 02EBA998
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-176724104
            • Opcode ID: ab93e788a3e2bf2b4b6c0dab2faf0ef1375e75a13c6b69f5d67aa8f7627469a4
            • Instruction ID: 15b2d923ee0749241cfbde3ab420e16f0e6f8c5ee5b38cd3022dee63a7e1426f
            • Opcode Fuzzy Hash: ab93e788a3e2bf2b4b6c0dab2faf0ef1375e75a13c6b69f5d67aa8f7627469a4
            • Instruction Fuzzy Hash: 0A316835AC0204ABEF219F589844EEBF7F5FF85748F259469F901A7300D7B09891CB50
            Function 02ED20DE Relevance: 5.0, Strings: 4, Instructions: 41COMMON
            Download Yara Rule
            Strings
            • LdrpInitializationFailure, xrefs: 02ED20FA
            • minkernel\ntdll\ldrinit.c, xrefs: 02ED2104
            • Process initialization failed with status 0x%08lx, xrefs: 02ED20F3
            • x-, xrefs: 02ED20EB
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c$x-
            • API String ID: 0-1304524526
            • Opcode ID: c8842ec8a1a66868fe7cd82e1e840365aaae803902524928abf4ee3e1aee8b7d
            • Instruction ID: e5667a7efadcbc705c6a0497ff37ab101f50ae329ea67ce8e890f3fe8bd675e9
            • Opcode Fuzzy Hash: c8842ec8a1a66868fe7cd82e1e840365aaae803902524928abf4ee3e1aee8b7d
            • Instruction Fuzzy Hash: 73F02874AC020CABE714E648CC06F9577A8EB40B48F109459FB4077281D2F0A901CA50
            Function 02E629A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
            Download Yara Rule
            Strings
            • HEAP: , xrefs: 02E63264
            • HEAP[%wZ]: , xrefs: 02E63255
            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 02E6327D
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
            • API String ID: 0-617086771
            • Opcode ID: cb3466c5d0f4e14bd3cfc9558760330033f60a75b6a98b1e774a3537ae08f69d
            • Instruction ID: f3cd414c7a12ea0308d96dfa0c7cab936f8d8f602dc5797e453bb7e3ef75d384
            • Opcode Fuzzy Hash: cb3466c5d0f4e14bd3cfc9558760330033f60a75b6a98b1e774a3537ae08f69d
            • Instruction Fuzzy Hash: 7F92CB70A842489FDB25CF68C4487BEBBF1EF48748F18D0A9E859AB391D735A941CF50
            Function 02E60770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-4253913091
            • Opcode ID: 912882064052f786e5f9b697a52e9176b8e1fc61d216bfc12c4b70915f3a97e4
            • Instruction ID: 796de78942b52164b62f72d251a13892f7385bf446a56668d8319dbc7ac86855
            • Opcode Fuzzy Hash: 912882064052f786e5f9b697a52e9176b8e1fc61d216bfc12c4b70915f3a97e4
            • Instruction Fuzzy Hash: 9CF19C30A80605DFEB15CF68C898BBAB7B6FF44348F1491A8E5169B381D734E981CF90
            Function 02E76962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $@
            • API String ID: 0-1077428164
            • Opcode ID: 5a66ed4589761a33846bfe7f620914dccdd26c63c337d1efc40105f118e31a4f
            • Instruction ID: c5655afd77d2d1fccab4cea893176d0840792d1903112466586fc68cf28caa12
            • Opcode Fuzzy Hash: 5a66ed4589761a33846bfe7f620914dccdd26c63c337d1efc40105f118e31a4f
            • Instruction Fuzzy Hash: ACC291716487419FDB25CF24C880BABBBE5AF88748F14E92EF989C7250D734D845CB92
            Function 02E4A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: FilterFullPath$UseFilter$\??\
            • API String ID: 0-2779062949
            • Opcode ID: 61414a3827defc217a3b38b54328a28e9b618d076fe13a9eb232bbaeea30f3e2
            • Instruction ID: 525e17bbe7fcefcf2dd0ac9c2be52758f26ad21c0a10025e92f74acaa32d02b1
            • Opcode Fuzzy Hash: 61414a3827defc217a3b38b54328a28e9b618d076fe13a9eb232bbaeea30f3e2
            • Instruction Fuzzy Hash: 65A18F759812289BDF31DF24CC98BE9B7B9EF04714F1091EAE909AB210D735AE84CF54
            Function 02E70BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 02EBA121
            • LdrpCheckModule, xrefs: 02EBA117
            • Failed to allocated memory for shimmed module list, xrefs: 02EBA10F
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
            • API String ID: 0-161242083
            • Opcode ID: 9536b6944fd5e7d27514f609354aa6800f89f05498943bcceb60e9a273e35b1c
            • Instruction ID: c6768653734cea4ef92d45d6b25e2eb08e17ea91906d4c89343ecb01b88917f3
            • Opcode Fuzzy Hash: 9536b6944fd5e7d27514f609354aa6800f89f05498943bcceb60e9a273e35b1c
            • Instruction Fuzzy Hash: 8C71CC74A802099FDF19DF68C984BEEB7F5EF48308F189469E806E7250E774A985CB50
            Function 02E60A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-1334570610
            • Opcode ID: 6e6e9a7776a880cd69f58c3247567011159b86e2e4157a38a6a59098c58b17a0
            • Instruction ID: cd4f91ef7d672526a26c1cba4d9fb42441a9ce051d8056c623001aa654efffc4
            • Opcode Fuzzy Hash: 6e6e9a7776a880cd69f58c3247567011159b86e2e4157a38a6a59098c58b17a0
            • Instruction Fuzzy Hash: 1161BD70680312DFDB29CF24C494BBABBE1FF44348F14E469E44A8B296D770E881CB90
            Function 02F0C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
            Download Yara Rule
            Strings
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 02F0C1C5
            • @, xrefs: 02F0C1F1
            • PreferredUILanguages, xrefs: 02F0C212
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
            • API String ID: 0-2968386058
            • Opcode ID: abf6ee1ea0339013c93bd1e1b2932f41650d0f815a99cc6ab40e354e82870148
            • Instruction ID: 308ec6354adef006f3bc3e0c96cb31741ca13dfdfd8375fd18d26a71127a8fbe
            • Opcode Fuzzy Hash: abf6ee1ea0339013c93bd1e1b2932f41650d0f815a99cc6ab40e354e82870148
            • Instruction Fuzzy Hash: F9417F72E40209EBDF11DAD4C891BEEB7B9AB08B44F10816BEA05B7680D7749A44DB50
            Function 02EE4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
            • API String ID: 0-1373925480
            • Opcode ID: dfc8cbcfcdfb5cbfe50aa93f5d47f6bfa83131720bdfcff52508f5d20f9832b4
            • Instruction ID: 63d63db686d9f2542abf4902391c3bd9e275d88e4682d59f6e9c409846bb2c16
            • Opcode Fuzzy Hash: dfc8cbcfcdfb5cbfe50aa93f5d47f6bfa83131720bdfcff52508f5d20f9832b4
            • Instruction Fuzzy Hash: 124113719802588BEF26DB94C844BADB7B9EF49388F15949AE906FB7C0D7349901CB20
            Function 02ED4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 02ED4888
            • LdrpCheckRedirection, xrefs: 02ED488F
            • minkernel\ntdll\ldrredirect.c, xrefs: 02ED4899
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-3154609507
            • Opcode ID: 275f7944a86a2c6a516db00d2f6ee06bd87d25ffba4993a98ae0bea3b07355ec
            • Instruction ID: 6108e8ff7dc61fea9f05713d577fdd17bdf8ae5fd3b3bebb469d75a422afe1c0
            • Opcode Fuzzy Hash: 275f7944a86a2c6a516db00d2f6ee06bd87d25ffba4993a98ae0bea3b07355ec
            • Instruction Fuzzy Hash: D9410436AC02948FCB20CE68D940A66B7E5AF69798F059559FC89D7391D730D802CB80
            Function 02E60BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-2558761708
            • Opcode ID: 81a04c03728c7710819356ae2e5eaceb084c6470ed6ef7acefda7b5123077225
            • Instruction ID: a577660790abd5b885f7d6a2f236ce599f4c920466babfe9e0f2cd291358e88a
            • Opcode Fuzzy Hash: 81a04c03728c7710819356ae2e5eaceb084c6470ed6ef7acefda7b5123077225
            • Instruction Fuzzy Hash: EA11CD313D5112DFEB1AD724D465BB6B3A5EF40759F58E129E407DB290EB30D840CB50
            Function 02E603E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: #%u
            • API String ID: 48624451-232158463
            • Opcode ID: a78e5e7e00d0e4c8c95f995ca3d77a346e9b52e001ce3b6e757c495a2099eb0e
            • Instruction ID: f2fe355720a768384ccb51aac13098bb79182881d1bd47deb6beac963220a722
            • Opcode Fuzzy Hash: a78e5e7e00d0e4c8c95f995ca3d77a346e9b52e001ce3b6e757c495a2099eb0e
            • Instruction Fuzzy Hash: 8D715971A8010A9FDB11DFA8C994BEEB7F9FF08748F149065E905A7291EB34ED01CB60
            Function 02E5A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
            Download Yara Rule
            Strings
            • LdrResSearchResource Enter, xrefs: 02E5AA13
            • LdrResSearchResource Exit, xrefs: 02E5AA25
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
            • API String ID: 0-4066393604
            • Opcode ID: af8613bda2115e57a8701b2a518aa647f2156c2456e7d6e6d4cf99b9540d0673
            • Instruction ID: e4b0922e1005826e75c2747e66e18cb70725d13baeeae8ef8897a296c21564f6
            • Opcode Fuzzy Hash: af8613bda2115e57a8701b2a518aa647f2156c2456e7d6e6d4cf99b9540d0673
            • Instruction Fuzzy Hash: 87E17071E90629ABDF22CE99C954BEEB7BAAF04318F10A276FD01E7351D7349940CB50
            Function 02F1A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: `$`
            • API String ID: 0-197956300
            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction ID: 45bd88bd70440632d1c28ab190c611538db52ccd04d53fbef1f90ae9147eab9a
            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction Fuzzy Hash: 56C101326093419BDB24CF24C941B6BBBE6AFC4398F488A2DFA95CA290D775D505CF81
            Function 02ECE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Legacy$UEFI
            • API String ID: 2994545307-634100481
            • Opcode ID: f7f9d2d10d10389031d048076ea482ee2c381611b13844319e98c878c5d19ee2
            • Instruction ID: a61a06f0919be654758aa20b3240038f4584f3d54214f08dc93b040cdcb7f2de
            • Opcode Fuzzy Hash: f7f9d2d10d10389031d048076ea482ee2c381611b13844319e98c878c5d19ee2
            • Instruction Fuzzy Hash: 52618072E843189FDB14DFA8C940BADBBF9FB44704F28906DE649EB251D731A901CB50
            Function 02EF43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$MUI
            • API String ID: 0-17815947
            • Opcode ID: c227342d2494a9da72dfbdf877cbc5462c0245d8d4de1a26dfd9260872ac463c
            • Instruction ID: 4d9704a4950ff2fe6701a6bfe9c6a138dfed06865f47aebe961c26d10a5ca98c
            • Opcode Fuzzy Hash: c227342d2494a9da72dfbdf877cbc5462c0245d8d4de1a26dfd9260872ac463c
            • Instruction Fuzzy Hash: 45512A71D8021DAEDF11DFA5CC90AEFBBB9EB44758F10952AFA11B7290D7309A05CB60
            Function 02E504E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
            Download Yara Rule
            Strings
            • kLsE, xrefs: 02E50540
            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 02E5063D
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
            • API String ID: 0-2547482624
            • Opcode ID: dbe5cd738032b145b173319b31be7d3a87f09fb0b2d014c8172cbd86adfc0c50
            • Instruction ID: 75b2609885e550261cc6d4d288dd2f11a6d07f37a40082874549ab5571f27ebf
            • Opcode Fuzzy Hash: dbe5cd738032b145b173319b31be7d3a87f09fb0b2d014c8172cbd86adfc0c50
            • Instruction Fuzzy Hash: 11519C715A47628FC724EF64C5407A7B7E5AF88308F00A83EFD9A87640E7B09545CF92
            Function 02E5A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
            Download Yara Rule
            Strings
            • RtlpResUltimateFallbackInfo Exit, xrefs: 02E5A309
            • RtlpResUltimateFallbackInfo Enter, xrefs: 02E5A2FB
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
            • API String ID: 0-2876891731
            • Opcode ID: e28f1d15393f9c06aef5be72fd01f3af12b2097a9be087acbe22e9bc8c71ffd2
            • Instruction ID: e66725d798ab8f314dac228c69f44dca3278d652a04770c748ab524ef1f042c5
            • Opcode Fuzzy Hash: e28f1d15393f9c06aef5be72fd01f3af12b2097a9be087acbe22e9bc8c71ffd2
            • Instruction Fuzzy Hash: 6D41BC31A90665DBCB22CF69C890BAE77B4EF85708F14E1A9ED01DB391E735D900CB40
            Function 02E8A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Cleanup Group$Threadpool!
