Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
Analysis ID:1519366
MD5:8825b50e377782c6c889c43998b31555
SHA1:3d23cbc80c53b1fbf382e08d39ecf5f77d0d3419
SHA256:aaad2261843429b4a8574c5c3fd1a80e2462fab4abdd1581eb4dacca34084882
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.awlc7038.vip/b31a/"], "decoy": ["enjamin-paaac.buzz", "mail-marketing-40950.bond", "pusems28-post.cyou", "hindo.top", "ruck-company-be.today", "asinos-deutschland.net", "ewancash.boats", "etdopovo.casino", "rcher-saaac.buzz", "871166.vip", "manuel.app", "g3yqo.shop", "-9way.xyz", "qawgytfexe.bond", "iefi6834.vip", "ental-health-35901.bond", "idat-merkez18.top", "rojectleadzone.website", "lirudolph.top", "migloballlc.online", "utebolshirts.shop", "i-tools-57602.bond", "itchen-889.bond", "hewieandfriends.info", "tlchurch.net", "arolmodasgpuava.online", "indjuvedermdoctorsnearby.today", "auwin-daftar.xyz", "arden-sheds-23886.bond", "2239d3.christmas", "irablog.xyz", "remation-services-88863.bond", "ehxk3u7.forum", "resdai.xyz", "61pk48ln.autos", "-web-p102.buzz", "eb2125.info", "ole-xaaaa.buzz", "lc-driving-school.net", "igh-class-jewelry.info", "66gd660du.bond", "ixi.asia", "aemoruhagic.click", "entalcare-us2-borysfb.today", "olf-cart-82894.bond", "algrup.net", "usanscanneritaly63.sbs", "ames666.xyz", "ockycanada.net", "bykmr.shop", "gpmedia.app", "avada-ga-34.press", "igraine-treatment-33058.bond", "heodore-saaab.buzz", "ashforhouse19.online", "48827496.top", "mazonun.top", "lstrk.fun", "hegdg.net", "nssmodule.center", "sksiniaja7.buzz", "uneytozgur.online", "orri.shop", "ras-us-1.bond"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cb80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b8e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c8ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18809:$sqlite3step: 68 34 1C 7B E1
      • 0x1891c:$sqlite3step: 68 34 1C 7B E1
      • 0x18838:$sqlite3text: 68 38 2A 90 C5
      • 0x1895d:$sqlite3text: 68 38 2A 90 C5
      • 0x1884b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x18973:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 8 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1bd80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x9bbf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x14aa7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x978a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1360c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa483:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1aae7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1baea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a09:$sqlite3step: 68 34 1C 7B E1
          • 0x17b1c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a38:$sqlite3text: 68 38 2A 90 C5
          • 0x17b5d:$sqlite3text: 68 38 2A 90 C5
          • 0x17a4b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17b73:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 5 entries

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.awlc7038.vip/b31a/"], "decoy": ["enjamin-paaac.buzz", "mail-marketing-40950.bond", "pusems28-post.cyou", "hindo.top", "ruck-company-be.today", "asinos-deutschland.net", "ewancash.boats", "etdopovo.casino", "rcher-saaac.buzz", "871166.vip", "manuel.app", "g3yqo.shop", "-9way.xyz", "qawgytfexe.bond", "iefi6834.vip", "ental-health-35901.bond", "idat-merkez18.top", "rojectleadzone.website", "lirudolph.top", "migloballlc.online", "utebolshirts.shop", "i-tools-57602.bond", "itchen-889.bond", "hewieandfriends.info", "tlchurch.net", "arolmodasgpuava.online", "indjuvedermdoctorsnearby.today", "auwin-daftar.xyz", "arden-sheds-23886.bond", "2239d3.christmas", "irablog.xyz", "remation-services-88863.bond", "ehxk3u7.forum", "resdai.xyz", "61pk48ln.autos", "-web-p102.buzz", "eb2125.info", "ole-xaaaa.buzz", "lc-driving-school.net", "igh-class-jewelry.info", "66gd660du.bond", "ixi.asia", "aemoruhagic.click", "entalcare-us2-borysfb.today", "olf-cart-82894.bond", "algrup.net", "usanscanneritaly63.sbs", "ames666.xyz", "ockycanada.net", "bykmr.shop", "gpmedia.app", "avada-ga-34.press", "igraine-treatment-33058.bond", "heodore-saaab.buzz", "ashforhouse19.online", "48827496.top", "mazonun.top", "lstrk.fun", "hegdg.net", "nssmodule.center", "sksiniaja7.buzz", "uneytozgur.online", "orri.shop", "ras-us-1.bond"]}
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeReversingLabs: Detection: 36%
          Yara detected FormBook
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: zaHu.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: zaHu.pdbSHA256i source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 4x nop then pop edi5_2_00416C96

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.awlc7038.vip/b31a/

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe PID: 7832, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe PID: 8012, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041A320 NtCreateFile,5_2_0041A320
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041A3D0 NtReadFile,5_2_0041A3D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041A450 NtClose,5_2_0041A450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041A500 NtAllocateVirtualMemory,5_2_0041A500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041A44A NtReadFile,NtClose,5_2_0041A44A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_01612BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_01612DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01614340 NtSetContextThread,5_2_01614340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01614650 NtSuspendThread,5_2_01614650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612B60 NtClose,5_2_01612B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612BE0 NtQueryValueKey,5_2_01612BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612BA0 NtEnumerateValueKey,5_2_01612BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612B80 NtQueryInformationFile,5_2_01612B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612AF0 NtWriteFile,5_2_01612AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612AD0 NtReadFile,5_2_01612AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612AB0 NtWaitForSingleObject,5_2_01612AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612D30 NtUnmapViewOfSection,5_2_01612D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612D00 NtSetInformationFile,5_2_01612D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612D10 NtMapViewOfSection,5_2_01612D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612DD0 NtDelayExecution,5_2_01612DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612DB0 NtEnumerateKey,5_2_01612DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612C60 NtCreateKey,5_2_01612C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612C70 NtFreeVirtualMemory,5_2_01612C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612C00 NtQueryInformationProcess,5_2_01612C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612CF0 NtOpenProcess,5_2_01612CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612CC0 NtQueryVirtualMemory,5_2_01612CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612CA0 NtQueryInformationToken,5_2_01612CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612F60 NtCreateProcessEx,5_2_01612F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612F30 NtCreateSection,5_2_01612F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612FE0 NtCreateFile,5_2_01612FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612FA0 NtQuerySection,5_2_01612FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612FB0 NtResumeThread,5_2_01612FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612F90 NtProtectVirtualMemory,5_2_01612F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612E30 NtWriteVirtualMemory,5_2_01612E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612EE0 NtQueueApcThread,5_2_01612EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612EA0 NtAdjustPrivilegesToken,5_2_01612EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612E80 NtReadVirtualMemory,5_2_01612E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01613010 NtOpenDirectoryObject,5_2_01613010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01613090 NtSetValueKey,5_2_01613090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016135C0 NtCreateMutant,5_2_016135C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016139B0 NtGetContextThread,5_2_016139B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01613D70 NtOpenThread,5_2_01613D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01613D10 NtOpenProcessToken,5_2_01613D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_029ADE4C0_2_029ADE4C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_04FF73680_2_04FF7368
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_04FF00400_2_04FF0040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_04FF003F0_2_04FF003F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_04FF73580_2_04FF7358
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_06D034480_2_06D03448
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_004010305_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041D94E5_2_0041D94E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_004011745_2_00401174
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_004012085_2_00401208
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041EB495_2_0041EB49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041D5635_2_0041D563
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_00402D905_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_00409E4B5_2_00409E4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_00409E505_2_00409E50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_00402FB05_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016681585_2_01668158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D01005_2_015D0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167A1185_2_0167A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016981CC5_2_016981CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A01AA5_2_016A01AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016720005_2_01672000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169A3525_2_0169A352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A03E65_2_016A03E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EE3F05_2_015EE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016802745_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016602C05_2_016602C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E05355_2_015E0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A05915_2_016A0591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016924465_2_01692446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0168E4F65_2_0168E4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E07705_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016047505_2_01604750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DC7C05_2_015DC7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FC6E05_2_015FC6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F69625_2_015F6962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016AA9A65_2_016AA9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A05_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E28405_2_015E2840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EA8405_2_015EA840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E8F05_2_0160E8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C68B85_2_015C68B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169AB405_2_0169AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01696BD75_2_01696BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DEA805_2_015DEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EAD005_2_015EAD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DADE05_2_015DADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F8DBF5_2_015F8DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0C005_2_015E0C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0CF25_2_015D0CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680CB55_2_01680CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01654F405_2_01654F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01622F285_2_01622F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01600F305_2_01600F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D2FC85_2_015D2FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015ECFE05_2_015ECFE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165EFA05_2_0165EFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0E595_2_015E0E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169EE265_2_0169EE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169EEDB5_2_0169EEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F2E905_2_015F2E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169CE935_2_0169CE