            • API String ID: 2994545307-4008356553
            • Opcode ID: 2fc0d3cec5a34c71ffc04b70d9aa7910786768076dd1f94ad16decc6c11fdf31
            • Instruction ID: 37e56ae9c95090dd6d2c3f750bf0087fbe7fb8be2a2341da6c116f4783a620d1
            • Opcode Fuzzy Hash: 2fc0d3cec5a34c71ffc04b70d9aa7910786768076dd1f94ad16decc6c11fdf31
            • Instruction Fuzzy Hash: 2601D1B2691744AFE311EF14CE45B2677E8E744719F00C93AB69DCB290E374D844DB4A
            Function 02E5C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MUI
            • API String ID: 0-1339004836
            • Opcode ID: 770a6d64d71d0354b2fc436d30c7c27c5325b33c41ae7a57596ed2450aa70f9b
            • Instruction ID: 6da476cbf73e47cbb0040d537a67a61cebf610b3db35a629d0940e6ba132a9fb
            • Opcode Fuzzy Hash: 770a6d64d71d0354b2fc436d30c7c27c5325b33c41ae7a57596ed2450aa70f9b
            • Instruction Fuzzy Hash: 5C824C75E503298BDB24CFA9C8907EDB7B5BF48318F24E16AEC19AB250D7309981CF50
            Function 02ED6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 846adad9d2b83ef9140623c0627504e3ea5170f180bc7c7906563a721a83b9ed
            • Instruction ID: 39cffda8b17cd3690b5989bf24527820d04f6fdec27ec771234aea791fa4f775
            • Opcode Fuzzy Hash: 846adad9d2b83ef9140623c0627504e3ea5170f180bc7c7906563a721a83b9ed
            • Instruction Fuzzy Hash: 94917F71A80219AFDB21DB94DC85FEEBBB9EF08B54F109065F600AB190D775AD41CFA0
            Function 02EFE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: b1b71afc6d2fa7cb7f50a09b98709e85f8e2265e82b35f8cac65fc474f9d25db
            • Instruction ID: 0257b1fa3e81c449927c582646ca30c42f4522c0695277f5936f2f5685713229
            • Opcode Fuzzy Hash: b1b71afc6d2fa7cb7f50a09b98709e85f8e2265e82b35f8cac65fc474f9d25db
            • Instruction Fuzzy Hash: ED91C331981248BBDB26AFA5DC48FEFBB7AEF45744F049025F605A7260E734A901CB91
            Function 02E8A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: GlobalTags
            • API String ID: 0-1106856819
            • Opcode ID: 3131f495ce92ebf08523292ac554f1f0ccbf2989190268d1bcd1489aaebe3424
            • Instruction ID: 74521e64abd36bec725ebd799ec0b3ddadb84f83f3b57c0ddbe969a3b54871b9
            • Opcode Fuzzy Hash: 3131f495ce92ebf08523292ac554f1f0ccbf2989190268d1bcd1489aaebe3424
            • Instruction Fuzzy Hash: F1714C75E442199BDB28DF98C6906EEBBB6BF88708F24D52EE805A7340D7749902CF50
            Function 02E6E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: EXT-
            • API String ID: 0-1948896318
            • Opcode ID: d1b8db6c6f7cbdeb20fe9565fb49b4245d0dd7390eba889def169fded16c9ede
            • Instruction ID: 2b506f675489a78f382763b4d7a59f5288509ebb195dd3b8c985deec1386e3e7
            • Opcode Fuzzy Hash: d1b8db6c6f7cbdeb20fe9565fb49b4245d0dd7390eba889def169fded16c9ede
            • Instruction Fuzzy Hash: 8B41D4755D83019BD710DA74C848FBBB7E9AF88758F08A92DFA85D7180E734D904CB92
            Function 02ECC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryHash
            • API String ID: 0-2202222882
            • Opcode ID: a47f082a615a4b8d4dd8419f56e40c215870bef6a28f6446d0fdeec8f7eaa49b
            • Instruction ID: ec625bc890ec3f3ea9c0749bd0f62140e8650adb107cd6a9d851a4f742eaf3cd
            • Opcode Fuzzy Hash: a47f082a615a4b8d4dd8419f56e40c215870bef6a28f6446d0fdeec8f7eaa49b
            • Instruction Fuzzy Hash: A44168B2D4012CAADF11DA90CD84FDE777DAB44718F1095EABA0CA7140DB309E49CF94
            Function 02ED07C3 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: tn
            • API String ID: 0-3961781154
            • Opcode ID: 8b983278809c9a9e83e9f6d42304291aee2bef4d920e7b9085c50020cba698a1
            • Instruction ID: 20b36404b0db1a0070f6a5730faf652a1a03869d0f6e5957285d1e1a21d671d6
            • Opcode Fuzzy Hash: 8b983278809c9a9e83e9f6d42304291aee2bef4d920e7b9085c50020cba698a1
            • Instruction Fuzzy Hash: 0941AE719843449FD720DF24C844B9BBBE8FF88754F009A2EF598C7290D7709805CB92
            Function 02EE6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: #
            • API String ID: 0-1885708031
            • Opcode ID: 11b680c7b36917e9e5d87665913832ea36c7e47929a2a953a4aec6f9f4a7b8e7
            • Instruction ID: f590d83fa1c7af0913353e2a944ff5e41c268414398e2706ada8c028009c4be6
            • Opcode Fuzzy Hash: 11b680c7b36917e9e5d87665913832ea36c7e47929a2a953a4aec6f9f4a7b8e7
            • Instruction Fuzzy Hash: A6314631A807489BDF21CB68C850BEEB7BDDF6570CF109068E842AB282D775D805CB50
            Function 02ECCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryName
            • API String ID: 0-215506332
            • Opcode ID: e72fbda3c746a53eb631d68a585688aa6c44601a11a6ef679b4d3766079d94d2
            • Instruction ID: a67b239c110b542818e612621e17547108cdeea1c4110a10f2fa1738d1b5eaae
            • Opcode Fuzzy Hash: e72fbda3c746a53eb631d68a585688aa6c44601a11a6ef679b4d3766079d94d2
            • Instruction Fuzzy Hash: 26312436980505AFDB15CAD8CA65EABB774EB80754F31E46EB909A7250D7309E02CBE0
            Function 02ED06F1 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: x-
            • API String ID: 0-703316267
            • Opcode ID: 6986ae7155d1f99739d2e590516de5773b4e07b9eaef1ff7cf0af644c2d9467e
            • Instruction ID: 33983cee1c5112ade9d3ae1ccbfa171b8d59229413468dc6b5223b32c387a945
            • Opcode Fuzzy Hash: 6986ae7155d1f99739d2e590516de5773b4e07b9eaef1ff7cf0af644c2d9467e
            • Instruction Fuzzy Hash: 5821A071A401299BCF10DF59C881ABEB7F5FF48744F444069F441AB240D778AD52CFA0
            Function 02EF2000 Relevance: .8, Instructions: 757COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d3d4e0e8759566015c6cbb8a06e467084026aad8752b9d59f8976251497bb705
            • Instruction ID: 3a8d006c6ea1d3f79082ecd539ca18d802963407a551fe4617f60dd470ec0ea6
            • Opcode Fuzzy Hash: d3d4e0e8759566015c6cbb8a06e467084026aad8752b9d59f8976251497bb705
            • Instruction Fuzzy Hash: C442D3726883419BDB65CF64C890B6BB7E6BF88308F44A92DFF8687250D770D845CB52
            Function 02EE8158 Relevance: .6, Instructions: 617COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4857b3bd8b42c4e4804256b3be0654eca7e1fd925db7035f03a43de5c0308a98
            • Instruction ID: b42cdfaf7bf8ae368747708761313c0de1674c158b113fa8fbe6f6ca545a3185
            • Opcode Fuzzy Hash: 4857b3bd8b42c4e4804256b3be0654eca7e1fd925db7035f03a43de5c0308a98
            • Instruction Fuzzy Hash: A2425975A402198FDF24CF69C881BADB7F6BF88304F14D09AE84AEB251D7349981CF60
            Function 02E62840 Relevance: .6, Instructions: 605COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0f0fe02f3102afef90d33a88502d656f5481b025b6acf85c5750e708bb86ec34
            • Instruction ID: e4ff794e35a22747cf17d6264fc2488028444fddb962699c399e154ec0fac98f
            • Opcode Fuzzy Hash: 0f0fe02f3102afef90d33a88502d656f5481b025b6acf85c5750e708bb86ec34
            • Instruction Fuzzy Hash: 5632DE70A807598BDB26CF69C8547FFBBFABF84308F149519E9869B284D735A801CF50
            Function 02EFA118 Relevance: .6, Instructions: 591COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fe88ae9a58c044a91daddb36b5a515e1b88e578f535c5c2b970565a67a986662
            • Instruction ID: ab1fd55aaad13c2bc5d2de7a472d946a307116b8615e6ae491798ba8f08b2d27
            • Opcode Fuzzy Hash: fe88ae9a58c044a91daddb36b5a515e1b88e578f535c5c2b970565a67a986662
            • Instruction Fuzzy Hash: F322E2742846518FDBA4CF29C0907B6B7F1AF44348F18D4A9EA8E8F385E735E552CB60
            Function 02E56A50 Relevance: .5, Instructions: 548COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a526990628db5a1cd1b69f6c24f148cfecf693a80559fc2656fb0300ed8d4f7b
            • Instruction ID: b499272b8e49a9c08c9053b5b87c9d6f2fd1b5276bca6bbc0c477bffbf4abb17
            • Opcode Fuzzy Hash: a526990628db5a1cd1b69f6c24f148cfecf693a80559fc2656fb0300ed8d4f7b
            • Instruction Fuzzy Hash: C9329A70A41614CFCB25CF68C490BEAB7F6FF48318F549569E95AAB391DB30E841CB90
            Function 02E74A35 Relevance: .4, Instructions: 423COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction ID: 880f2fdaa38ead881948bf0731082d04a8d66a06d927ff7c160fb1b0103c58a2
            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction Fuzzy Hash: 18F17B70E802199BDF19CFA5D990BEEB7B6AF48308F04D169ED45AB280E774DC41CB60
            Function 02E565D0 Relevance: .4, Instructions: 383COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 75a8f49a83f10b8976d4cc5515a65771c27df2871c121dff097822cc0f2bb581
            • Instruction ID: 58040034b7f81d5e4f790a8928a93c19d352a5b968977d76fd47e28c64a6d94f
            • Opcode Fuzzy Hash: 75a8f49a83f10b8976d4cc5515a65771c27df2871c121dff097822cc0f2bb581
            • Instruction Fuzzy Hash: E9E18971648351CFC714CF28C090A6ABBE5FF89318F449A6DE9998B351DB31E905CF92
            Function 02E48397 Relevance: .4, Instructions: 380COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 014d3e8df0c730036fcd684d1308a8af0520d1a8e1f37bbc2ef9793483ea75f6
            • Instruction ID: 409f52f800e379def40bb87f5bd42d69c926bade555025dbc0c38169d3afd466
            • Opcode Fuzzy Hash: 014d3e8df0c730036fcd684d1308a8af0520d1a8e1f37bbc2ef9793483ea75f6
            • Instruction Fuzzy Hash: 6FD1C071A806069BDB14DF68DCA0EBA77A6BF5430CF05D62DF916DB280EB34E941CB50
            Function 02ED8243 Relevance: .3, Instructions: 322COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction ID: 5374074912641723ec0a1721e51bb6f0e2f10c73168486edbf87395b201314b4
            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction Fuzzy Hash: 15B19F74A40605AFDB24DF94C940BABB7BAFF84318F10E46AA94697790DB34ED07CB10
            Function 02E60535 Relevance: .3, Instructions: 300COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction ID: 1e9cd381155d1368e3f55ce2b586298e82ad784e1ca48324616d3cc73c69bf97
            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction Fuzzy Hash: 37B15631680655AFDB26DB64C894BFFB7F6BF44348F14A198E5429B282DB30E941CB90
            Function 02E583C0 Relevance: .3, Instructions: 281COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 180d66ba60cc9f3d174d84bf162b0e0d7725359c33117ea909e733fad5cac559
            • Instruction ID: 12442238d7f75eb53f1165782338bf15256804990d3733715d2fc208b8cdd3c2
            • Opcode Fuzzy Hash: 180d66ba60cc9f3d174d84bf162b0e0d7725359c33117ea909e733fad5cac559
            • Instruction Fuzzy Hash: 43C15974158380CFD764CF15C494BABB7E5BF88308F44996EE9898B290DB74E948CF92
            Function 02E4C427 Relevance: .3, Instructions: 280COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 094e8a006e71dbc35191212fd707d6289b816659ab284ad2e336969b124b0242
            • Instruction ID: 3bd27c288d0635f5deeb691471e3788fc3e41ccbb4f4abeb53d421e4bb8dc470
            • Opcode Fuzzy Hash: 094e8a006e71dbc35191212fd707d6289b816659ab284ad2e336969b124b0242
            • Instruction Fuzzy Hash: B1B16270A402558BDB24DF64D890BADB3B6EF44704F14E5EAD50AEB290EB749D86CF20
            Function 02E7E5E7 Relevance: .3, Instructions: 278COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6d2f869276e0482eb7b7d9d24a6eb3b1c21d55843c3a4c3bd1b64a6fcdeb7e7b
            • Instruction ID: de2d565b908fef54adddc5c8ac1c6d63b4fe7e3f69a2ad28ac3ce9105cb423d0
            • Opcode Fuzzy Hash: 6d2f869276e0482eb7b7d9d24a6eb3b1c21d55843c3a4c3bd1b64a6fcdeb7e7b
            • Instruction Fuzzy Hash: D6A13831E806589FDF22DB98CC44BEEB7B5AF01758F09A1A1FE00AB691D7749D40CB90
            Function 02E90185 Relevance: .3, Instructions: 276COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 50bc4df03cccba194ee79b7c9931024ffaf899b3fdfcb37c5d85171f4613d67d
            • Instruction ID: b26826faf0199f5bffa225ca30222e30752afaf28b4870e90d49370375667455
            • Opcode Fuzzy Hash: 50bc4df03cccba194ee79b7c9931024ffaf899b3fdfcb37c5d85171f4613d67d
            • Instruction Fuzzy Hash: 9CA1D470B80616DFDF24DF65C990BBAB7B1FF54318F50902AEA0597281EB34E812CB50
            Function 02F24500 Relevance: .3, Instructions: 275COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b289122c7c8a44acdcfb86fbf0dc472f075ef7c40ab7e4ce803922634eaa1c8
            • Instruction ID: 34ef757e6f0198de2d94af93bc797bdce37a4d3115bac3ae1bc4aec945db586c
            • Opcode Fuzzy Hash: 9b289122c7c8a44acdcfb86fbf0dc472f075ef7c40ab7e4ce803922634eaa1c8
            • Instruction Fuzzy Hash: ECA1DC72A50661AFC711DF14C980B6AB7EAFF4A788F414928F685DB650C3B0EC44CF91
            Function 02F22B57 Relevance: .3, Instructions: 266COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction ID: 070342cc5f3dbc4e1687037eb10b0b3283870a823471223075b3e91955b0333f
            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction Fuzzy Hash: BDB15871E4062ADFCF18CFA8C880AADB7B5FF49354F54812AEA15A7350D730A949CF90
            Function 02ED60E0 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6f48687c309b50592ea11bbde91a56ecddb1763a0e92bc3516d805634cef3f50
            • Instruction ID: 78e7cb20945cf574f887ffb44c9cd726a80b5e813dcfec6795e7b4bb48da1b6c
            • Opcode Fuzzy Hash: 6f48687c309b50592ea11bbde91a56ecddb1763a0e92bc3516d805634cef3f50
            • Instruction Fuzzy Hash: 4091B271D40215AFDF15CFA8E884BAEBBB9AF48704F119169E614EB341D734E901DFA0
            Function 02E6E3F0 Relevance: .3, Instructions: 261COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dd8af5e1e32827694e5c2a988364e087254a755395bc792a5ee743b69bf1293d
            • Instruction ID: 428f1077bf2c533c66defb21cc7987dba1504f96fca2a3ec9d5f667c01eca5af
            • Opcode Fuzzy Hash: dd8af5e1e32827694e5c2a988364e087254a755395bc792a5ee743b69bf1293d
            • Instruction Fuzzy Hash: E0912535AC06158BDB259B68C448FBAB7A2EF88798F09E065EE059B781E734D801CF51
            Function 02EA6ACC Relevance: .2, Instructions: 226COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 26ae67a2c30b23d6b8d12923ce8a7d69ee20abf25f66e28f2b53c9b3b67381e4
            • Instruction ID: 7346988e1ef9f5b51c573ce514834cebb4a57ee7910c5f9ffce21df97c373fbc
            • Opcode Fuzzy Hash: 26ae67a2c30b23d6b8d12923ce8a7d69ee20abf25f66e28f2b53c9b3b67381e4
            • Instruction Fuzzy Hash: 4F81A271A406199BDF24CF69C860AFEBBF9FB49704F14952EE446DB640E334E940CBA4
            Function 02F1AB40 Relevance: .2, Instructions: 222COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction ID: 5053b839066d68994e9f9659cd4a3d7a77c63fcb042df80a8380b6721630c352
            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction Fuzzy Hash: 8B819475B016059FCF18CFA9C990AAEB7F2FF84354F548169DA169B384DB34E901CB50
            Function 02E8E284 Relevance: .2, Instructions: 212COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9268132d162e46345c16fc1c3abd7a3bbd363de11df0190855dc05d5f230198d
            • Instruction ID: 2d4055bc01fa9381ac3b3a7335c54c1e2498dfca086e4501cb10f5191d0adf55
            • Opcode Fuzzy Hash: 9268132d162e46345c16fc1c3abd7a3bbd363de11df0190855dc05d5f230198d