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016AB16B5_2_016AB16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0161516C5_2_0161516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CF1725_2_015CF172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EB1B05_2_015EB1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016970E95_2_016970E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169F0E05_2_0169F0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E70C05_2_015E70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0168F0CC5_2_0168F0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CD34C5_2_015CD34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169132D5_2_0169132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0162739A5_2_0162739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016812ED5_2_016812ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FB2C05_2_015FB2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E52A05_2_015E52A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016975715_2_01697571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167D5B05_2_0167D5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D14605_2_015D1460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169F43F5_2_0169F43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169F7B05_2_0169F7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016916CC5_2_016916CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E99505_2_015E9950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FB9505_2_015FB950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164D8005_2_0164D800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E38E05_2_015E38E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169FB765_2_0169FB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01655BF05_2_01655BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0161DBF95_2_0161DBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FFB805_2_015FFB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01653A6C5_2_01653A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169FA495_2_0169FA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01697A465_2_01697A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0168DAC65_2_0168DAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01625AA05_2_01625AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167DAAC5_2_0167DAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01697D735_2_01697D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E3D405_2_015E3D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01691D5A5_2_01691D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FFDC05_2_015FFDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01659C325_2_01659C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169FCF25_2_0169FCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169FF095_2_0169FF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015A3FD25_2_015A3FD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015A3FD55_2_015A3FD5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E1F925_2_015E1F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169FFB15_2_0169FFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E9EB05_2_015E9EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: String function: 0165F290 appears 105 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: String function: 01627E54 appears 99 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: String function: 01615130 appears 37 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: String function: 015CB970 appears 273 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: String function: 0164EA12 appears 86 times
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000000.00000002.1392528610.0000000000D9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000000.00000002.1396740552.0000000006FF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000000.00000002.1394003779.0000000003D4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000005.00000002.1374163255.00000000016CD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeBinary or memory string: OriginalFilenamezaHu.exeD vs SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe PID: 7832, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe PID: 8012, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, QIfGYTShurHc402uvU.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, QIfGYTShurHc402uvU.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, ET3JZPt4iycswEsdNK.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, ET3JZPt4iycswEsdNK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, ET3JZPt4iycswEsdNK.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, ET3JZPt4iycswEsdNK.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, ET3JZPt4iycswEsdNK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, ET3JZPt4iycswEsdNK.csSecurity API names: _0020.AddAccessRule
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.logJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeMutant created: NULL
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeMutant created: \Sessions\1\BaseNamedObjects\uIvZnASNXhGuEdLR
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeReversingLabs: Detection: 36%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: zaHu.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: zaHu.pdbSHA256i source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, ET3JZPt4iycswEsdNK.cs.Net Code: zEjoDBcirC System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.2ba44b4.0.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.2badacc.1.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6bd0000.3.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, ET3JZPt4iycswEsdNK.cs.Net Code: zEjoDBcirC System.Reflection.Assembly.Load(byte[])
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic PE information: 0xD1615EA2 [Fri Apr 25 15:09:22 2081 UTC]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_06D006B0 push ss; iretd 0_2_06D006BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_06D00E63 push ds; iretd 0_2_06D00E64
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_06D0060E push ds; iretd 0_2_06D0060F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_06D00CF8 push ds; iretd 0_2_06D00CF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_06D01460 push ds; iretd 0_2_06D0146E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 0_2_06D003E5 push ss; iretd 0_2_06D003E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041E03F push F69B27B4h; ret 5_2_0041E044
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_004169E1 push cs; ret 5_2_00416A1B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_00416996 push cs; ret 5_2_00416A1B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_004179BE push esp; ret 5_2_004179C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041645D push 22047084h; ret 5_2_00416462
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041D475 push eax; ret 5_2_0041D4C8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041D4C2 push eax; ret 5_2_0041D4C8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041D4CB push eax; ret 5_2_0041D532
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041D52C push eax; ret 5_2_0041D532
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_004035C8 push esi; iretd 5_2_004035CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_004175A0 pushfd ; iretd 5_2_004175B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0041DE4A push ebp; iretd 5_2_0041DE52
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_004176EF push cs; ret 5_2_004176D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_004176A1 push cs; ret 5_2_004176D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015A225F pushad ; ret 5_2_015A27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015A27FA pushad ; ret 5_2_015A27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D09AD push ecx; mov dword ptr [esp], ecx5_2_015D09B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015A283D push eax; iretd 5_2_015A2858
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015A1328 push eax; iretd 5_2_015A1369
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015A9939 push es; iretd 5_2_015A9940
          Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeStatic PE information: section name: .text entropy: 7.848663363935903
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, SCrAtcpBTYfUqOOEoP.csHigh entropy of concatenated method names: 'iXwP60bIkT', 'HjYPSiHHG6', 'wa0Po99et5', 'YqKPWX03xm', 'zuCPag05TR', 'qflPJ2IwPd', 'T6hPQuSrAZ', 'lE14rAduY5', 'eI14tVlHYA', 'lPp4LRfR7k'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, Lg6pkAaYxfI1d02Xwk.csHigh entropy of concatenated method names: 'ToString', 'ujtdh6it2g', 'lI4dUNCTqV', 'IXZdRxBckn', 'bVQdFQtfnU', 'T3odxBuVLl', 'sKidYLBxgd', 'JFbdmjnn0N', 'z8adic9hgA', 'rtBdcxyQ85'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, Eb7Ux4O91PFitWwr9H.csHigh entropy of concatenated method names: 'L7iIGr3dddYqh6D2ejr', 'bPh9g43c4BhCHy8Y4Fs', 'X8qQ4CJSt1', 'hsoQPvpyDP', 'jn8QuSTL3k', 'XtpGSS3Hl9PKxaXB60u', 'eAXQKR3mIYiHXFn6cfV'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, fgqNIIPrcpCHI5uDFN.csHigh entropy of concatenated method names: 'Dispose', 'Nhp6LtcrJG', 'hyyqU9M4ik', 'OHtnnVmG7F', 'zni6AjaEv5', 'gD66zjfSt5', 'ProcessDialogKey', 'Qs4q9EWooq', 'Hovq6QcK7b', 'E7Aqqg0lE0'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, gvclPxE3myGgBGFUiS.csHigh entropy of concatenated method names: 'Ibp8yZs547', 'GYC8VUNjlS', 'gle8HELW3t', 'e2f8UZhw0B', 'seR8FYeRZB', 'WLy8xit05G', 'UK98mW4feS', 'db88iKnUXf', 'btj8B7ZYjU', 'ieC8hCtmRK'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, EanENxzshKnHO9HR5p.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xWMP8OyHMG', 'SnXP0N4FFs', 'mRWPd1jooC', 'CRlPObPHQ1', 's2WP4kOuji', 'qs3PPPIcW9', 'RQIPuA6KJO'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, bnvJIPxAiuMmmY7jij.csHigh entropy of concatenated method names: 'bYPQKkgdtp', 'V1pQav9StO', 'lttQJIHBIm', 'hSuQ1Ks2iQ', 'axtQ5Zaq8E', 'MwXJ2oSvg6', 'w4bJTRVLL4', 'HgQJr3hNLi', 'XrFJthl0wt', 'zTcJLtgEfb'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, FDC1rbB2ATMI6UxAlE.csHigh entropy of concatenated method names: 'qNZ4HypC0P', 'egi4UkHnkt', 'KOG4RyVbys', 'FpJ4FlIg3L', 'EIU4IiweOL', 'co54xxVaN2', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, sHaqdTV6C6DV6gU8ZFJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BjkuIJrJKU', 'y9KuwX5A7S', 'woTub9ptlA', 'vHZujTisEY', 'pSnu2pjFrx', 'UTPuTCrXve', 'tm8ur4qpT1'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, BAa7GkUpciAVOlBB2k.csHigh entropy of concatenated method names: 'KodOt7S0TF', 'QvVOAXQaXj', 'Y2u49QlgNS', 'tDM46sd0eB', 'XnPOhDj0Ge', 'd64OpHL2QA', 'BIvO3wlPhS', 'VHPOIrJ3JF', 'SrQOwmLcnR', 'xoiObMET1M'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, HnaFvbC1tGdlQYAeKG.csHigh entropy of concatenated method names: 'mr7DEHFCy', 'O3isOErsi', 'lUffTBFE7', 'TJ6CJsCwu', 'gyOVtjrYd', 'al5ND299C', 'xFi7OeV8GJ8Ba233eC', 'N8qcSauDYR3sSbHNMO', 'bul4iyILi', 'uV7uUZCSI'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, cmFlvbqogWKfxVPrjs.csHigh entropy of concatenated method names: 'JDtOkYUeyQ', 'jIeO7BJbQv', 'ToString', 'ETjOW1ufXj', 'qQ2OaEoL2D', 'HVLOXokVX7', 'KWvOJFclF2', 'EkXOQeljdq', 'yPhO1Ig72r', 'CNnO5yQZy5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, kHEbPhMoIXwlkrKXKS.csHigh entropy of concatenated method names: 'RORJlwkg9o', 'rlBJC0BgQs', 'YenXRIKPl5', 'jCNXF5vkmR', 'a52Xxascyj', 'okmXYk81MJ', 'UVwXmguOjd', 'PMUXiHMKHI', 'GHpXcxhnLe', 't8aXBKMYWH'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, FdRfsNw93cYwM4DXXY.csHigh entropy of concatenated method names: 'd5u0ByAqsd', 'jpd0pAXiQp', 'r9d0IqVZIW', 'ndy0wSEc39', 'OpA0UxrRMF', 'ITr0Rk1ZBD', 'mB00FLo9KB', 'iOD0x33fTJ', 'pZh0Y6pv0u', 'b910mscLOf'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, TSMW8beod2uXfNHvE9.csHigh entropy of concatenated method names: 'h2T1vwml0e', 'WFv1g8CqaX', 'Yi01DuMGqT', 'ADf1sXDC8g', 'eZn1lrk9AG', 'JZR1fvrSsa', 'zKq1CbtxVq', 'ibZ1y2S7H3', 'n9p1VVrdIs', 'HEU1NtabaB'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, TiSIAViFjZlMi8PA6B.csHigh entropy of concatenated method names: 'mtO61Lw433', 'ODe65YE8bt', 'koK6kkJFIT', 'zEe67TCKhL', 'MFX60LCB3m', 'dr36dEAVFf', 'G5wAMWQGLmG9YynVVq', 'EhQe1ypWMVQJ8KPOS7', 'GiW66eorik', 'RHs6SrIWKZ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, uot3f4G0Em55SiCbht.csHigh entropy of concatenated method names: 'K1KXsnrx5X', 'LUjXfjZlH4', 'kJIXyyuZPV', 'ydbXVMcqrn', 'uvwX0b5HLa', 'hEpXdK381A', 'TweXO6I8vN', 'UEWX4UGgla', 'StSXPMJiQv', 'YDuXu9AwCV'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, FPGJNivp6BlsUtuZNw.csHigh entropy of concatenated method names: 'iAd4Wb9RPw', 'chb4aKM14u', 'v5q4X8W9bx', 'a0g4JQxdUX', 'qXK4QZSWsa', 'FTm411fOD8', 'hYu45xqSLk', 'vm14ZEQ9MZ', 'rI24kcFwdF', 'N0F47T0Rwy'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, ET3JZPt4iycswEsdNK.csHigh entropy of concatenated method names: 'Ta9SKj6ys5', 'mqbSW5Y2iS', 'EuySaYFVyB', 'sUCSXl0SRB', 'eqlSJRHUx1', 'GHUSQE5bw9', 'jKmS1BBaDj', 't4qS5n40O0', 'v5QSZIrh8a', 'MffSkAKtql'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, KVNCogVQdJeqSo7LfS6.csHigh entropy of concatenated method names: 'FbRPvYQF1t', 'HktPgVFLCN', 'uovPD6ZLSQ', 'VRcPs6KsUr', 'LeYPlRVZvO', 'eYcPf8Exvy', 'ATgPCC7ca6', 'QiyPy2c4t3', 'r4dPVyBRF5', 'n3UPNe8y0R'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, QIfGYTShurHc402uvU.csHigh entropy of concatenated method names: 'YJKaIoECCg', 'Pqdaw8Qytq', 'St1ab32OWI', 'zXXajANFhZ', 'c0Oa2LBq4S', 'DG8aTcvTH4', 'AVYaryAaFK', 'bC7atgO5yJ', 'cRZaLa9aLb', 'sSxaAqlKC5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.2ba44b4.0.