            • Instruction Fuzzy Hash: 21819C71A40609AFDB25DFA5C880BEEB7BAFF48358F14942DF599A7210D730AC05CB60
            Function 02E6C640 Relevance: .2, Instructions: 206COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 08442658ead1a0addd650c77886e1fc1d2e3e4eb0381e2ca469d0c5a86840148
            • Instruction ID: 5c90b386a1ab6ebe1c799aec414861c811af5b6f8896e28561a7ba6424814856
            • Opcode Fuzzy Hash: 08442658ead1a0addd650c77886e1fc1d2e3e4eb0381e2ca469d0c5a86840148
            • Instruction Fuzzy Hash: BC71D175C806299BCB25CF58D8947FEBBB9FF59744F24A51BE882A7350D3709800CB90
            Function 02F047A0 Relevance: .2, Instructions: 202COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 042cdad4e4d0d0e0320cb43dd6b1ac9cb374e75412f8ba31b2c3de5a009f097a
            • Instruction ID: 17c85842f0c10f8674db2d57f8eddeafaf70fe08cd4200503a4337908a06a750
            • Opcode Fuzzy Hash: 042cdad4e4d0d0e0320cb43dd6b1ac9cb374e75412f8ba31b2c3de5a009f097a
            • Instruction Fuzzy Hash: 2C719F70E40208EFCF10CF96DA80A5AFBF9EB96794B00856AE715E7294C7B18900EF54
            Function 02E6260B Relevance: .2, Instructions: 201COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 39e924779258bcf2a494176c9a9d316e1716cf222ab7e4a753745d1c70b1153e
            • Instruction ID: 23d6deed728f9bde1a547afc22e40bab7fcfc3b5c495d84316cef0d2053948a6
            • Opcode Fuzzy Hash: 39e924779258bcf2a494176c9a9d316e1716cf222ab7e4a753745d1c70b1153e
            • Instruction Fuzzy Hash: 4371CE71A842418FC311DF28C488B7AB7E6FF84354F04D5AAE9998B751DB34EC46CB91
            Function 02EE62A0 Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7d080ea7dcbdd43edabd1abf5583b43b4e3561c7e58ce695e9b2bffcbd0e353d
            • Instruction ID: 0b420e610cb3c566c0b384723c11fa30be45005e103d4175a813a526f4e706a6
            • Opcode Fuzzy Hash: 7d080ea7dcbdd43edabd1abf5583b43b4e3561c7e58ce695e9b2bffcbd0e353d
            • Instruction Fuzzy Hash: 3171DF32280B01AFDF219F14C844F6AB7EAFF94768F14D828E6568B2A0D775E944CB50
            Function 02ED035C Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction ID: 5545311ead9c4b370dd47b95c34939694d4d426797079a991f7c9589d8396607
            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction Fuzzy Hash: 85717071A40609AFCB10DFA5C984EEEBBB9FF48744F148569E905A7250DB30EA42CF50
            Function 02E58AA0 Relevance: .2, Instructions: 197COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b4efab813a8b0b89f2a860ea5809bef50b9655ec6dee062502ffd52a1d8e56df
            • Instruction ID: dbce49a6e1b921c66c862c5ba4153c4359785dff2d4bb6ac6f080c7352393fa2
            • Opcode Fuzzy Hash: b4efab813a8b0b89f2a860ea5809bef50b9655ec6dee062502ffd52a1d8e56df
            • Instruction Fuzzy Hash: 0F81BE76E947168FCB15CF98D580BEEB3B6AF48328F15A229DD04AB281D7749D40CB90
            Function 02F28324 Relevance: .2, Instructions: 192COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 508741b17fcab824b1bcb91a20a058594eb3495c3bf923c1162ff3587bbf73d1
            • Instruction ID: 54561e1267130da97f7a5ba38cc700cb10cf4f734a4effd2ea0f664163876d8d
            • Opcode Fuzzy Hash: 508741b17fcab824b1bcb91a20a058594eb3495c3bf923c1162ff3587bbf73d1
            • Instruction Fuzzy Hash: 4E712A72E40219BFDF15DB94C841FEEBBB9EB053A0F104159EA11B6290D774AA05CFA0
            Function 02F0A250 Relevance: .2, Instructions: 184COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 88bee85d43b953edf873036a37c66782d347350d804b2ed3604efb37fa076204
            • Instruction ID: 3b24092c5fb0baac643b6a518993587d3d8da3d8d7ce0f482d9b5ce1b0c2a1a0
            • Opcode Fuzzy Hash: 88bee85d43b953edf873036a37c66782d347350d804b2ed3604efb37fa076204
            • Instruction Fuzzy Hash: 5351CF76904701AFD711DE68C984E5BB7E9EBC4794F014929BF40DB2A0D731ED05CBA2
            Function 02EF8350 Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5ea266de5f23122e98f08d397443f39a51b48b388afa5b77324073eb76e44791
            • Instruction ID: cf583994bfc541bab2c7026b51e67913a864c8e8c356b15fea01b0362d815521
            • Opcode Fuzzy Hash: 5ea266de5f23122e98f08d397443f39a51b48b388afa5b77324073eb76e44791
            • Instruction Fuzzy Hash: 4051DE70940704AFDB60CF66C880AABFBF9BF94714F10961EE296976A0D7B0A541CB90
            Function 02E8E443 Relevance: .2, Instructions: 158COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3ad24f64faf3757317e4ff66ecdff74797524a7f6fe12f1ce08091d1b104fbee
            • Instruction ID: 52b43500b1e384b3586c2259a3bdffb8a42f128b4d536c10f907a2fea79b30b8
            • Opcode Fuzzy Hash: 3ad24f64faf3757317e4ff66ecdff74797524a7f6fe12f1ce08091d1b104fbee
            • Instruction Fuzzy Hash: 14517E71280A04DFCB21EFA4C984FAAB3FAFF08784F55946AF54997260D734E941CB60
            Function 02EF4180 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a69546a75dcf6a42603ede129e543906c91018b3167b56d8e4dceda2d44cf67c
            • Instruction ID: c77a62d12a5000996e2596435fab580426b0c0c4875c60ada3e611f85bd6206a
            • Opcode Fuzzy Hash: a69546a75dcf6a42603ede129e543906c91018b3167b56d8e4dceda2d44cf67c
            • Instruction Fuzzy Hash: 22518A716483458FD794DF29D880A6BB7E6BFC8708F44992EF689C7290EB30D905CB52
            Function 02E745B1 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction ID: e97b8267b6e05574a6d6c5b8a53a25e58be8b139b700bb3c3c0783f4a793d987
            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction Fuzzy Hash: DB517F71E40219ABCF15DFA4C440BEEBBB5AF45758F049069E901AB280D774DE45CBA4
            Function 02EDE9E0 Relevance: .2, Instructions: 154COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction ID: b0b22baa4de03e3e73023c394eeffc621f7cf1dce97902e4025317c7f62cfec8
            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction Fuzzy Hash: F151BA31D80619EFDF309F94C898BAEB7B5AF0036CF19D655E9116B190D730AE42CB90
            Function 02F18B28 Relevance: .2, Instructions: 152COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb84f783be1f4a190c99b0dd9d13c5a1d0b7c578e15d76b8f3fe22d174cef63e
            • Instruction ID: aa6ff3ae2d94ea121787d8e67a270f9256bda824a136f6f73a411f64269c6b93
            • Opcode Fuzzy Hash: fb84f783be1f4a190c99b0dd9d13c5a1d0b7c578e15d76b8f3fe22d174cef63e
            • Instruction Fuzzy Hash: E3410971B026109BE729DB29CE94B7BB79BEF817E4F848118FA15872C0DB34D801CA90
            Function 02EDCBF0 Relevance: .1, Instructions: 148COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 21544256320fef8f14dd4b55fc7cbb42fde2c881be292cf13e058b8f21af2069
            • Instruction ID: 255f866a028dd2cbf5473594700fdae39c1f5794554feac2a076ba4ef6f7e817
            • Opcode Fuzzy Hash: 21544256320fef8f14dd4b55fc7cbb42fde2c881be292cf13e058b8f21af2069
            • Instruction Fuzzy Hash: 24517175D80219DFCB20DF65C980AAEF7F9FF45398B61A91AE505A7300D770A942CF90
            Function 02E8A430 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3289aca56aec3bcc9ceaf4840544e5be97e8f7044219cecd525e10fdcaf3b808
            • Instruction ID: 437957004a7580ab7b1a730bcdd399a6e1c62c8127a946d4a0ba5b6f49f630fd
            • Opcode Fuzzy Hash: 3289aca56aec3bcc9ceaf4840544e5be97e8f7044219cecd525e10fdcaf3b808
            • Instruction Fuzzy Hash: A0415735BC02049BDF14FFA4A980B6B73AAAB55348F00A47EFD4E9B201D7F19961CB50
            Function 02F1A9D3 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction ID: d75e8bef852244d3ca17b05d7d5b8464a3ee18834415a2ec22897a77b1650e54
            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction Fuzzy Hash: 50411D72A01705DFC725CF24C994A6AB7A9FF80394B45852EFA1187240EB31FC14CBD0
            Function 02E801F8 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 318b5093e36d16865853d3e70f4afabaa1b917cc8219851ce348c8d7352bc35a
            • Instruction ID: a0ef08503e5aa8d095960b12a6063fccea37a3b5aed6edf93703137845db8374
            • Opcode Fuzzy Hash: 318b5093e36d16865853d3e70f4afabaa1b917cc8219851ce348c8d7352bc35a
            • Instruction Fuzzy Hash: 9541FF32980218DBCB10EF98C440AEDB7B1BF48708F14E26AE84DF7251D7319D49CBA5
            Function 02E7EBFC Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 41dc5136ac8382772a9d0d622b093bd7c62255ccdaf76b29c6406294108b8f8f
            • Instruction ID: 890c3a7ac7606f5e99e0aae1eda24a3f091793f7b5ec05a81e734b575ab3f678
            • Opcode Fuzzy Hash: 41dc5136ac8382772a9d0d622b093bd7c62255ccdaf76b29c6406294108b8f8f
            • Instruction Fuzzy Hash: 084119756803018FD721DF24C844AA7B7EAFF84358F04E96AFA56C7611DB31E844CB51
            Function 02E92750 Relevance: .1, Instructions: 137COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction ID: dd07d22a787e0016ff93a93016ccd679dc7f6a13b82c362adcbbe121b2af3dc0
            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction Fuzzy Hash: 31515C75E40619DFCB15CF98C680AAEF7B2FF84718F2491A9D815A7350D730AE42CB90
            Function 02E56154 Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 624b32a6e93242ef7c08b4604131cb11d5f8102cdc1a0e62c64c806a5a1da063
            • Instruction ID: 67230f3c6278bddb7f17c79f3102e5e96808c287f4a943d4f704288c1ee4f99b
            • Opcode Fuzzy Hash: 624b32a6e93242ef7c08b4604131cb11d5f8102cdc1a0e62c64c806a5a1da063
            • Instruction Fuzzy Hash: 3D51D4709C0226DBDB25CB64CC04BFAB7B9EF06318F14D2A9E919976D1DB74A981CF40
            Function 02E50BCD Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8f17414a3cfd29df67b0266b307240b705e9db66f94f9dcaf2fd0240f0d2d38b
            • Instruction ID: caa5c838e8e8c31138a86aca8c95398b2e0ac25f045222dd9471cd828f07d785
            • Opcode Fuzzy Hash: 8f17414a3cfd29df67b0266b307240b705e9db66f94f9dcaf2fd0240f0d2d38b
            • Instruction Fuzzy Hash: DE41AF31A902289BCF21DF68C944BEE77B5AF4A744F0590A5F908AB241D774AE84CF91
            Function 02F1866E Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction ID: 1b51eb260f4fdb2efd0db555291f614c654aae4e63ced8c7b792b48afe765f77
            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction Fuzzy Hash: 0341B575F00109ABEB14DF99CE94AAFB7BAAF847D4F544069E604A7341D770DD00CB60
            Function 02E50887 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a698586c10934ba03dab8d471f644ca036d22173d29c7adc103b8b9a89d4268
            • Instruction ID: ca8610894db2772bb14634880d7db0903b3d889163f8cc4ef70966a7d8ae0b2e
            • Opcode Fuzzy Hash: 2a698586c10934ba03dab8d471f644ca036d22173d29c7adc103b8b9a89d4268
            • Instruction Fuzzy Hash: 0441CFB1690B119FD324CF24C494A62B7F9FF89308B14EA6EF94687A50E730E845CB90
            Function 02E7A470 Relevance: .1, Instructions: 127COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 32f73898489b5aaba3dbcf486d18737bda6729fbbb67dd7d3cbbd23f1157d5df
            • Instruction ID: fff6fecd050486bee89606e3c33a91f41b0eaa7ca70fb121e859d5fa5e62327c
            • Opcode Fuzzy Hash: 32f73898489b5aaba3dbcf486d18737bda6729fbbb67dd7d3cbbd23f1157d5df
            • Instruction Fuzzy Hash: 0641BC329C1208CFCB15DF68D4907EEB7B1BB183A8F54A665E811BB381DB749940CFA0
            Function 02E58BF0 Relevance: .1, Instructions: 124COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b6d644c8cc0f85695fa63e7cc1dd15daf91cc39cd6929ae7aa80c0490da9c675
            • Instruction ID: 63229a9efc9f5e7984cbd5d94e8fe915b6c8f805b5b9a45548838e49aa76f6f0
            • Opcode Fuzzy Hash: b6d644c8cc0f85695fa63e7cc1dd15daf91cc39cd6929ae7aa80c0490da9c675
            • Instruction Fuzzy Hash: F6414535A91215CBC714DF48C880BAAB7F6FF95758F10E52AEC01AB251D775D882CF90
            Function 02E4A020 Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction ID: d2e09849fd48eb63ac68af0722826d0b7be86b1b5d7f05fa3d0618869c5a6f94
            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction Fuzzy Hash: 92411835AC0211DBDB24DE6698607BEB762AB6476CF19E07EA8458F340DB31AD40CB90
            Function 02E509AD Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6569d70a71ce9f966a8404b1a8dc273958d702debcead26f0961ad8f3c57cab6
            • Instruction ID: 83cd26b412eb6b7fc90b5893b1a1d564a73420383cb97aa51c105dc022b6e1d7
            • Opcode Fuzzy Hash: 6569d70a71ce9f966a8404b1a8dc273958d702debcead26f0961ad8f3c57cab6
            • Instruction Fuzzy Hash: FB416771A90610EFDB21CF18C840B66BBE5FF48318F64D96AF849CB251E771E942CB90
            Function 02E80710 Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction ID: 488cce5b8c922f24c2afc614897474ade75a17f317c2ab5d4a6c1414209e3324
            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction Fuzzy Hash: 60414971A40705EFCB24EF98C990AAAB7F5FF08714B10996DE59AD7250D330EA48CF90
            Function 02E5262C Relevance: .1, Instructions: 119COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 06ea2108c22e915a89780a9666c63f9d2dbb963fe1637cecdf130379e768f21a
            • Instruction ID: d50196017f52738ebbf05a3e8e32c25698e6acbbec7f69bad0daeae72d3df09d
            • Opcode Fuzzy Hash: 06ea2108c22e915a89780a9666c63f9d2dbb963fe1637cecdf130379e768f21a
            • Instruction Fuzzy Hash: B441BB70991314CFCB21EF24C800B69B7F6EF49354F10D2AADE069B6A0DB70A940CF50
            Function 02E8C8F9 Relevance: .1, Instructions: 116COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dd3fff06888318a8b65616ef2ad7497db2cd0305d75ead22418519feb912fd83
            • Instruction ID: b2e3c15195a6abf71058bd4878cac67434bfae09e90446f08f734417bb8c229f
            • Opcode Fuzzy Hash: dd3fff06888318a8b65616ef2ad7497db2cd0305d75ead22418519feb912fd83
            • Instruction Fuzzy Hash: 4B319AB1A80344DFDB15DF98C140799BBF1FB0A728F2195AEE519DB251D3729902CF90
            Function 02E480A0 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 68e0876bd3b9cf234652cda8e913dd2d2bda7a4b4d718f57b7bbd8b7afdd993d
            • Instruction ID: 3a78949dc6772ddb4f47761e860083228792f969aca9b3e132d88dc4aa0db87c
            • Opcode Fuzzy Hash: 68e0876bd3b9cf234652cda8e913dd2d2bda7a4b4d718f57b7bbd8b7afdd993d
            • Instruction Fuzzy Hash: FC41C371E855259FCB00DF54DC406A9B7B2BF44768F14E22AE816AB380DF34ED41CBA0
            Function 02ED05A7 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ad09275fe52bf300252e551f6cb6bab43b9e231f9ebf8cfd4e71dd6692be6e19
            • Instruction ID: 062632d04a59e6764453e1e5f06f423df26e96b5be528f030553ecdd21c401bb
            • Opcode Fuzzy Hash: ad09275fe52bf300252e551f6cb6bab43b9e231f9ebf8cfd4e71dd6692be6e19
            • Instruction Fuzzy Hash: 2041E7766447519FC320DF68C840ABAB7E5FFC8744F089A2DF85497680E730D915CBA5
            Function 02E48B50 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 813f075b4d0f2b6a2d6bc428d97ca077696d378ce86c83237501fd0dd7d94704
            • Instruction ID: 947309dddaa02ae5792f13af2bfe900080495fd6a480886167f16dba14022c91
            • Opcode Fuzzy Hash: 813f075b4d0f2b6a2d6bc428d97ca077696d378ce86c83237501fd0dd7d94704
            • Instruction Fuzzy Hash: B7418F71A816148FCB14DF69DD90ADDB7F2BF88328F10D62AE466A7250DB34A941CF40
            Function 02E54859 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 49928bd7aa814bef85e3a65a9ad443a4d8230cd6b692cd49166723b8cd4f00af
            • Instruction ID: 2e58d15ef715e7687cb2e5c403ee27bfbcfd0309f5c80d06eeb0bd68951d80d4
            • Opcode Fuzzy Hash: 49928bd7aa814bef85e3a65a9ad443a4d8230cd6b692cd49166723b8cd4f00af
            • Instruction Fuzzy Hash: A141D2706903128BC725CF18D885B66B7EAFF81398F14942DFD458B2D0DB70D891CB51
            Function 02E602E1 Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction ID: 8f5821b9e14218d123ed337d45a1075a61e9a8a49afa1a6bf14eddf150e4d518
            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction Fuzzy Hash: 65312731AC4254AFDB128B68CC48BEABFE9BF04394F08D1A5F855D7392C7749944CBA4
            Function 02EFE3DB Relevance: .1, Instructions: 105COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 56937da5f967890bc242cd858e10982a7194eae145652a08a6f701b8cc69f174
            • Instruction ID: 1cf69d78734b710f2f24a20356dd0d8dc0369b6983a5b1b116540905e89002e1
            • Opcode Fuzzy Hash: 56937da5f967890bc242cd858e10982a7194eae145652a08a6f701b8cc69f174
            • Instruction Fuzzy Hash: BC31A835BC0745ABD7269F658C81FAB76B5AB49B54F005068FB00EB2D1DAA4EC01CBA0
            Function 02F04B4B Relevance: .1, Instructions: 104COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dd3709490f901383dad911211f7e4cb60130d582d10a6dd5351e3eebad654307
            • Instruction ID: b35d8ca493d8c4561c1a8ca0f64d7e507065a672db260e4fac259e89ddc8b094
            • Opcode Fuzzy Hash: dd3709490f901383dad911211f7e4cb60130d582d10a6dd5351e3eebad654307
            • Instruction Fuzzy Hash: 5331C176A452008FC320DF19D8C4E26B3FAFB85394F05846EEB958B291D731AC11DFA1
            Function 02E54260 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 71155f4c397572f19e508293761ebd012d974fa941d8a59bc8a7daee3e2b5bc5
            • Instruction ID: f52f3af6e9ef1fcc43576cb216fc94a85a8319450e100300809557ffcf3d9e65
            • Opcode Fuzzy Hash: 71155f4c397572f19e508293761ebd012d974fa941d8a59bc8a7daee3e2b5bc5
            • Instruction Fuzzy Hash: 0741BD35680B549FC722CF64C881FE777E9AF49758F00D429EA5A8B2A1C770E848CB50
            Function 02F04BB0 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 896a1b07ccf26566872aef0c087a789682dbd39999638f69b7042813cba04c8e
            • Instruction ID: 5bd533a2d8f3dc023192923150feaec4e2d40739807d7b0d1c3b5dbc24a88689
            • Opcode Fuzzy Hash: 896a1b07ccf26566872aef0c087a789682dbd39999638f69b7042813cba04c8e
            • Instruction Fuzzy Hash: 27316A71A043018FC320DF29D890A2AB3E5FB85794F15896DEB559B291E730ED14DBA2
            Function 02ECEB1D Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e8882f2f01d9772d43b9be571fe902f8e2154edc3b460f51bace5c6d52c35a8
            • Instruction ID: 6a35bc22a8f46e10f0a89616ece476d985b5043bb6e0b52d3f634a9f1ffd257a
            • Opcode Fuzzy Hash: 9e8882f2f01d9772d43b9be571fe902f8e2154edc3b460f51bace5c6d52c35a8
            • Instruction Fuzzy Hash: 5F31F9313C16C19BE33657D8CE68F7577D9AB41B8CF2DA0A8BE45876D1DB28D842C610
            Function 02F161C3 Relevance: .1, Instructions: 97COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fadf0133e09768b0fe5fba478b46e4c8089b758096b5fdfe161ee5c414eefc94
            • Instruction ID: 0945194e41066874e8706a08c0beacdac82340a03b10458bb212e9e6c6ddfc6b
            • Opcode Fuzzy Hash: fadf0133e09768b0fe5fba478b46e4c8089b758096b5fdfe161ee5c414eefc94
            • Instruction Fuzzy Hash: F631D475E40159ABDB19DF98CC40BAEB7BAEB44784F414169F900EB280D770ED01CBA0
            Function 02E7EB20 Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6afdd7fc417858877465ed75f7c38f688ebd4f896e69d1ddb8b64d1cef531cd0
            • Instruction ID: 32bb6518f3aad82bfbab8bf2c1570e013b165f29b74668c9fc9697f79600ed14
            • Opcode Fuzzy Hash: 6afdd7fc417858877465ed75f7c38f688ebd4f896e69d1ddb8b64d1cef531cd0
            • Instruction Fuzzy Hash: 9E318072A80214ABCB31DEA98840BAFBBF9AF04750F1594A6B815E7250D7709A009B90
            Function 02EF483A Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 88dfe160a430353a391ec4dc5142b9dc9c2bcd695b8f3fbc739a207af036f174
            • Instruction ID: f27b6b1377e255c83d0a6d80bd028d15f10596f8f1d0331e93e4da9356607acf
            • Opcode Fuzzy Hash: 88dfe160a430353a391ec4dc5142b9dc9c2bcd695b8f3fbc739a207af036f174
            • Instruction Fuzzy Hash: B1315276A8012DABCF61DF54DC84BDEB7B6BB98354F1040E5BA08A7250CB309E91CF90
            Function 02F160B8 Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ddce2d1c9b5507dbad53db2b4bc6069627c2f7c203d1097393f7b0f805ec9363
            • Instruction ID: 29126f956c772bb19740fe42b731b392a36d08fad138961106e7a3c387abbc2b
            • Opcode Fuzzy Hash: ddce2d1c9b5507dbad53db2b4bc6069627c2f7c203d1097393f7b0f805ec9363
            • Instruction Fuzzy Hash: 8331A472F80605ABEB129B99C850B6ABBBAAF44BD4F504069E605EB351DA70DD008B90
            Function 02E507AF Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 63da5f86ea01e2f4b3e6defc061881264a57cfc8a3a07f930d9012c78a653789
            • Instruction ID: 76b8f82cb2b75e5e3e4396a28d631bb295b102736eab6b7e3c4f13730e48a4c1
            • Opcode Fuzzy Hash: 63da5f86ea01e2f4b3e6defc061881264a57cfc8a3a07f930d9012c78a653789
            • Instruction Fuzzy Hash: 3F31F632A94661EBC712DE24C880EABB7A6AF98354F05D529FD5597300DB34DC00CBE1
            Function 02E58550 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 791fc0f1f2fda87cd0bbbb5883c2143c542f96e91f5c2a094a2a9397539f6739
            • Instruction ID: 8a9f8b8e9430ef193edc4c59ee5d8abff413f77705a35063776511652252ee9b
            • Opcode Fuzzy Hash: 791fc0f1f2fda87cd0bbbb5883c2143c542f96e91f5c2a094a2a9397539f6739
            • Instruction Fuzzy Hash: D13176716993118FE321CF19C840B6BB7E6AF88708F04996DFD899B251D770E844CBA1
            Function 02E8A6C7 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction ID: 6ece6707e968220d46c39717fbc7b9b94fad05d62fc3001402cdbbe459167fdf
            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction Fuzzy Hash: E9312772B44B01AFDB60DF69CA40B57B7F8AB48A54B14993EA59EC3750E731E800DB60
            Function 02EFEBD0 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a726936907f4bbb7c3a30f5588c07b782c80bd60bd7f5937619db36cd880cdab
            • Instruction ID: 24832e97dcf93c7d99c60035a677a7ced6aea50a3ea891fc911540a6273a0e1a
            • Opcode Fuzzy Hash: a726936907f4bbb7c3a30f5588c07b782c80bd60bd7f5937619db36cd880cdab
            • Instruction Fuzzy Hash: 7331BCB15853818FC711DF19C5449AABBF1FF89348F0899AAF5889B220D731E900CF92
            Function 02E7438F Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 886e932abad638488fd94fce9921676bbd8b42258886c27e274f78354ccdbf89
            • Instruction ID: 9d0225f35f3af398f440c845efb8fb52a511f6ce32b5322d24475eec0c1bdfd3
            • Opcode Fuzzy Hash: 886e932abad638488fd94fce9921676bbd8b42258886c27e274f78354ccdbf89
            • Instruction Fuzzy Hash: 8031B131B802459FC714DFB8C980AAAB7FABF84748F00D53AE546D7294E730D941DB91
            Function 02E4CB7E Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction ID: fec6e76005f8eea0bb4f742581748f6bd5d88f81a9cdef209dc6f2b72a1f56cc
            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction Fuzzy Hash: 81210632E8125AAACB109FB58811BFFB7B6AF04744F15E076AD15EB340E730D904CBA0
            Function 02F0C3CD Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction ID: d837051fd9cc34c6c47a7b45753741fecc957558ea88785007fdfc429d0be1ab
            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction Fuzzy Hash: 9421383A600651BACB15ABA48D40BBAB7B6FF40754F00D11BFA99866D2E734D940D760
            Function 02E4C156 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a06e634de4f90daf6dee4d96da67ba775405a2b009b8073a7fd247ca81265e45
            • Instruction ID: b658c78914e5a9a20499cc9358da34824ffc95f6f31b97258b61154e7d2cef9e
            • Opcode Fuzzy Hash: a06e634de4f90daf6dee4d96da67ba775405a2b009b8073a7fd247ca81265e45
            • Instruction Fuzzy Hash: BC3149B15802108BC724AF18CC54BB977B5EF41348F94E1A9ED459F741DF74A985CF90
            Function 02E4E420 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9fe22ffc18a36e99da87450ff2d9d2a5b2c1769cb30c158d12ffb5e54258af16
            • Instruction ID: cc1eb770ea1ef6daaa4eea3c1c9ca5aea4cc3d6d27ae836cdeb6c0cd68cd7fc0
            • Opcode Fuzzy Hash: 9fe22ffc18a36e99da87450ff2d9d2a5b2c1769cb30c158d12ffb5e54258af16
            • Instruction Fuzzy Hash: 6A31B331A805289BDB219F14DC41FEAB7BABB05754F4590A1F645A7290DB749E80CFA0
            Function 02E844B0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3391076753fe13b3894856fb9adb6c042adfb595f28e04a311cb8862a522def3
            • Instruction ID: 3929e6fb97a108d2784d83b9b6c8e5250f4b0524a3e74db3155059c8e8b9d797
            • Opcode Fuzzy Hash: 3391076753fe13b3894856fb9adb6c042adfb595f28e04a311cb8862a522def3
            • Instruction Fuzzy Hash: CB21B1726847469BCB21DF58C840BAF77E5FB88764F018529F89C9B280D730EA01CFA1
            Function 02E84588 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction ID: 8fddda54a887bcd67ff0a8dee7ae056ed235f34faf598e50735bed1af848692b
            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction Fuzzy Hash: E1219131A40709EFCB15DF98C980A8EBBB5FF48314F11D069ED5D9B281D671EA05DB90
            Function 02E4E388 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction ID: f6ca28c74305abbc2d09b1fbac8e55ba2b492418f293978415bbbfbfd07b4c12
            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction Fuzzy Hash: 2331AB31640604EFDB21CF68D894F6AB7F9FF49358F1485A9E6528B681EB70EE01CB50
            Function 02ECE609 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0718e6e9321f1f985ce80047e862edea10336aae78f883740a4798ff9b3cf0c3
            • Instruction ID: 80b426773520fc5bb121fd730cb1a286a4445326d912a634c2c3bce50cd58889
            • Opcode Fuzzy Hash: 0718e6e9321f1f985ce80047e862edea10336aae78f883740a4798ff9b3cf0c3
            • Instruction Fuzzy Hash: C131E275610205DFCB14DF48C5849AEB7F5FF84308B29945DE809DB392E771EA41CB90
            Function 02ED019F Relevance: .1, Instructions: 78COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 94c2dc48805d5a70e9a7c3229a9f64d098a95129c12da585b5cd6c066232525c
            • Instruction ID: e183096c00ee8460fcb8ce4a74c8aafaa4366a5ffb9a7e60274bd9d240ccade4
            • Opcode Fuzzy Hash: 94c2dc48805d5a70e9a7c3229a9f64d098a95129c12da585b5cd6c066232525c
            • Instruction Fuzzy Hash: A821DE71640604BFCB15DB68C844F6AB7B8FF88784F1880A9F908D76A1D734ED41CB68
            Function 02ED0283 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 99a028b607dab68d62fb5cd1d4e5a4fea81923cf84f58124271c307052ed0f7c
            • Instruction ID: fa12e523dd067f8d18fb17819aa19db45e7ad3e62db844c0fa5085459b438499
            • Opcode Fuzzy Hash: 99a028b607dab68d62fb5cd1d4e5a4fea81923cf84f58124271c307052ed0f7c
            • Instruction Fuzzy Hash: E121F5725853459FC711EF59C848BABBBECAF81788F0C9856BC84C7251D730D90ACAA2
            Function 02E72835 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1677a7a68a1011d41036c3216e6442c0655e57c82364b59203ee68740cd88086
            • Instruction ID: 02e925b707df8e1b4a787c61bace5750e634ea3a645087205de4c06210a41c4e
            • Opcode Fuzzy Hash: 1677a7a68a1011d41036c3216e6442c0655e57c82364b59203ee68740cd88086
            • Instruction Fuzzy Hash: 172107316C46819BFB3257688C08B653795AF42BACF2993B0FE209B7E1DB79D801C610
            Function 02E8A30B Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b3f574dfb0fe7c330de2088d1b62323023dcd8252061a5163b28b6ab9b0881ce
            • Instruction ID: 601739780b483d2ed258ed3dbe045a19f5ff61d332da10f1d7bfbcaa366705a6
            • Opcode Fuzzy Hash: b3f574dfb0fe7c330de2088d1b62323023dcd8252061a5163b28b6ab9b0881ce
            • Instruction Fuzzy Hash: C921AC352806009FC724DF68C900B56B7F6AF48B48F24946DA549CB761E731E843CF94
            Function 02F0A49A Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c30abda97f1d503d25de9f6fa1f32e01a773f31fd036899262809ec573c63a9
            • Instruction ID: 493c8e416fd07c2e2edd3934402258469145bb025f278739c3d3a1949bfceb50
            • Opcode Fuzzy Hash: 6c30abda97f1d503d25de9f6fa1f32e01a773f31fd036899262809ec573c63a9
            • Instruction Fuzzy Hash: F6113A333D0F10BFE72256559C81F7B769AEBC4BA0F514424BB09DB2D0EA60DC009795
            Function 02EE80A8 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction ID: 6978bad9c11b253a96c2c583fa2eb63d6e608688ad136b6f574613639c6ffba4
            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction Fuzzy Hash: 96216D72A40209AFDF12DF94CC44BAEBBBAEF48350F209459F901A7260D734D950CB60
            Function 02E80124 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction ID: 2173018f9f0f53e10d0858aebcfd1c27c3f1fc023c4a540a5858f43d7e6d22da
            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction Fuzzy Hash: D3110873680614BFD712AF44CC81FAA77B9EB80764F108029F64C9B190D771ED44CB60
            Function 02E58770 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: acbf4a1968d95c55f21d8c67bbc8051d67e9d442ab2f5f0e7a459959d851d3d3
            • Instruction ID: 83a47f8825a0059f26402b19722a76f69d196408f6068a38914b74789a689c09
            • Opcode Fuzzy Hash: acbf4a1968d95c55f21d8c67bbc8051d67e9d442ab2f5f0e7a459959d851d3d3
            • Instruction Fuzzy Hash: ED11B232760620DBCB11CF59C480A66B7E9EF4A758B58D069FD09DF204D7B2E941CB90
            Function 02E8AAEE Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction ID: 1fa4cba472db31042f7fd360a15afca69363cee5fbce4331098d4541028043d7
            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction Fuzzy Hash: AE214972680A40DFCB25AF89C564A66B7E6EB84B54F15D07EE88E97710D770EC01CB90
            Function 02E580E9 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2c91e9b8b2965a72ca5a82d6e9602cb10d69cebd962e6a46d6897468dbcf4ab4
            • Instruction ID: 7814bafa4f32b0207c8c376cb1b4356b0f8e182218b2d185a0d3e5a9bf7d0f37
            • Opcode Fuzzy Hash: 2c91e9b8b2965a72ca5a82d6e9602cb10d69cebd962e6a46d6897468dbcf4ab4
            • Instruction Fuzzy Hash: 1F215E75A90215DFCB14CF98C681AAEBBF5FB89318F24816DD505AB310CB71AD46CFA0
            Function 02E8674D Relevance: .1, Instructions: 65COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c3b5d1c1a29519d95b46fddc1a36c240c8cd90bd69b3e58589726c23137d7318
            • Instruction ID: 74a52d4248243b0e5d377000fea5659133e6f19da935cf550ef7817e355caaee
            • Opcode Fuzzy Hash: c3b5d1c1a29519d95b46fddc1a36c240c8cd90bd69b3e58589726c23137d7318
            • Instruction Fuzzy Hash: 30216A75680A00EFC720AF68C880BA6B3E9FB84354F40982DE59EC7250DB71A850CBA0
            Function 02E7E8C0 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 41a094fddc6fb971a9892166cd2e6c9c16d7b8f0db878642a9693db1001950b8