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.2badacc.1.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6bd0000.3.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, SCrAtcpBTYfUqOOEoP.csHigh entropy of concatenated method names: 'iXwP60bIkT', 'HjYPSiHHG6', 'wa0Po99et5', 'YqKPWX03xm', 'zuCPag05TR', 'qflPJ2IwPd', 'T6hPQuSrAZ', 'lE14rAduY5', 'eI14tVlHYA', 'lPp4LRfR7k'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, Lg6pkAaYxfI1d02Xwk.csHigh entropy of concatenated method names: 'ToString', 'ujtdh6it2g', 'lI4dUNCTqV', 'IXZdRxBckn', 'bVQdFQtfnU', 'T3odxBuVLl', 'sKidYLBxgd', 'JFbdmjnn0N', 'z8adic9hgA', 'rtBdcxyQ85'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, Eb7Ux4O91PFitWwr9H.csHigh entropy of concatenated method names: 'L7iIGr3dddYqh6D2ejr', 'bPh9g43c4BhCHy8Y4Fs', 'X8qQ4CJSt1', 'hsoQPvpyDP', 'jn8QuSTL3k', 'XtpGSS3Hl9PKxaXB60u', 'eAXQKR3mIYiHXFn6cfV'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, fgqNIIPrcpCHI5uDFN.csHigh entropy of concatenated method names: 'Dispose', 'Nhp6LtcrJG', 'hyyqU9M4ik', 'OHtnnVmG7F', 'zni6AjaEv5', 'gD66zjfSt5', 'ProcessDialogKey', 'Qs4q9EWooq', 'Hovq6QcK7b', 'E7Aqqg0lE0'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, gvclPxE3myGgBGFUiS.csHigh entropy of concatenated method names: 'Ibp8yZs547', 'GYC8VUNjlS', 'gle8HELW3t', 'e2f8UZhw0B', 'seR8FYeRZB', 'WLy8xit05G', 'UK98mW4feS', 'db88iKnUXf', 'btj8B7ZYjU', 'ieC8hCtmRK'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, EanENxzshKnHO9HR5p.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xWMP8OyHMG', 'SnXP0N4FFs', 'mRWPd1jooC', 'CRlPObPHQ1', 's2WP4kOuji', 'qs3PPPIcW9', 'RQIPuA6KJO'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, bnvJIPxAiuMmmY7jij.csHigh entropy of concatenated method names: 'bYPQKkgdtp', 'V1pQav9StO', 'lttQJIHBIm', 'hSuQ1Ks2iQ', 'axtQ5Zaq8E', 'MwXJ2oSvg6', 'w4bJTRVLL4', 'HgQJr3hNLi', 'XrFJthl0wt', 'zTcJLtgEfb'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, FDC1rbB2ATMI6UxAlE.csHigh entropy of concatenated method names: 'qNZ4HypC0P', 'egi4UkHnkt', 'KOG4RyVbys', 'FpJ4FlIg3L', 'EIU4IiweOL', 'co54xxVaN2', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, sHaqdTV6C6DV6gU8ZFJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BjkuIJrJKU', 'y9KuwX5A7S', 'woTub9ptlA', 'vHZujTisEY', 'pSnu2pjFrx', 'UTPuTCrXve', 'tm8ur4qpT1'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, BAa7GkUpciAVOlBB2k.csHigh entropy of concatenated method names: 'KodOt7S0TF', 'QvVOAXQaXj', 'Y2u49QlgNS', 'tDM46sd0eB', 'XnPOhDj0Ge', 'd64OpHL2QA', 'BIvO3wlPhS', 'VHPOIrJ3JF', 'SrQOwmLcnR', 'xoiObMET1M'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, HnaFvbC1tGdlQYAeKG.csHigh entropy of concatenated method names: 'mr7DEHFCy', 'O3isOErsi', 'lUffTBFE7', 'TJ6CJsCwu', 'gyOVtjrYd', 'al5ND299C', 'xFi7OeV8GJ8Ba233eC', 'N8qcSauDYR3sSbHNMO', 'bul4iyILi', 'uV7uUZCSI'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, cmFlvbqogWKfxVPrjs.csHigh entropy of concatenated method names: 'JDtOkYUeyQ', 'jIeO7BJbQv', 'ToString', 'ETjOW1ufXj', 'qQ2OaEoL2D', 'HVLOXokVX7', 'KWvOJFclF2', 'EkXOQeljdq', 'yPhO1Ig72r', 'CNnO5yQZy5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, kHEbPhMoIXwlkrKXKS.csHigh entropy of concatenated method names: 'RORJlwkg9o', 'rlBJC0BgQs', 'YenXRIKPl5', 'jCNXF5vkmR', 'a52Xxascyj', 'okmXYk81MJ', 'UVwXmguOjd', 'PMUXiHMKHI', 'GHpXcxhnLe', 't8aXBKMYWH'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, FdRfsNw93cYwM4DXXY.csHigh entropy of concatenated method names: 'd5u0ByAqsd', 'jpd0pAXiQp', 'r9d0IqVZIW', 'ndy0wSEc39', 'OpA0UxrRMF', 'ITr0Rk1ZBD', 'mB00FLo9KB', 'iOD0x33fTJ', 'pZh0Y6pv0u', 'b910mscLOf'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, TSMW8beod2uXfNHvE9.csHigh entropy of concatenated method names: 'h2T1vwml0e', 'WFv1g8CqaX', 'Yi01DuMGqT', 'ADf1sXDC8g', 'eZn1lrk9AG', 'JZR1fvrSsa', 'zKq1CbtxVq', 'ibZ1y2S7H3', 'n9p1VVrdIs', 'HEU1NtabaB'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, TiSIAViFjZlMi8PA6B.csHigh entropy of concatenated method names: 'mtO61Lw433', 'ODe65YE8bt', 'koK6kkJFIT', 'zEe67TCKhL', 'MFX60LCB3m', 'dr36dEAVFf', 'G5wAMWQGLmG9YynVVq', 'EhQe1ypWMVQJ8KPOS7', 'GiW66eorik', 'RHs6SrIWKZ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, uot3f4G0Em55SiCbht.csHigh entropy of concatenated method names: 'K1KXsnrx5X', 'LUjXfjZlH4', 'kJIXyyuZPV', 'ydbXVMcqrn', 'uvwX0b5HLa', 'hEpXdK381A', 'TweXO6I8vN', 'UEWX4UGgla', 'StSXPMJiQv', 'YDuXu9AwCV'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, FPGJNivp6BlsUtuZNw.csHigh entropy of concatenated method names: 'iAd4Wb9RPw', 'chb4aKM14u', 'v5q4X8W9bx', 'a0g4JQxdUX', 'qXK4QZSWsa', 'FTm411fOD8', 'hYu45xqSLk', 'vm14ZEQ9MZ', 'rI24kcFwdF', 'N0F47T0Rwy'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, ET3JZPt4iycswEsdNK.csHigh entropy of concatenated method names: 'Ta9SKj6ys5', 'mqbSW5Y2iS', 'EuySaYFVyB', 'sUCSXl0SRB', 'eqlSJRHUx1', 'GHUSQE5bw9', 'jKmS1BBaDj', 't4qS5n40O0', 'v5QSZIrh8a', 'MffSkAKtql'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, KVNCogVQdJeqSo7LfS6.csHigh entropy of concatenated method names: 'FbRPvYQF1t', 'HktPgVFLCN', 'uovPD6ZLSQ', 'VRcPs6KsUr', 'LeYPlRVZvO', 'eYcPf8Exvy', 'ATgPCC7ca6', 'QiyPy2c4t3', 'r4dPVyBRF5', 'n3UPNe8y0R'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, QIfGYTShurHc402uvU.csHigh entropy of concatenated method names: 'YJKaIoECCg', 'Pqdaw8Qytq', 'St1ab32OWI', 'zXXajANFhZ', 'c0Oa2LBq4S', 'DG8aTcvTH4', 'AVYaryAaFK', 'bC7atgO5yJ', 'cRZaLa9aLb', 'sSxaAqlKC5'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe PID: 7832, type: MEMORYSTR