            • Instruction ID: 247c00ae441385ffb076b543c13a81a72dd8aa4c28cb4c2b89213b35bd242c37
            • Opcode Fuzzy Hash: 41a094fddc6fb971a9892166cd2e6c9c16d7b8f0db878642a9693db1001950b8
            • Instruction Fuzzy Hash: 6A1108337801159BCB19DB24DC85BBB765BDFC63B8B29D569E926CB290DE309802C690
            Function 02EE6870 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7fcad90822e24a5e1d9eaa749681bb450a2fbe056fdd6f98be7a8c878117b2b0
            • Instruction ID: 3e6bfece5a183b15cbddc135d340e9ae4e87bfd7491d1d180b29ccf689458701
            • Opcode Fuzzy Hash: 7fcad90822e24a5e1d9eaa749681bb450a2fbe056fdd6f98be7a8c878117b2b0
            • Instruction Fuzzy Hash: A311C4322C0614EBDF26DB59CD40F9A77ADEF65754F019024F6129B250D771DC00CBA0
            Function 02E866B0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fe1cc797eaa2c5064b867a9a6739fee49e5c8842662feb619076ce8804409820
            • Instruction ID: 21bb32886e9e3bbc109ed8e327f8ccb5ee21ac6e12f9ba2bc8bbbb2bd8dc0924
            • Opcode Fuzzy Hash: fe1cc797eaa2c5064b867a9a6739fee49e5c8842662feb619076ce8804409820
            • Instruction Fuzzy Hash: B911BF76A812089FCB24EF59C584E5ABBFDAB84754B019079E94DDB310DB70DD00CBD0
            Function 02E50AD0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction ID: f27ecd12a8537828ba9c9e90679039652a22daad1e57ce42b685d0ec01f9968d
            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction Fuzzy Hash: 4321E3B5A40B059FD3A0CF29C481B56BBF4FB48B10F10892EE88AC7B40E371E814CB90
            Function 02F1A8E4 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction ID: 620f3f6fc22037d1147844877e528fc8baea2c25dcf8e23c80b0c8ace8cfdbf9
            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction Fuzzy Hash: 8E110432A00905AFDB19CB54CC15B9EB7B6EF84350F058269E94597384E671AD41CB80
            Function 02EDE7E1 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction ID: 423d61668219125881030832c00f2cb751511ea6a61a53565eb575bebbde51a8
            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction Fuzzy Hash: 27118C3AAC0600EBDB219B44C848B5ABBA6EB45758F0DE42DF8099F160DB31DC42DB90
            Function 02E727ED Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b33e04d492218921933b56c8f985be718d0ed5d4a6b5ac4e348ada515f0b43ac
            • Instruction ID: 1d4c93d25c7082cc7af8764a6fd06556e27ef6e54c33efdde1958cd92c0b3e44
            • Opcode Fuzzy Hash: b33e04d492218921933b56c8f985be718d0ed5d4a6b5ac4e348ada515f0b43ac
            • Instruction Fuzzy Hash: 580104313C5684ABF726A269D858FA767CDEF8179CF09A0B5FE058B340DA35DC00C661
            Function 02E54690 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c2781225a01e8dbc303fba2c18c689c665a3076def81a9bb390791fb10f6625
            • Instruction ID: cbe7e5854c1f06a45814bf78c7674ca36e405a9b413ebc9395aefa21bbeb5a46
            • Opcode Fuzzy Hash: 1c2781225a01e8dbc303fba2c18c689c665a3076def81a9bb390791fb10f6625
            • Instruction Fuzzy Hash: 9511C6752A07649FDB25CF59D840F5677F5EB86768F00A115FD098B290C370E980CF60
            Function 02F24B00 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 22d5d2daa9a4739aaa0ee33fac16b3232bdf1b0d6c935e124f798eebe856696e
            • Instruction ID: 95ea8d14bdcebab50186ff9259490488a389aed4885810b766312b1667175907
            • Opcode Fuzzy Hash: 22d5d2daa9a4739aaa0ee33fac16b3232bdf1b0d6c935e124f798eebe856696e
            • Instruction Fuzzy Hash: DC11E93A7006209FD721DA29DC40F67B7A6FFC6791F154419E742C7650DBB0E80ACB90
            Function 02E86620 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d20c6b709efc65ab5cf1972818e164dc4782fa70964a3ae292a2b74666df9da9
            • Instruction ID: 1fc18b6dd6991e41585c7480adf22bf90b065c2234f3b93b2f0a2ce6fc431349
            • Opcode Fuzzy Hash: d20c6b709efc65ab5cf1972818e164dc4782fa70964a3ae292a2b74666df9da9
            • Instruction Fuzzy Hash: BA11C272980655ABCB21EF68C980F5EF7BEEF44788F909454E949A7200CB70AD019B60
            Function 02E7EA2E Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6300a8499c5c74eb7e505d7658744fb0066c544c50fc2637d9a0427aa2a031e0
            • Instruction ID: 131f00cebf785951f2b70072b0e1634805b2a89276d998900338fefe95db5507
            • Opcode Fuzzy Hash: 6300a8499c5c74eb7e505d7658744fb0066c544c50fc2637d9a0427aa2a031e0
            • Instruction Fuzzy Hash: 580122709801099FC715EF24D404F16BBFAEFA1358F28C0AAF1058B220CBB09C41CF90
            Function 02E7E53E Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction ID: 12258b740640288b1ac4caddd7b9e0959d4be999a79ec0766c1c8de7eece18ce
            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction Fuzzy Hash: 6E11E5712C16C59BDB239B68DD58BA637D4AF02B8CF1EA0E0FE4187A51E728D842C650
            Function 02EDE75D Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction ID: 28222d14152dbbd40d17f3aead7b5fcbc6ba5c309b9ff02ad954b65cf547cf84
            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction Fuzzy Hash: 9501F532A80504EFD7619F54CC09F9A7BAAEF80758F09E425FA059F260E772DD42CB90
            Function 02E4A250 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction ID: 9b82afd7c4769c45e8020753e9da6bcaaa2794070c756a55c00051595accfb7b
            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction Fuzzy Hash: D00100325C4B11ABCB308F15A840A727BA9EB45B74710DA3DFC998B380CB31D800EBA4
            Function 02E56259 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 18e10d1ae384d680570d7f88c9d9206a813af72495bfbee1c89490dadf5b25c6
            • Instruction ID: fdf9ef6bedc873fae316165c73d691cb9144f55f4e7946aee7c9d2e2d4bba6e5
            • Opcode Fuzzy Hash: 18e10d1ae384d680570d7f88c9d9206a813af72495bfbee1c89490dadf5b25c6
            • Instruction Fuzzy Hash: D211AC70982228ABDF25EB24CC52FE9B3B9AF04714F5091D5B718A61E0DB709E81CF84
            Function 02ECE1D0 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9fadb8a1d765c42011ef653e33d2db52384999c83e1c3095771935052d69b80d
            • Instruction ID: 932511bf89a5202a524f41cf9d187fe6d50e9962c39c6e7244dc1b239b13d2c2
            • Opcode Fuzzy Hash: 9fadb8a1d765c42011ef653e33d2db52384999c83e1c3095771935052d69b80d
            • Instruction Fuzzy Hash: EF118E31281240EFDB15AF59C980F5677B9FF44B88F245069F9059B651C635ED01CAA0
            Function 02E5208A Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction ID: 40d928b275e79d4124d1cfde19ffe7564ce951a0f4d27efdca6927f95daecded
            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction Fuzzy Hash: BC014C322511208BDF109F19D880BD27766BFC4704F55E0A5EE018F249DB71DC81C790
            Function 02ED6050 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 546c51df998fdbfa258c082248fdb949e99b819f362d9a39e3beedc9133c0fa2
            • Instruction ID: 189379a98c00653d4aeb404b382b683407b8a29697843e50e6bea89032061c46
            • Opcode Fuzzy Hash: 546c51df998fdbfa258c082248fdb949e99b819f362d9a39e3beedc9133c0fa2
            • Instruction Fuzzy Hash: B4111B72940019ABCB11DB94DC84DDFBB7DEF48354F044166E506E7210EA34AA55CBA0
            Function 02EE6500 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b6c5df6b58a003e66961abdc544f84ed745415bfde099077d52b71b1959ce757
            • Instruction ID: 2ca8ca7ff7fa6dc028ff10466037149b1a63ff484f9bb9da3e8712069a04766d
            • Opcode Fuzzy Hash: b6c5df6b58a003e66961abdc544f84ed745415bfde099077d52b71b1959ce757
            • Instruction Fuzzy Hash: 1511A5767841459FCB00CF58D440BA5BBB9FB66314F08C559E9468F315D732E844CBA0
            Function 02EFEA60 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4e355987bbc57f14035f12351bb31e96b32dd7f66e4e7648859ab5e4483faecc
            • Instruction ID: 74a5c6d0115f9921b1ce904cf12202aedd24cdbc26d2dced8ce57be6066d84cf
            • Opcode Fuzzy Hash: 4e355987bbc57f14035f12351bb31e96b32dd7f66e4e7648859ab5e4483faecc
            • Instruction Fuzzy Hash: E001F1310C07109BCB31AF258414E7ABBAAFF427D5B08E46AF7504B220CB21EC41CB91
            Function 02EDC810 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfab8f83de6890c2cccc55c8a014cb4132e1aff91642e4addbed91e3e69aa264
            • Instruction ID: 67c1da5dedfb0e4f4f250c3dacdf042dc9f2a6c7b0210a3d3fa2838c357c852e
            • Opcode Fuzzy Hash: cfab8f83de6890c2cccc55c8a014cb4132e1aff91642e4addbed91e3e69aa264
            • Instruction Fuzzy Hash: F61118B5E402099FCB00DFA9D541AAEB7F8EF48344F10806AB905E7351D674EE01CBA4
            Function 02E920F0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7860b0357437af35119dbefa00d7a0fe056491c516681c10cfe9a4e2da748f09
            • Instruction ID: 193ce428ad4f8b7cf92bcacaf84aa4c53bc4fdd19616062f67fea7bcd4dec80d
            • Opcode Fuzzy Hash: 7860b0357437af35119dbefa00d7a0fe056491c516681c10cfe9a4e2da748f09
            • Instruction Fuzzy Hash: B6116D71A4020CAFDF15DFA5C850BAE7BB6EB44784F10905AFE0597390D635AE12CFA0
            Function 02E4C020 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction ID: e94e25c91fdf15b8cd8d5f0e79c769239dd594216a367bbe8f8d1981f53b21e4
            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction Fuzzy Hash: E501B532180704DFDB22D666D850BA777EAFFC5758F15E41AA5568B940DF70F401CB50
            Function 02E8E5CF Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e95e710bbe85673716d0290f7e75b4f078ae5df7e41bf56eda474116fde6ca79
            • Instruction ID: 60efc4caf3451d8c025e7ac5a0d474d8d2d8a08f6ac9721e89f13861c383d184
            • Opcode Fuzzy Hash: e95e710bbe85673716d0290f7e75b4f078ae5df7e41bf56eda474116fde6ca79
            • Instruction Fuzzy Hash: 920184712C1A40BBD311AB69CD48E67B7ADEF857D47005529B60983551DB64EC11CAA0
            Function 02EE69C0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 295012cb356c0866fd4a5347c916e385fab8843689479cc397e2d4362d309ffe
            • Instruction ID: 2b8c574b840ac1adee197438697f3dc023d6bd7ff5908e97fab743e5e9a78f9a
            • Opcode Fuzzy Hash: 295012cb356c0866fd4a5347c916e385fab8843689479cc397e2d4362d309ffe
            • Instruction Fuzzy Hash: 2E01FC326942059BCB20DF79C848AABF7ACEF54768F118529F95D872C0E7309951CBD1
            Function 02EDC460 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 28c06899a2406887731f006549dc007038ac773e5eb1c5450bf7a98f388a06b4
            • Instruction ID: d9f5f3b31e1b9e7c36f777d0489cf7c9ed4bce72fd39bdf38b15c37a28e5bc2a
            • Opcode Fuzzy Hash: 28c06899a2406887731f006549dc007038ac773e5eb1c5450bf7a98f388a06b4
            • Instruction Fuzzy Hash: F4115E75A4020CABCF15DF64C844EAE7BB6EB48388F10905AFD0197380DA35E912CB90
            Function 02F24A80 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
            • Instruction ID: 1078f6e4961e65b4926bec7067f12c51407f9f9b30ddcdc4300400176f433baf
            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
            • Instruction Fuzzy Hash: 1E01F1322006019FD7218EA9C840F92B7EAFBC2280F054819E6428B690DAF4F844DF90
            Function 02EDCA11 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ad9a49014b6db6b8478b25f0978f5a16aaa502868b178d09877d16d1d1e114b4
            • Instruction ID: 88be5fdc050523050a6a2528bf6677b4d2412ec942d41d68a79c57fed14c6971
            • Opcode Fuzzy Hash: ad9a49014b6db6b8478b25f0978f5a16aaa502868b178d09877d16d1d1e114b4
            • Instruction Fuzzy Hash: BC118BB1A483089FC700DF69C44199BBBE4EF89794F00995FF958D73A0E630E901CBA2
            Function 02EDC97C Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7b6488680d55f3c2301c1ae5fc8683d800de04610f11b49bd63fe2a05e7c66d3
            • Instruction ID: b61f3310474d393382974fdb549f72238f2cbf0f71a78c7fac69b7bec6e047ae
            • Opcode Fuzzy Hash: 7b6488680d55f3c2301c1ae5fc8683d800de04610f11b49bd63fe2a05e7c66d3
            • Instruction Fuzzy Hash: 9D117C71A453089FC700DF69C441A9BBBE8EF98754F00955BB998D7391D630E901CB92
            Function 02E4826B Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6edd14e967158077acdfb07473250e52994aa64a5c8451575b964ac698933a56
            • Instruction ID: 8188c9fc873967956ae4640d2b30166445d6db5eacd07feafc010dd70c1f8793
            • Opcode Fuzzy Hash: 6edd14e967158077acdfb07473250e52994aa64a5c8451575b964ac698933a56
            • Instruction Fuzzy Hash: EB01AC31B80504DFC704EB65EC049BF77A9EF80258F15D059AD099B640DE60DD02C754
            Function 02E6E016 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction ID: f8b1421cc54012843ace5724ef6bcdb01cd311f8ce61473201bbfe5a79cc7899
            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction Fuzzy Hash: 4C0178322C4680DFD322861DC958F7A77E8EB55B98F0D94A1F905CBAE2D728EC40C661
            Function 02EFEB50 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 257160d5a366da6eeee5b7421856bc745abad313bd4c80745ed7da08f8f0837e
            • Instruction ID: f6719adc8d7e16077e5d902de3c8852db1f8925cb9f1b52822bf57f2247e68e5
            • Opcode Fuzzy Hash: 257160d5a366da6eeee5b7421856bc745abad313bd4c80745ed7da08f8f0837e
            • Instruction Fuzzy Hash: 67012F712C0204AFD3316B09C811F12BBE99F01B94F14982AB7069B3A0C6F0A840CB84
            Function 02E52582 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 491322f050159c3bbc2139f8c995f55a1a3d644d0369d16b80177066d39c44dd
            • Instruction ID: 258a25309b93fefb4f45bea3ecc7f7935c426be46881581089fc40667d824cc2
            • Opcode Fuzzy Hash: 491322f050159c3bbc2139f8c995f55a1a3d644d0369d16b80177066d39c44dd
            • Instruction Fuzzy Hash: 27F0F432781A20B7C7359B568D50F57BBAAEB84FD4F008028BF0597640DA30ED01CBB0
            Function 02F262D6 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 686707956096d2d9682532c7f4a8b81289f4c8652fb7f7880fb40305a2f06dfb
            • Instruction ID: 60e27c8ea86c3f865d78905d34e0c79450840c35b9746f5f6132d6196a1daf2a
            • Opcode Fuzzy Hash: 686707956096d2d9682532c7f4a8b81289f4c8652fb7f7880fb40305a2f06dfb
            • Instruction Fuzzy Hash: D8017C71E00209AFCB00DFA9D541AAEB7F8EF48348F50806AFA10E7390D6749E01CBA0
            Function 02F2625D Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e1b54663dc6958e8246e2afd355e04e64bf3362832923e6d8af4c610e2c59f2a
            • Instruction ID: 53b5a724c5147b4fc5e7dc769d3fd8c78c8c6fa8737fe01b02bc94c8a1b286d9
            • Opcode Fuzzy Hash: e1b54663dc6958e8246e2afd355e04e64bf3362832923e6d8af4c610e2c59f2a
            • Instruction Fuzzy Hash: 48017171E00219AFCF04DFA9D451AAEB7F8EF58344F10805AF900E7391D6749901CBA0
            Function 02F2634F Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a6dc7194fb08fcf4357b21bf285d51bd8e77216c4779711c213dc3f66cbe09d5
            • Instruction ID: 83670ebe568ed6c976a2ee3552e9e8e396efeb71c2563ec00dbc55fff145c966
            • Opcode Fuzzy Hash: a6dc7194fb08fcf4357b21bf285d51bd8e77216c4779711c213dc3f66cbe09d5
            • Instruction Fuzzy Hash: 57017C71E10209AFCB00DFA9D550AAEB7F8EF48344F10806AFA10EB390D6749E01CBA0
            Function 02E4C310 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction ID: 8bc7e482af89a83e7db640ddbb24e3c3f84479dd2c1b276ef77fabea70f05e21
            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction Fuzzy Hash: 61F0F2332C76219BC73116555C40B6765968FC5B5CF35B0B7F5055B200CE648C0196D4
            Function 02E7C073 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction ID: 01c8250fdcb0a1c6aefd651c14e4294ea3fdfc0410078a3db68a749b3aadf233
            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction Fuzzy Hash: 75F062B2640A15ABD334CF4DDC40E67F7EEDBC4B94F158129A555D7220EA31DD05CB90
            Function 02E8CA6F Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction ID: fcb9b622623fe0f0093498b839bbbe41f42159d08dda2a9667b1c28d962139d3
            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction Fuzzy Hash: D10199312C02849BC733D358CA08F99BB99FF42758F18E0E6FA488B290D735C801C221
            Function 02ED63C0 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction ID: 925fd27afe5cd1f099d089e704b3f85b5866ddaa2f8ffa96550e9aca486641c8
            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction Fuzzy Hash: 8EF01D7224001DBFEF019F94DD80DEF7B7EEB497E8B108165FA1192160D635DD21ABA0
            Function 02F261E5 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5283e73fd8cc31c509a249ea291a3cbe974cc495402c646311c187bf796311f3
            • Instruction ID: e101534eb61a164359550c85b934dcf7a5ba73e5e0e6c5108c401d7227ed6d76
            • Opcode Fuzzy Hash: 5283e73fd8cc31c509a249ea291a3cbe974cc495402c646311c187bf796311f3
            • Instruction Fuzzy Hash: 72018F71E402589FCF00DFA9D845AEEB7F8AF49354F14409AF901E7280D774EA01CBA4
            Function 02EDA4B0 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9da71cc4db8ee010e8bc4a286efe6a4fb1a717d79c879294eb8e1ec3a6125ba0
            • Instruction ID: 6fdc1ecb657be6a19f37f2b9de4b89c7b517cdece2c014773207ba9721581089
            • Opcode Fuzzy Hash: 9da71cc4db8ee010e8bc4a286efe6a4fb1a717d79c879294eb8e1ec3a6125ba0
            • Instruction Fuzzy Hash: D5018536540109ABCF129E84D940EDE7BA6FB4C7A8F068111FE1866220C336EA71EB81
            Function 02E4C0F0 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c71283ddfed40d26a4c71c982082b52e087051a259a7c678c4be0b73e5bac5e2
            • Instruction ID: dcd2f243ced709db029dee53a0ef756ed199780f3b4d4045e91f9e249c702595
            • Opcode Fuzzy Hash: c71283ddfed40d26a4c71c982082b52e087051a259a7c678c4be0b73e5bac5e2
            • Instruction Fuzzy Hash: E5F0F6712C52105BF7109615AC02B6372AAEBD4754F35F02BEB0A8B3D0EE70DC01C2B4
            Function 02E8656A Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7cafedb6ac6cffdde69b1a294fd85e80386dbca265b25f12c4ccfc1cbef8f8ab
            • Instruction ID: 4e8b9d54d683c57e21860789206b0762dc1d9fb1d3eb4a3091325b6c534eea2b
            • Opcode Fuzzy Hash: 7cafedb6ac6cffdde69b1a294fd85e80386dbca265b25f12c4ccfc1cbef8f8ab
            • Instruction Fuzzy Hash: 1201F9706C06849BE332A77CDD18F2533E8AB41B48F58D594FA499B6D1D768D402C510
            Function 02EF437C Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction ID: a2198f326674745fc87507f731bf5d610a2847f7965179141c396aba70ba27a3
            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction Fuzzy Hash: 3DF089357C391347DBB5BA6AA810F2BA6D69F80A58B05A53CA755CB6C0EF50D801CB90
            Function 02EDC89D Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d14d2b45b942b556d775592ecacb5ce2a89ed37ce806cd3c5f5fa56ee051691
            • Instruction ID: b4bcb71fb416caff7849a75fb787f8c6390548bb34c7c27f6af90ca446603c7f
            • Opcode Fuzzy Hash: 8d14d2b45b942b556d775592ecacb5ce2a89ed37ce806cd3c5f5fa56ee051691
            • Instruction Fuzzy Hash: 98F0AF70A853049FC710EF68C845E2EB7E4EF88744F40965AB898DB390E634E901CB96
            Function 02EDE872 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction ID: c92b805ec27572f186ba769424e9c42080d6d23bad91c9aaebe830ed348e7416
            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction Fuzzy Hash: 07F0BE367C06119BC3219A49CC84F56B3A9AFC5B64F1D5064B504AF260C370EC42CBE0
            Function 02E80854 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction ID: 669d766f7a7b18b9a951ee73fbac6c1f86f3254402e1e165d6c350bd7cbd6ea0
            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction Fuzzy Hash: B5F0B472690204AFE714EF21CC05F96B6EAEF98344F14C0789989D7174FAB1DD41C655
            Function 02E547FB Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 90dc069bf8f943001aa18972630c9a84af619e7fcb0cf4c26b13b9a7f6b6a62f
            • Instruction ID: 41464c9f2569b56b3e170e54d22f80eb5f4595334ba87b6221711b64a0d0e670
            • Opcode Fuzzy Hash: 90dc069bf8f943001aa18972630c9a84af619e7fcb0cf4c26b13b9a7f6b6a62f
            • Instruction Fuzzy Hash: 93F090319A26F49FD7228F58C844BA277D49B0176CF08E96AFC6987581C778D8C4C650
            Function 02F10115 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2d942ae0eee113b22f7be3cda954642a6b79f30715566bab38aca06cf502e665
            • Instruction ID: 1784ac3c96f9b22090a1948dc1f26211f6ebe357dbea5dbc0f3971ab9f1a7491
            • Opcode Fuzzy Hash: 2d942ae0eee113b22f7be3cda954642a6b79f30715566bab38aca06cf502e665
            • Instruction Fuzzy Hash: 1DF0272AC166C416DB216B2878A0391BB9997522D4F59188DCEA1B7301CEFC88D3CA20
            Function 02E92619 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction ID: 20fb402f7644aa01a86d6d28539beeaebf976cac8b350856484d846df87f109a
            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction Fuzzy Hash: 82E092723806002BDB119E598CC4F5B776E9FC2B14F04407EBA045E252CAE29C1986A4
            Function 02E8C5ED Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8fe7ff188b94b12039feb723137019f1defdd89e2486586f0d475ffa76c8348
            • Instruction ID: 59a52a593b5c7dd340ae4caf883a04573a4e94a7c9f3cac7c8db3fae490a7608
            • Opcode Fuzzy Hash: e8fe7ff188b94b12039feb723137019f1defdd89e2486586f0d475ffa76c8348
            • Instruction Fuzzy Hash: AEF0E2715916609FD32AB728C148B62B3D4AB03FACF28F477D48E87522C760C881DAB0
            Function 02EE6030 Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction ID: dde62707c31e8054235a1467ad703de269708c73dea35d98dfba10951310eb56
            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction Fuzzy Hash: 67F06572184214DFE7309F45D984F92B7EDEB15368F45C029E60A9B560D37AEC40CFA4
            Function 02E50710 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction ID: 5662e6cfdf8dda5e50363313c3da36d348fdd8f6317cb5132a5271db022a9ac5
            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction Fuzzy Hash: 22F0E5392447549FDB19DF15D060AE57BE5EB45394F049094FC428B341D731E991CF40
            Function 02E849D0 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction ID: 6390e324600e9e5cb1cf6bc018302a9578a6ecd467af7a3a02f1159018c68aba
            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction Fuzzy Hash: 0BE092322C4146EBCB223A558800B6676A6DBC07A0F159469E18C8F190FB70DC40E798
            Function 02F24164 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 61afe1994dbbfa8ad28c0f5a12cf254a7234121bcc528d1fc6598af41108848e
            • Instruction ID: d6e6e73a1d3afea2f07bd703db511e9ee7699d61ed4f12ba47a041208f976f16
            • Opcode Fuzzy Hash: 61afe1994dbbfa8ad28c0f5a12cf254a7234121bcc528d1fc6598af41108848e
            • Instruction Fuzzy Hash: 95F0E531D259F04FF773D724D644B5673E1AB02BB8F0A55A4D405DB911C7A0DC48C650
            Function 02EF678E Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction ID: 126f5c09ef441324e12650be9dc1fcc2afdbb73760f906cee50c6a990eb31ca8
            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction Fuzzy Hash: 08E0D832680110BBDB21A7958D05F9A7AADDB40F98F058054B604D70D0D530DE00C690
            Function 02F208C0 Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction ID: d65caa0c1f1ff38abeb1cfae1941729f5ffe12621dbd4f061334b570b2d2d39a
            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction Fuzzy Hash: CAE09B33A403608BCB248A19C544FD3B7E9DFA67A4F65806DDA0947612C731F84AC6D0
            Function 02F0A456 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction ID: 5cd45fc404cefe4bdaaf03b3b22c78afda3c195b542c81669fb436e27cc2bf15
            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction Fuzzy Hash: D5E06D35090A10DBDB366B25D948B5677E2AF40755F14D869B29A014F0C77498C0DA40
            Function 02E525E0 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bfc9ffa50fcf251b6671a5a20c706df5d8a182c13322f043cd911754b0f3da74
            • Instruction ID: 565bdfaddc8b1b46f6c466a6f9490d3a658e2287aac62cbf492384c92b9d5ab4
            • Opcode Fuzzy Hash: bfc9ffa50fcf251b6671a5a20c706df5d8a182c13322f043cd911754b0f3da74
            • Instruction Fuzzy Hash: 5BE09232190A94ABC712BF29DD11F9A77DBEB507A4F018515B51557190CA70AC50CB98
            Function 02ED4000 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction ID: c8ff8ac470fb7b40fe3a08f287f1972f9302b247029615b53b61c896506ea236
            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction Fuzzy Hash: 70E0C2743403059FD715CF19C084B6277B6BFE5A18F68C068A8488F245EB32E843CB41
            Function 02E8CA38 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1ae35327f3012869d3ff1d05ed340e8a96a4020a12a6f90b07b04daee9b4a3fb
            • Instruction ID: 0865ed866035d272c778e6198d771b942d2da39650dcca8f5d01fabf81cf664e
            • Opcode Fuzzy Hash: 1ae35327f3012869d3ff1d05ed340e8a96a4020a12a6f90b07b04daee9b4a3fb
            • Instruction Fuzzy Hash: F1D02B325C10606ACF28F294BC04FE33A9A9B41360F11F8A2F50DD2010D574CC81C6E4
            Function 02E4823B Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction ID: ddfb9c3ca1607f4ed8e0967d4b964aba4526abd2507f5cd602218dd8c4a4eda8
            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction Fuzzy Hash: 3CE086314C1910EEDF316E21EC10F9176A2FB44F50F10F81AF945150649B706CC1DE58
            Function 02E52050 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 087f06b961a2b63442e1406f40cd1b3d8ee883735d6f8fbed5eb05e82715ee2b
            • Instruction ID: e22566e07eeec860d12cb7517455014c31695a1c9cfb14d3f0c1cbca4e52d57f
            • Opcode Fuzzy Hash: 087f06b961a2b63442e1406f40cd1b3d8ee883735d6f8fbed5eb05e82715ee2b
            • Instruction Fuzzy Hash: FCE08C331905A46BC212FA5DDD11E9A739FEBA57A0F008121B9508B290CA60AC80CB98
            Function 02E88A90 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
            • Instruction ID: 6167f82612ba5eb42bf6133ca45235aebd2b306ddb6df816fd674dc8212b3bbb
            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
            • Instruction Fuzzy Hash: AEE08633151A1887C728EE18D511B7277A9EF45720F09863EA95B477C0C634F544C794
            Function 02EA6AA4 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction ID: 7395f5afef25a786e3a7299a87b24435c96134645282c2b7fe9f0737618e99d2
            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction Fuzzy Hash: DFD05E36551A50AFC7329F1BEA04C53BBFAFBC5F50709466EB44683920C770A846CBA0
            Function 02E8E59C Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction ID: 7944fee03001e2172e8c7761ce55bad1b58cc67902e366a598a57c0027bf6eb2
            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction Fuzzy Hash: CED0A932284620ABD732AA1CFC04FE333EAAB88B60F164499B008C7050C360AC82CA84
            Function 02E4A0E3 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction ID: a51de419820013267a2d348820e439def25102b9d0ec61382da458c9c4323828
            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction Fuzzy Hash: BAD012322D707097CB295A557924FA76A169B85BA8F1A507D740A93A00C9158C82D6F0
            Function 02E8CA24 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a1284b2dac5f671f9a4ac8844908dafb516cf516882d7ed75962c91df2d21da0
            • Instruction ID: e508d342d89c40d35354b319334fac98af512a612b1defb11a0ccf55e263efdf
            • Opcode Fuzzy Hash: a1284b2dac5f671f9a4ac8844908dafb516cf516882d7ed75962c91df2d21da0
            • Instruction Fuzzy Hash: 98D05E345C11018BCF1ADB54C710A6A72B5FB10788B50A0A8FA4591020D335D802CA20
            Function 02E8A830 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction ID: f7400d866b739c424a5b4748b9d1c81a8d45f6250ebb13e422c1bd962a62db69
            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction Fuzzy Hash: 45D012371D054CBBCB119F65DC01FA57BAAE754BA0F449020B504875A0C63AE990D994
            Function 02E602A0 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction ID: 387e2677d4254bdb0dadb8e1d2168425809a333e3f8e98bc4511618b78b4cd3d
            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction Fuzzy Hash: E4D0C935292E80CFD61BCB4CC5A8B6633A8BF44F88F819490E445CBB62D73CD940CE00
            Function 02E8C700 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction ID: 8c7e2410b68499531b19e7663539720421d0a5382278a1194c602a51f3998aea
            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction Fuzzy Hash: 64C01232290648AFC712AA98CD01F527BAAEB98B80F004061F2048B670C631E860EA94
            Function 02E70310 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction ID: 247d96f4d1a55ea250f9891ee7e2a8f00cc713ec08ac1a98de093eebcf521080
            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction Fuzzy Hash: 5ED01236140248EFCB01DF41C890D9AB72BFBC8B10F109019FD19077108A31ED62DA50
            Function 02E50750 Relevance: .0, Instructions: 9COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction ID: 64f5924c22dd03fdcd45f5724750ca07c9af21f4ef871ff31101214d63fcb9f8
            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction Fuzzy Hash: ECC002756815418BCF15DA19D2A4B5577E4B744B84F155890E9058B621E624E801CA10
            Function 02E94340 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 309f3c3f62ce4c246956947be8b16f2bbad448a1607f63e26927bc3efb655cf8
            • Instruction ID: 82bd7b769e1ac17969781339325d436ec86dfd65dfbc11ad39a28c1863e47b94
            • Opcode Fuzzy Hash: 309f3c3f62ce4c246956947be8b16f2bbad448a1607f63e26927bc3efb655cf8
            • Instruction Fuzzy Hash: C0900271B45800129580B1984895547440597E0301B55D011E0434954C8A149A569361
            Function 02E94650 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f266f3e66fbb4ae43830b2613b8086be75031bffa61ee84ab5148fbb4d06b890
            • Instruction ID: 1ed565155934a1bcd6f3280a95fecd6b0992f88751edf375af99eddfa4d8ebf4
            • Opcode Fuzzy Hash: f266f3e66fbb4ae43830b2613b8086be75031bffa61ee84ab5148fbb4d06b890
            • Instruction Fuzzy Hash: 5C9002B1B41500424580B1984815407640597E1301395D115A0564960C86189955D269
            Function 02E92AF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f64506c2190f97e8c69b7a551d91efe0997af3067676ca36b9094a56ffc096ce
            • Instruction ID: 8765387b1a810424dad254f2d05d618b2a562bd857982a333dde8acad9ba727e
            • Opcode Fuzzy Hash: f64506c2190f97e8c69b7a551d91efe0997af3067676ca36b9094a56ffc096ce