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeRDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeRDTSC instruction interceptor: First address: 409B6E second address: 409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeMemory allocated: 29A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeMemory allocated: 2B20000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeMemory allocated: 29C0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeMemory allocated: 7AE0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeMemory allocated: 8AE0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeMemory allocated: 8C90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeMemory allocated: 9C90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_00409AA0 rdtsc 5_2_00409AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeAPI coverage: 0.6 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe TID: 7852Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_00409AA0 rdtsc 5_2_00409AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_01612BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D6154 mov eax, dword ptr fs:[00000030h]5_2_015D6154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D6154 mov eax, dword ptr fs:[00000030h]5_2_015D6154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CC156 mov eax, dword ptr fs:[00000030h]5_2_015CC156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01664144 mov eax, dword ptr fs:[00000030h]5_2_01664144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01664144 mov eax, dword ptr fs:[00000030h]5_2_01664144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01664144 mov ecx, dword ptr fs:[00000030h]5_2_01664144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01664144 mov eax, dword ptr fs:[00000030h]5_2_01664144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01664144 mov eax, dword ptr fs:[00000030h]5_2_01664144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01668158 mov eax, dword ptr fs:[00000030h]5_2_01668158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01600124 mov eax, dword ptr fs:[00000030h]5_2_01600124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01690115 mov eax, dword ptr fs:[00000030h]5_2_01690115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167A118 mov ecx, dword ptr fs:[00000030h]5_2_0167A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167A118 mov eax, dword ptr fs:[00000030h]5_2_0167A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167A118 mov eax, dword ptr fs:[00000030h]5_2_0167A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167A118 mov eax, dword ptr fs:[00000030h]5_2_0167A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A61E5 mov eax, dword ptr fs:[00000030h]5_2_016A61E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016001F8 mov eax, dword ptr fs:[00000030h]5_2_016001F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016961C3 mov eax, dword ptr fs:[00000030h]5_2_016961C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016961C3 mov eax, dword ptr fs:[00000030h]5_2_016961C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E1D0 mov eax, dword ptr fs:[00000030h]5_2_0164E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E1D0 mov eax, dword ptr fs:[00000030h]5_2_0164E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0164E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E1D0 mov eax, dword ptr fs:[00000030h]5_2_0164E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E1D0 mov eax, dword ptr fs:[00000030h]5_2_0164E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CA197 mov eax, dword ptr fs:[00000030h]5_2_015CA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CA197 mov eax, dword ptr fs:[00000030h]5_2_015CA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CA197 mov eax, dword ptr fs:[00000030h]5_2_015CA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0168C188 mov eax, dword ptr fs:[00000030h]5_2_0168C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0168C188 mov eax, dword ptr fs:[00000030h]5_2_0168C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01610185 mov eax, dword ptr fs:[00000030h]5_2_01610185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165019F mov eax, dword ptr fs:[00000030h]5_2_0165019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165019F mov eax, dword ptr fs:[00000030h]5_2_0165019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165019F mov eax, dword ptr fs:[00000030h]5_2_0165019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165019F mov eax, dword ptr fs:[00000030h]5_2_0165019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D2050 mov eax, dword ptr fs:[00000030h]5_2_015D2050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FC073 mov eax, dword ptr fs:[00000030h]5_2_015FC073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01656050 mov eax, dword ptr fs:[00000030h]5_2_01656050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EE016 mov eax, dword ptr fs:[00000030h]5_2_015EE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EE016 mov eax, dword ptr fs:[00000030h]5_2_015EE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EE016 mov eax, dword ptr fs:[00000030h]5_2_015EE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EE016 mov eax, dword ptr fs:[00000030h]5_2_015EE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01666030 mov eax, dword ptr fs:[00000030h]5_2_01666030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01654000 mov ecx, dword ptr fs:[00000030h]5_2_01654000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01672000 mov eax, dword ptr fs:[00000030h]5_2_01672000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01672000 mov eax, dword ptr fs:[00000030h]5_2_01672000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01672000 mov eax, dword ptr fs:[00000030h]5_2_01672000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01672000 mov eax, dword ptr fs:[00000030h]5_2_01672000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01672000 mov eax, dword ptr fs:[00000030h]5_2_01672000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01672000 mov eax, dword ptr fs:[00000030h]5_2_01672000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01672000 mov eax, dword ptr fs:[00000030h]5_2_01672000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01672000 mov eax, dword ptr fs:[00000030h]5_2_01672000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CA020 mov eax, dword ptr fs:[00000030h]5_2_015CA020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CC020 mov eax, dword ptr fs:[00000030h]5_2_015CC020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016560E0 mov eax, dword ptr fs:[00000030h]5_2_016560E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016120F0 mov ecx, dword ptr fs:[00000030h]5_2_016120F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CC0F0 mov eax, dword ptr fs:[00000030h]5_2_015CC0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D80E9 mov eax, dword ptr fs:[00000030h]5_2_015D80E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016520DE mov eax, dword ptr fs:[00000030h]5_2_016520DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CA0E3 mov ecx, dword ptr fs:[00000030h]5_2_015CA0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016680A8 mov eax, dword ptr fs:[00000030h]5_2_016680A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016960B8 mov eax, dword ptr fs:[00000030h]5_2_016960B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016960B8 mov ecx, dword ptr fs:[00000030h]5_2_016960B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D208A mov eax, dword ptr fs:[00000030h]5_2_015D208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167437C mov eax, dword ptr fs:[00000030h]5_2_0167437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01652349 mov eax, dword ptr fs:[00000030h]5_2_01652349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165035C mov eax, dword ptr fs:[00000030h]5_2_0165035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165035C mov eax, dword ptr fs:[00000030h]5_2_0165035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165035C mov eax, dword ptr fs:[00000030h]5_2_0165035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165035C mov ecx, dword ptr fs:[00000030h]5_2_0165035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165035C mov eax, dword ptr fs:[00000030h]5_2_0165035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165035C mov eax, dword ptr fs:[00000030h]5_2_0165035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169A352 mov eax, dword ptr fs:[00000030h]5_2_0169A352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CC310 mov ecx, dword ptr fs:[00000030h]5_2_015CC310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F0310 mov ecx, dword ptr fs:[00000030h]5_2_015F0310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A30B mov eax, dword ptr fs:[00000030h]5_2_0160A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A30B mov eax, dword ptr fs:[00000030h]5_2_0160A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A30B mov eax, dword ptr fs:[00000030h]5_2_0160A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA3C0 mov eax, dword ptr fs:[00000030h]5_2_015DA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA3C0 mov eax, dword ptr fs:[00000030h]5_2_015DA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA3C0 mov eax, dword ptr fs:[00000030h]5_2_015DA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA3C0 mov eax, dword ptr fs:[00000030h]5_2_015DA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA3C0 mov eax, dword ptr fs:[00000030h]5_2_015DA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA3C0 mov eax, dword ptr fs:[00000030h]5_2_015DA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D83C0 mov eax, dword ptr fs:[00000030h]5_2_015D83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D83C0 mov eax, dword ptr fs:[00000030h]5_2_015D83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D83C0 mov eax, dword ptr fs:[00000030h]5_2_015D83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D83C0 mov eax, dword ptr fs:[00000030h]5_2_015D83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016063FF mov eax, dword ptr fs:[00000030h]5_2_016063FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0168C3CD mov eax, dword ptr fs:[00000030h]5_2_0168C3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016563C0 mov eax, dword ptr fs:[00000030h]5_2_016563C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EE3F0 mov eax, dword ptr fs:[00000030h]5_2_015EE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EE3F0 mov eax, dword ptr fs:[00000030h]5_2_015EE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EE3F0 mov eax, dword ptr fs:[00000030h]5_2_015EE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016743D4 mov eax, dword ptr fs:[00000030h]5_2_016743D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016743D4 mov eax, dword ptr fs:[00000030h]5_2_016743D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E03E9 mov eax, dword ptr fs:[00000030h]5_2_015E03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E03E9 mov eax, dword ptr fs:[00000030h]5_2_015E03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E03E9 mov eax, dword ptr fs:[00000030h]5_2_015E03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E03E9 mov eax, dword ptr fs:[00000030h]5_2_015E03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E03E9 mov eax, dword ptr fs:[00000030h]5_2_015E03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E03E9 mov eax, dword ptr fs:[00000030h]5_2_015E03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E03E9 mov eax, dword ptr fs:[00000030h]5_2_015E03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E03E9 mov eax, dword ptr fs:[00000030h]5_2_015E03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C8397 mov eax, dword ptr fs:[00000030h]5_2_015C8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C8397 mov eax, dword ptr fs:[00000030h]5_2_015C8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C8397 mov eax, dword ptr fs:[00000030h]5_2_015C8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F438F mov eax, dword ptr fs:[00000030h]5_2_015F438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F438F mov eax, dword ptr fs:[00000030h]5_2_015F438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CE388 mov eax, dword ptr fs:[00000030h]5_2_015CE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CE388 mov eax, dword ptr fs:[00000030h]5_2_015CE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CE388 mov eax, dword ptr fs:[00000030h]5_2_015CE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D6259 mov eax, dword ptr fs:[00000030h]5_2_015D6259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CA250 mov eax, dword ptr fs:[00000030h]5_2_015CA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01680274 mov eax, dword ptr fs:[00000030h]5_2_01680274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01658243 mov eax, dword ptr fs:[00000030h]5_2_01658243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01658243 mov ecx, dword ptr fs:[00000030h]5_2_01658243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C826B