            • Instruction Fuzzy Hash: 35900275761400020585F598061550B084597D6351395D015F1426990CC62199659321
            Function 02E92AD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5101b0de3d24bb897d82b5091767997fb3910a97c673e0b4753389b65f3c4acf
            • Instruction ID: 26dbedb274e542cad9749df29d6ea8b50708da531eaa61ef6db2e1f0459e113c
            • Opcode Fuzzy Hash: 5101b0de3d24bb897d82b5091767997fb3910a97c673e0b4753389b65f3c4acf
            • Instruction Fuzzy Hash: A5900475751400030545F5DC07155070447C7D5351355D031F1035D50CD731DD71D131
            Function 02E92AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8b239ef0623def81ecefd8ef736a80d31bb9c5e80f246ad28f177b6de7a8293b
            • Instruction ID: 030d1e51621eb1a51044576e64782cdbf735347d538882bafd84669e79cd6ff4
            • Opcode Fuzzy Hash: 8b239ef0623def81ecefd8ef736a80d31bb9c5e80f246ad28f177b6de7a8293b
            • Instruction Fuzzy Hash: DC9002F1741540924940F2988415B0B490587E0201B55D016E1064960CC5259951D135
            Function 02E92BE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 70273e2c6300527bec1fde6394316232a07052eee5503bb6c6b3d4809e0cacfb
            • Instruction ID: 2954c668c718cd8d865872f7bf88445d7c9fff6f23aa451330701e60eecf3296
            • Opcode Fuzzy Hash: 70273e2c6300527bec1fde6394316232a07052eee5503bb6c6b3d4809e0cacfb
            • Instruction Fuzzy Hash: 8390027174544842D580B1984415A47041587D0305F55D011A0074A94D96259E55F661
            Function 02E92BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cc5f6c24636f176344423cdfed7783471a24e006ab25830c169faec0d92a5e7
            • Instruction ID: 0cd4dd0727dd80b94566d380b2e1e997b41c88e2432037fa996169b3b3f3afcf
            • Opcode Fuzzy Hash: 4cc5f6c24636f176344423cdfed7783471a24e006ab25830c169faec0d92a5e7
            • Instruction Fuzzy Hash: 1090027174140802D5C0B198441564B040587D1301F95D015A0035A54DCA159B59B7A1
            Function 02E92BA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b5485246a2dcbfbc85b18b9a591461e3d582de26afe53831fba0e089a4095b0
            • Instruction ID: ba777b8977b948f1ed5ab1850b14e8e615ca5dbff7dc1df74e6830bd1b8103d7
            • Opcode Fuzzy Hash: 2b5485246a2dcbfbc85b18b9a591461e3d582de26afe53831fba0e089a4095b0
            • Instruction Fuzzy Hash: FB900271B4540802D590B1984425747040587D0301F55D011A0034A54D87559B55B6A1
            Function 02E92B80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c1b7840be4c611610e90bec15593f6e972ba0fc07fa7a925d5a4cfa20924e2a
            • Instruction ID: bf34d322bf3c91840c737a4fdea5bd508f2d64168d60893e9d63c349e48fac4a
            • Opcode Fuzzy Hash: 1c1b7840be4c611610e90bec15593f6e972ba0fc07fa7a925d5a4cfa20924e2a
            • Instruction Fuzzy Hash: 7F90027174140802D544B1984815687040587D0301F55D011A6034A55E96659991B131
            Function 02E92B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0ac79ffaf386188af9b1641dfea05f0f387483268b599281925b1c0a95ba69a0
            • Instruction ID: dc8a76ac2a42ffcedae4c66f1be1b4f327d8a6d2f4aeae824fbc5f0df712c205
            • Opcode Fuzzy Hash: 0ac79ffaf386188af9b1641dfea05f0f387483268b599281925b1c0a95ba69a0
            • Instruction Fuzzy Hash: 529002B1742400034545B1984425617440A87E0201B55D021E1024990DC5259991A125
            Function 02E92EE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 14f36b4b69193b4ed8f2cbfa054d3d54b778d11fc3bda6767dffea24ee9211b7
            • Instruction ID: db041dd377e476a8b715e377c168c72156f1e724bd3a1898cc7773302c216bb1
            • Opcode Fuzzy Hash: 14f36b4b69193b4ed8f2cbfa054d3d54b778d11fc3bda6767dffea24ee9211b7
            • Instruction Fuzzy Hash: 3F9002B174180403D580B5984815607040587D0302F55D011A2074955E8A299D51A135
            Function 02E92EA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9414074a91b0e94430bc2e66ef3d8c9d387bde882549d5573e84b2b8b2bd00c3
            • Instruction ID: 1be67c04215187485ea27f6fc20cc1e55c85f6d4d9d61906621e90bd3a4f0206
            • Opcode Fuzzy Hash: 9414074a91b0e94430bc2e66ef3d8c9d387bde882549d5573e84b2b8b2bd00c3
            • Instruction Fuzzy Hash: 869002B174140402D580B1984415747040587D0301F55D011A5074954E86599ED5A665
            Function 02E92E80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a23b9e6a1b2ee5b79aa1072df060b5f2259d381b5dcf3e1443cd66d6514d95d1
            • Instruction ID: c62c9e1173b46596918d674b01040f306ca4c16ff2e6d823f6de4268ffdd203f
            • Opcode Fuzzy Hash: a23b9e6a1b2ee5b79aa1072df060b5f2259d381b5dcf3e1443cd66d6514d95d1
            • Instruction Fuzzy Hash: 62900271B4140502D541B1984415617040A87D0241F95D022A1034955ECA259A92E131
            Function 02E92E30 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ef1ac2aebff478605a35726f8bb1c0471dc0e84bb7c2c6b2e7796b83c05a4e51
            • Instruction ID: 14980dbce18d1501bfe17330ea4e8e35e1e7d74a4bcb21d1ed6cd9768c7f5c46
            • Opcode Fuzzy Hash: ef1ac2aebff478605a35726f8bb1c0471dc0e84bb7c2c6b2e7796b83c05a4e51
            • Instruction Fuzzy Hash: C790027174140402D542B19844256070409C7D1345F95D012E1434955D86259A53E132
            Function 02E92FE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0bef7c00bac59ed8ec259962132f5a678b306455746e3dd6840d996587927e37
            • Instruction ID: fcdba9ff09769b8a9b2984e17a5df7c31d11fe095409412df079c9ddea6f9f5a
            • Opcode Fuzzy Hash: 0bef7c00bac59ed8ec259962132f5a678b306455746e3dd6840d996587927e37
            • Instruction Fuzzy Hash: 8A900271751C0042D640B5A84C25B07040587D0303F55D115A0164954CC91599619521
            Function 02E92FA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 68801ae7da6eec1aa8cc81624bd492ca761e57d8bd82580b8e447bd9599ecfc8
            • Instruction ID: 5617f03fa8300c5f4a4f6746533c82516cc4013c7d3607c1a1d57600a416908c
            • Opcode Fuzzy Hash: 68801ae7da6eec1aa8cc81624bd492ca761e57d8bd82580b8e447bd9599ecfc8
            • Instruction Fuzzy Hash: 0C90027174180402D540B1984819747040587D0302F55D011A5174955E8665D991A531
            Function 02E92FB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5d12d4e6bc69771f1412503f94ad278f7598d7ef620e6f0d14e4b380c0f70305
            • Instruction ID: 03deebc07533c66a5880a110714cf6cfd577e25d6328a1bbce198794eda0c63d
            • Opcode Fuzzy Hash: 5d12d4e6bc69771f1412503f94ad278f7598d7ef620e6f0d14e4b380c0f70305
            • Instruction Fuzzy Hash: FA900271B41400424580B1A888559074405ABE1211755D121A09A8950D855999659665
            Function 02E92F90 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ed8dceafa229dd7eaa0315465a8039129216d07975a58dfa07a083a284129862
            • Instruction ID: 0ad235522cb2c0aa5cda1951eb3f30097cd1c2ff6ba70295aaae1bb8126b05c4
            • Opcode Fuzzy Hash: ed8dceafa229dd7eaa0315465a8039129216d07975a58dfa07a083a284129862
            • Instruction Fuzzy Hash: 2990027174180402D540B198482570B040587D0302F55D011A1174955D86259951A571
            Function 02E92F60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a6b5553f87eaee1c8cf095025d0c46efbfb085d38c5738585402b53c4d69e2e9
            • Instruction ID: 448af2e7633d76a771030a89dc1d97c6e13556897aa0b6512e909d26f4a9897f
            • Opcode Fuzzy Hash: a6b5553f87eaee1c8cf095025d0c46efbfb085d38c5738585402b53c4d69e2e9
            • Instruction Fuzzy Hash: D69002B175140042D544B1984415707044587E1201F55D012A2164954CC5299D619125
            Function 02E92F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a6b8f343346f14bedc589ca62de1a62e542c712d0d25c035cde5a6a88c0830a9
            • Instruction ID: ced5528de19ca54501fe8a7532c32d84c8d7448096792ca7ed1b94c6bd294c85
            • Opcode Fuzzy Hash: a6b8f343346f14bedc589ca62de1a62e542c712d0d25c035cde5a6a88c0830a9
            • Instruction Fuzzy Hash: 019002B178140442D540B1984425B070405C7E1301F55D015E1074954D8619DD52A126
            Function 02E92CF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 22f653c05ca78e774a11f5a1719e3bdd34e524a4e3a07bd22cc24afad20fe7d2
            • Instruction ID: f699d7407dc59c49621e7e68d31e1fbb757059f8d08ed63b770f04f9516dcd48
            • Opcode Fuzzy Hash: 22f653c05ca78e774a11f5a1719e3bdd34e524a4e3a07bd22cc24afad20fe7d2
            • Instruction Fuzzy Hash: AE90027174140403D540B1985519707040587D0201F55E411A0434958DD6569951A121
            Function 02E92CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fad209ac556b88b0e04aca15d92a8d7a1fc63c4dc3a372f58da5c1066197db83
            • Instruction ID: f9a93840f681ac45bee6fca8fb1454c3d31d62b08edf6969692cb2b1817b1f03
            • Opcode Fuzzy Hash: fad209ac556b88b0e04aca15d92a8d7a1fc63c4dc3a372f58da5c1066197db83
            • Instruction Fuzzy Hash: 70900271B4540402D580B1985429707041587D0201F55E011A0034954DC6599B55A6A1
            Function 02E92CA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 15074d3172bb62874285aedf2d490e4bf4bd4e7fed5567f2c3920a1425fd1934
            • Instruction ID: 0a251db6dd291a4070ae84427cda3ee9b30d605ed702db6a07b56ad9cb58ecb5
            • Opcode Fuzzy Hash: 15074d3172bb62874285aedf2d490e4bf4bd4e7fed5567f2c3920a1425fd1934
            • Instruction Fuzzy Hash: 5490027174140402D540B5D85419647040587E0301F55E011A5034955EC6659991A131
            Function 02E92C60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 134224b2efaf93df013fae4703aa8802dd85aa4a6dc24c80af82d62106e1d70d
            • Instruction ID: da6f751bdcc35e8dca9cd9e6c76401fe4b21ccece276187f2ce71e384009c4c5
            • Opcode Fuzzy Hash: 134224b2efaf93df013fae4703aa8802dd85aa4a6dc24c80af82d62106e1d70d
            • Instruction Fuzzy Hash: 2390027174140842D540B1984415B47040587E0301F55D016A0134A54D8615D951B521
            Function 02E92C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e89671b8bdb508ffa028aeee24045aa1f173b2087e5041a6ff7c3cde5e53991d
            • Instruction ID: 94a4f5e56e27a399f3db4beddfb9f1bd6e372a43ecbe1ce35565354d1573a557
            • Opcode Fuzzy Hash: e89671b8bdb508ffa028aeee24045aa1f173b2087e5041a6ff7c3cde5e53991d
            • Instruction Fuzzy Hash: C690027174148802D550B198841574B040587D0301F59D411A4434A58D86959991B121
            Function 02E92DD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 43365aafb6348987756f530e6dd65651aaa3010c2b4e6eb0163a5232524dfa04
            • Instruction ID: 80d73afe6b79b1b75319c418046c1245b21822a4590192b7603958cac43b5b26
            • Opcode Fuzzy Hash: 43365aafb6348987756f530e6dd65651aaa3010c2b4e6eb0163a5232524dfa04
            • Instruction Fuzzy Hash: A7900271782441525985F1984415507440697E0241795D012A1424D50C8526A956D621
            Function 02E92DB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5823647150ddec20eeb51eceff5c97ff3b3b2c5eacac46a2cdd8c6ae433ed713
            • Instruction ID: 94a83da9711373083a3d66f2f29e446e1db8fd9a00d3d1a5637bb9986ac9f0c0
            • Opcode Fuzzy Hash: 5823647150ddec20eeb51eceff5c97ff3b3b2c5eacac46a2cdd8c6ae433ed713
            • Instruction Fuzzy Hash: 5E90027178140402D581B1984415607040997D0241F95D012A0434954E86559B56EA61
            Function 02E92D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2bb7fb4ddb0d839e88f9697546c9756cf596ade1fb32f169d2bb11bbbe107ef1
            • Instruction ID: 466103b2eeb46e39b57df5e1b1ff39e5890326ec92cb7025d672280e39deb104
            • Opcode Fuzzy Hash: 2bb7fb4ddb0d839e88f9697546c9756cf596ade1fb32f169d2bb11bbbe107ef1
            • Instruction Fuzzy Hash: 1190027174140003D580B19854296074405D7E1301F55E011E0424954CD91599569222
            Function 02E92D00 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d62b1b26cfcc3f6732e5bd3314ebbc0c7f4006857a2eafb66d5ee9209658ea4c
            • Instruction ID: df72c7a5fbe04329515f11bc9e97880db089fdcc94df8f6414726df8ad6701a5
            • Opcode Fuzzy Hash: d62b1b26cfcc3f6732e5bd3314ebbc0c7f4006857a2eafb66d5ee9209658ea4c
            • Instruction Fuzzy Hash: A490027174544442D540B5985419A07040587D0205F55E011A1074995DC6359951E131
            Function 02E92D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5e61f405fcd9a2de5a1259402aa936c5b82b0409490faa43cc5463e9154cfaef
            • Instruction ID: ed85cd49b898baae029ab36f122871554d914873ebef8d79a3c43fbaa99ebd28
            • Opcode Fuzzy Hash: 5e61f405fcd9a2de5a1259402aa936c5b82b0409490faa43cc5463e9154cfaef
            • Instruction Fuzzy Hash: F890027975340002D5C0B198541960B040587D1202F95E415A0025958CC91599699321
            Function 02E93090 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dc411ed566c5ec4a96dc138743a49d4d17836f7b2d76bf3361058b0983f01cc0
            • Instruction ID: 24ced1acc46f250af3287fc0db8ef11aae4390417ca2d068c57af9ff760b8e6d
            • Opcode Fuzzy Hash: dc411ed566c5ec4a96dc138743a49d4d17836f7b2d76bf3361058b0983f01cc0
            • Instruction Fuzzy Hash: 5390027178140802D580B19884257070406C7D0601F55D011A0034954D86169A65A6B1
            Function 02E93010 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bb5bc54f8875d28538e9527634bec7f85150bb5fa3a715dbe434895f52ca1d5d
            • Instruction ID: 81cceeea81d4de5bf089e7d88023c719075f02b1b7d8460e9a839bf04ac70bd6
            • Opcode Fuzzy Hash: bb5bc54f8875d28538e9527634bec7f85150bb5fa3a715dbe434895f52ca1d5d
            • Instruction Fuzzy Hash: 0C90027174184442D580B2984815B0F450587E1202F95D019A4166954CC91599559721
            Function 02E935C0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e4b0209f2c7fbf4a1dff210db45cc9335a2053d315150637127ffbf0b5c0cadb
            • Instruction ID: 9886114c79e5f19c9a2e9c2620508b96d622264533f640ba83d6daeaf4d4df61
            • Opcode Fuzzy Hash: e4b0209f2c7fbf4a1dff210db45cc9335a2053d315150637127ffbf0b5c0cadb
            • Instruction Fuzzy Hash: 9F900271B4550402D540B1984525707140587D0201F65D411A0434968D87959A51A5A2
            Function 02E939B0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3971138653fbd4d618e3c8bfbd85fcee018060afd19537eeba441e03d26ca705
            • Instruction ID: 07caa890601e2f99c116abfe8b879af2d3e2ca7d2c4170a0f68c40cc97699908
            • Opcode Fuzzy Hash: 3971138653fbd4d618e3c8bfbd85fcee018060afd19537eeba441e03d26ca705
            • Instruction Fuzzy Hash: B890027178545102D590B19C44156174405A7E0201F55D021A0824994D85559955A221
            Function 02E93D70 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 990b8d333e8518736fce0250ecf350498c9e6f5d0f5d838b169b82a24d0254d3
            • Instruction ID: 418d5a9e279a25c74479df0d1480ba52d0db7b23f092798f6dfafaa280202c53
            • Opcode Fuzzy Hash: 990b8d333e8518736fce0250ecf350498c9e6f5d0f5d838b169b82a24d0254d3
            • Instruction Fuzzy Hash: E490027574140402D950B1985815647044687D0301F55E411A0434958D865499A1E121
            Function 02E93D10 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bad2eafa0fa3636de89f5b192c265067320821ade7c4c7b511e4adde7a57aa52
            • Instruction ID: f31f94fb82a275a5a2e3bf4afa9890f9263afcb51b0ff2c684bc7fc933b3f571
            • Opcode Fuzzy Hash: bad2eafa0fa3636de89f5b192c265067320821ade7c4c7b511e4adde7a57aa52
            • Instruction Fuzzy Hash: 29900271742401429980B2985815A4F450587E1302B95E415A0025954CC91499619221
            Function 02E92C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction ID: 8df0883f886d33a5bc301bfb9942e5ef211da7acfdc130e6bf1074fadbba0cc0
            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction Fuzzy Hash:
            Function 02E92890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: 725f4c09a8d4d5b3c3c72af9d10db1713cc4fd6d623319bf382e3fc86c311d57
            • Instruction ID: d87ae08261d89aac0464c9f24402db24a546546b978f79d6d85e9929fa5cb2c4
            • Opcode Fuzzy Hash: 725f4c09a8d4d5b3c3c72af9d10db1713cc4fd6d623319bf382e3fc86c311d57
            • Instruction Fuzzy Hash: 6D51D9B5A802167FDF20DF98C990A7EF7B8BB08204750E56AE955D7641D374EE40CBE0
            Function 02F02410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: 392eb5b7a3133132b2a3534e221d60d3cc9eb72b5fad9ac11b34ca3672c8ff08
            • Instruction ID: df5bf9d2d9f13292e1c612b1d681080ddaaef9d5800579f023cc6111e3d0d384
            • Opcode Fuzzy Hash: 392eb5b7a3133132b2a3534e221d60d3cc9eb72b5fad9ac11b34ca3672c8ff08
            • Instruction Fuzzy Hash: 45513775A40645AEDB30DE5CC9E497FF7F9EB48240B10845AEA96C72C1DB70EA00DB70
            Function 02E87630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
            Download Yara Rule
            Strings
            • CLIENT(ntdll): Processing section info %ws..., xrefs: 02EC4787
            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02EC4725
            • ExecuteOptions, xrefs: 02EC46A0
            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02EC4655
            • Execute=1, xrefs: 02EC4713
            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02EC4742
            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02EC46FC
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
            • API String ID: 0-484625025
            • Opcode ID: e2239f7411a87ba8dc904d69076e80f86558224ba403f7a8f1a6661a54fd45bd
            • Instruction ID: 93f3b87853a9bf62cf8e26a5414ccc02239978ac053714b51174c9a3654acf6a
            • Opcode Fuzzy Hash: e2239f7411a87ba8dc904d69076e80f86558224ba403f7a8f1a6661a54fd45bd
            • Instruction Fuzzy Hash: 69512A396C02186AEF11FBA4DC95FE9B3B9AF44309F24A0A9E50DAB180D7719A41CF50
            Function 004011D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 100windowregistryCOMMON
            Download Yara Rule
            APIs
            • LoadIconW.USER32(?,0000006B), ref: 00401274
            • LoadCursorW.USER32(00000000,00007F00), ref: 00401280
            • LoadIconW.USER32(?,0000006C), ref: 004012D1
            • RegisterClassExW.USER32(?), ref: 004012F1
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Load$Icon$ClassCursorRegister
            • String ID: 0$VUUU$m$sHM
            • API String ID: 4202395251-3342424473
            • Opcode ID: 202918c9eeb5c8fe49f39048bcb2cf246308ac740278aae72b882ff4b33a2721
            • Instruction ID: ca4d6e09da1b902e87295ee27de22d0438ed49902f25e9eb39b411780a72299e
            • Opcode Fuzzy Hash: 202918c9eeb5c8fe49f39048bcb2cf246308ac740278aae72b882ff4b33a2721
            • Instruction Fuzzy Hash: 5431A2B1E002099BDB04CF99D89479EBBB5EB98344F54817EE505FB3D0E77899058B88
            Function 0044961D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • __getptd.LIBCMT ref: 00449629
              • Part of subcall function 004479E3: __getptd_noexit.LIBCMT ref: 004479E6
              • Part of subcall function 004479E3: __amsg_exit.LIBCMT ref: 004479F3
            • __amsg_exit.LIBCMT ref: 00449649
            • __lock.LIBCMT ref: 00449659
            • InterlockedDecrement.KERNEL32(?), ref: 00449676
            • _free.LIBCMT ref: 00449689
            • InterlockedIncrement.KERNEL32(0044E570), ref: 004496A1
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
            • String ID: pD
            • API String ID: 3470314060-1597287149
            • Opcode ID: b5242df698dcd8bc78609dbd76c77690b5d726534a2e519f20be2f19c423c60c
            • Instruction ID: a8550959e1ce490bcd2475ad29875b9c1c66726fe2ec56502c2b0f8db4dfc514
            • Opcode Fuzzy Hash: b5242df698dcd8bc78609dbd76c77690b5d726534a2e519f20be2f19c423c60c
            • Instruction Fuzzy Hash: 7801AD75902A21ABFB20AB66944675F77A0BF01724F16001FE40467390CB3CAC81EFDD
            Function 00401000 Relevance: 12.2, APIs: 8, Instructions: 167COMMON
            Download Yara Rule
            APIs
            • LoadStringW.USER32(?,00000067,0044F960,00000064), ref: 00401072
            • LoadStringW.USER32(?,0000006D,0044F898,00000064), ref: 0040109F
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: LoadString
            • String ID:
            • API String ID: 2948472770-0
            • Opcode ID: 3c593f117cc8da7faad77f758466e05fa951605f921ab0f5c625403959fa0779
            • Instruction ID: 5f35485787a8ff3f54e8c803505276b5c761e22afa461fbc20778d11b7e619cc
            • Opcode Fuzzy Hash: 3c593f117cc8da7faad77f758466e05fa951605f921ab0f5c625403959fa0779
            • Instruction Fuzzy Hash: F151C871B002099BD718CB69DC95BAE73B9EB4C344F10813AF645FB3E1DA78D9418B98
            Function 02F26940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction ID: 8dc2f2c07fc7ebb8e6e04e73ab394947ea37853680d56f4cd44fdf32b2a9cbb1
            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction Fuzzy Hash: 39024771508351AFD705DF18C890A6FBBEAEFC9784F00892DFA959B254DB31E909CB42
            Function 02E9B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-$0$0
            • API String ID: 1302938615-699404926
            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction ID: 1869477f3bf82f28f7e988fa4988242c35aa52259dcd42ebfbaf0ae91588a952
            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction Fuzzy Hash: C781AE70E852499ADF24CF68E8917FEBBA2AF4531CF18E21FE851A7291C7359840CB51
            Function 02F020E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$[$]:%u
            • API String ID: 48624451-2819853543
            • Opcode ID: 39cbfab8d6c442814565a1422b26ff024d369c2cad8e96479d1419643348b478
            • Instruction ID: ce62362b6f9e70374e21db5ba66670507cf08e707db50afb0fa49d198bf188f9
            • Opcode Fuzzy Hash: 39cbfab8d6c442814565a1422b26ff024d369c2cad8e96479d1419643348b478
            • Instruction Fuzzy Hash: CF215376E00119ABEB10DF79D884AEEB7F9AF54788F044116EE05D3240E730D9019BA1
            Function 00449EEC Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • _malloc.LIBCMT ref: 00449EFA
              • Part of subcall function 00449DD6: __FF_MSGBANNER.LIBCMT ref: 00449DEF
              • Part of subcall function 00449DD6: __NMSG_WRITE.LIBCMT ref: 00449DF6
              • Part of subcall function 00449DD6: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,00448C91,?,00000001,?,?,004480B1,00000018,0044C900,0000000C,00448141), ref: 00449E1B
            • _free.LIBCMT ref: 00449F0D
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: AllocHeap_free_malloc
            • String ID:
            • API String ID: 2734353464-0
            • Opcode ID: 3ea2dd47ea209d101fcf6e61e7c5fd77bb685394ae1030b30874a2797fd652a3
            • Instruction ID: f8ed583710060432ab3b4f98353ccb66e3e867ee3ee9d3bc156e67b9503bbcca
            • Opcode Fuzzy Hash: 3ea2dd47ea209d101fcf6e61e7c5fd77bb685394ae1030b30874a2797fd652a3
            • Instruction Fuzzy Hash: 91112332404615BAEB213B75AC06A6F36A9DB453A1B20042FF958CA250DF3CCC45ABED
            Function 00449381 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            • __getptd.LIBCMT ref: 0044938D
              • Part of subcall function 004479E3: __getptd_noexit.LIBCMT ref: 004479E6
              • Part of subcall function 004479E3: __amsg_exit.LIBCMT ref: 004479F3
            • __getptd.LIBCMT ref: 004493A4
            • __amsg_exit.LIBCMT ref: 004493B2
            • __lock.LIBCMT ref: 004493C2
            • __updatetlocinfoEx_nolock.LIBCMT ref: 004493D6
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
            • String ID:
            • API String ID: 938513278-0
            • Opcode ID: 337961a703a547e9e2eed0c1a62e1d7e3f3561656747c3a15fa4ead821fca098
            • Instruction ID: d712c0729728efba049b02b360eef3cb6162a32a26dc7e34bbdef78f9f47da02
            • Opcode Fuzzy Hash: 337961a703a547e9e2eed0c1a62e1d7e3f3561656747c3a15fa4ead821fca098
            • Instruction Fuzzy Hash: 66F09632948B10AAFB20BF76940774F7390AF05719F11410FF804672D2CB6C4D41EA5E
            Function 02E7F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
            Download Yara Rule
            Strings
            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02EC02BD
            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02EC02E7
            • RTL: Re-Waiting, xrefs: 02EC031E
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
            • API String ID: 0-2474120054
            • Opcode ID: 6d4f837a037375a87d42bcbee8037ac7761f5af9c4db11ea728d3d0c865c1d4d
            • Instruction ID: 42a620c77bb17794ab0deba544342374b353190a19a432fb2fdcdfc20d471840
            • Opcode Fuzzy Hash: 6d4f837a037375a87d42bcbee8037ac7761f5af9c4db11ea728d3d0c865c1d4d
            • Instruction Fuzzy Hash: 69E11130688741DFD724CF68C984B6AB7E1BF84318F249A1DF4A58B6E1D770D845CB92
            Function 02E8BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
            Download Yara Rule
            Strings
            • RTL: Resource at %p, xrefs: 02EC7B8E
            • RTL: Re-Waiting, xrefs: 02EC7BAC
            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02EC7B7F
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 0-871070163
            • Opcode ID: f722243944efe932b344e51a5ecc65f9d2b1dcb30aa98f3e1b824be067fca680
            • Instruction ID: aec12c585f2c9696c087a55910f39031304f8490cea309c844eeb2f3252a2ef8
            • Opcode Fuzzy Hash: f722243944efe932b344e51a5ecc65f9d2b1dcb30aa98f3e1b824be067fca680
            • Instruction Fuzzy Hash: 6341C0313807029BD724EA25CD50B6AB7E6EB88718F109A1DF99EDB680DB70E405CF91
            Function 02E8B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02EC728C
            Strings
            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02EC7294
            • RTL: Resource at %p, xrefs: 02EC72A3
            • RTL: Re-Waiting, xrefs: 02EC72C1
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 885266447-605551621
            • Opcode ID: 74a8d3e860dbb87b71e5fd09aed78329c27f747173bb629d91bf95a63f5e003a
            • Instruction ID: ed7361a438eeaddc90e29d696945908613d12cda079e816ee846fc5069188d83
            • Opcode Fuzzy Hash: 74a8d3e860dbb87b71e5fd09aed78329c27f747173bb629d91bf95a63f5e003a
            • Instruction Fuzzy Hash: D9412471780602ABD724DE65CC41B66B7A9FF54718F20A61DFD9DDB240DB20E802CBD0
            Function 00401310 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMON
            Download Yara Rule
            APIs
            • CreateWindowExW.USER32(00000001,0044F898,0044F960,00CF0000,80000000,00000001,80000000,00000001,00000001,00000001,00000066,00000001), ref: 0040138E
            • ShowWindow.USER32(00000000,?), ref: 0040141A
            • UpdateWindow.USER32(00000000), ref: 00401421
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Window$CreateShowUpdate
            • String ID: f
            • API String ID: 2944774295-1993550816
            • Opcode ID: 088fa2f01e81952925ac10b6bb96e09ccb2460c433077398809c758167d97183
            • Instruction ID: 555c6f15fa4356f0538b278a80aca9f20311b3c888a0b84d60470cb2e792f657
            • Opcode Fuzzy Hash: 088fa2f01e81952925ac10b6bb96e09ccb2460c433077398809c758167d97183
            • Instruction Fuzzy Hash: AB212831B0020997E7288A5DDC45BAB7AA6D7D5701F14813AFD05EF7E0F6789D1083D8
            Function 00401434 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 93COMMON
            Download Yara Rule
            APIs
            • DefWindowProcW.USER32(?,?,?,?), ref: 0040152C
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: ProcWindow
            • String ID: gp$rm$|'
            • API String ID: 181713994-2630029340
            • Opcode ID: 4b15c5af6174be74e6618b8bd43ecce3d716cd24117a749870ef40dd34e0ff93
            • Instruction ID: 0ea00003b09dd5469a1bee3c2f46837c3ffca6f86c0d4820431bf6aae05950e0
            • Opcode Fuzzy Hash: 4b15c5af6174be74e6618b8bd43ecce3d716cd24117a749870ef40dd34e0ff93
            • Instruction Fuzzy Hash: AC31D1B16182058BD728CF2CD84569B77D5E789304F10873EF989DB3E1D679D9048B8A
            Function 02F02300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$]:%u
            • API String ID: 48624451-3050659472
            • Opcode ID: 4f7c267bb2b3405e4341343fbf7bac2494d59eabb148550648806719c9f1bf42
            • Instruction ID: b752fe7a2c2b8fc95e114c3a73f8509dadd706d0fd2d03d73bab4e60e4f20a58
            • Opcode Fuzzy Hash: 4f7c267bb2b3405e4341343fbf7bac2494d59eabb148550648806719c9f1bf42
            • Instruction Fuzzy Hash: 49318672A002199FDB20DF29DC84BEEB7F9EB44754F544556ED49E3280EB30AA449FB0
            Function 02E97D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-
            • API String ID: 1302938615-2137968064
            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction ID: c212fd84899bfaf77014d9f65a18c62155d038de41961bcfdaf968f5124f787d
            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction Fuzzy Hash: 719193F0E902059ADF24DE6AC8817BEF7A5BF45728F14E61BE855A72D0D7309984CB10
            Function 02E59126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328972056.0000000002E20000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E20000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_2e20000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $$@
            • API String ID: 0-1194432280
            • Opcode ID: 82e3ca20ca3c2805b929dc5f55d2d010a684cb2a4259bd1faa98d56cf26cc833
            • Instruction ID: 206e0aff43e9a723d6fe4a21659f28258c2abf57082b55979533139e1aca6313
            • Opcode Fuzzy Hash: 82e3ca20ca3c2805b929dc5f55d2d010a684cb2a4259bd1faa98d56cf26cc833
            • Instruction Fuzzy Hash: A9812B75D80269DBDB25CB54CD44BEEB7B4AF08754F0091EAAA19B7240D7705E84CFA0
            Function 00401750 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.2328494578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID:
            • String ID: _O$|'
            • API String ID: 0-2798815937
            • Opcode ID: 3813f26a999af9f717b0e0b31dea97d05fdc979e6cd744f87c3c37987e42c54e
            • Instruction ID: 8b5d8336868ae433b9fef53103a39dcd2916eeb41eb2fac3325db5c87768f0c8
            • Opcode Fuzzy Hash: 3813f26a999af9f717b0e0b31dea97d05fdc979e6cd744f87c3c37987e42c54e
            • Instruction Fuzzy Hash: 1841A1B1F0010A4BDB18DA5DC8556BE77A2EB94304F54853FE505EF3E1E678AE418788