mov eax, dword ptr fs:[00000030h]5_2_015C826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D4260 mov eax, dword ptr fs:[00000030h]5_2_015D4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D4260 mov eax, dword ptr fs:[00000030h]5_2_015D4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D4260 mov eax, dword ptr fs:[00000030h]5_2_015D4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C823B mov eax, dword ptr fs:[00000030h]5_2_015C823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA2C3 mov eax, dword ptr fs:[00000030h]5_2_015DA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA2C3 mov eax, dword ptr fs:[00000030h]5_2_015DA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA2C3 mov eax, dword ptr fs:[00000030h]5_2_015DA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA2C3 mov eax, dword ptr fs:[00000030h]5_2_015DA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA2C3 mov eax, dword ptr fs:[00000030h]5_2_015DA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E02E1 mov eax, dword ptr fs:[00000030h]5_2_015E02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E02E1 mov eax, dword ptr fs:[00000030h]5_2_015E02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E02E1 mov eax, dword ptr fs:[00000030h]5_2_015E02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016662A0 mov eax, dword ptr fs:[00000030h]5_2_016662A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016662A0 mov ecx, dword ptr fs:[00000030h]5_2_016662A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016662A0 mov eax, dword ptr fs:[00000030h]5_2_016662A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016662A0 mov eax, dword ptr fs:[00000030h]5_2_016662A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016662A0 mov eax, dword ptr fs:[00000030h]5_2_016662A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016662A0 mov eax, dword ptr fs:[00000030h]5_2_016662A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E284 mov eax, dword ptr fs:[00000030h]5_2_0160E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E284 mov eax, dword ptr fs:[00000030h]5_2_0160E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01650283 mov eax, dword ptr fs:[00000030h]5_2_01650283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01650283 mov eax, dword ptr fs:[00000030h]5_2_01650283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01650283 mov eax, dword ptr fs:[00000030h]5_2_01650283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E02A0 mov eax, dword ptr fs:[00000030h]5_2_015E02A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E02A0 mov eax, dword ptr fs:[00000030h]5_2_015E02A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160656A mov eax, dword ptr fs:[00000030h]5_2_0160656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160656A mov eax, dword ptr fs:[00000030h]5_2_0160656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160656A mov eax, dword ptr fs:[00000030h]5_2_0160656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8550 mov eax, dword ptr fs:[00000030h]5_2_015D8550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8550 mov eax, dword ptr fs:[00000030h]5_2_015D8550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE53E mov eax, dword ptr fs:[00000030h]5_2_015FE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE53E mov eax, dword ptr fs:[00000030h]5_2_015FE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE53E mov eax, dword ptr fs:[00000030h]5_2_015FE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE53E mov eax, dword ptr fs:[00000030h]5_2_015FE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE53E mov eax, dword ptr fs:[00000030h]5_2_015FE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01666500 mov eax, dword ptr fs:[00000030h]5_2_01666500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A4500 mov eax, dword ptr fs:[00000030h]5_2_016A4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A4500 mov eax, dword ptr fs:[00000030h]5_2_016A4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A4500 mov eax, dword ptr fs:[00000030h]5_2_016A4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A4500 mov eax, dword ptr fs:[00000030h]5_2_016A4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A4500 mov eax, dword ptr fs:[00000030h]5_2_016A4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A4500 mov eax, dword ptr fs:[00000030h]5_2_016A4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A4500 mov eax, dword ptr fs:[00000030h]5_2_016A4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0535 mov eax, dword ptr fs:[00000030h]5_2_015E0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0535 mov eax, dword ptr fs:[00000030h]5_2_015E0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0535 mov eax, dword ptr fs:[00000030h]5_2_015E0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0535 mov eax, dword ptr fs:[00000030h]5_2_015E0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0535 mov eax, dword ptr fs:[00000030h]5_2_015E0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0535 mov eax, dword ptr fs:[00000030h]5_2_015E0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D65D0 mov eax, dword ptr fs:[00000030h]5_2_015D65D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160C5ED mov eax, dword ptr fs:[00000030h]5_2_0160C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160C5ED mov eax, dword ptr fs:[00000030h]5_2_0160C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E5CF mov eax, dword ptr fs:[00000030h]5_2_0160E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E5CF mov eax, dword ptr fs:[00000030h]5_2_0160E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A5D0 mov eax, dword ptr fs:[00000030h]5_2_0160A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A5D0 mov eax, dword ptr fs:[00000030h]5_2_0160A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE5E7 mov eax, dword ptr fs:[00000030h]5_2_015FE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE5E7 mov eax, dword ptr fs:[00000030h]5_2_015FE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE5E7 mov eax, dword ptr fs:[00000030h]5_2_015FE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE5E7 mov eax, dword ptr fs:[00000030h]5_2_015FE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE5E7 mov eax, dword ptr fs:[00000030h]5_2_015FE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE5E7 mov eax, dword ptr fs:[00000030h]5_2_015FE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE5E7 mov eax, dword ptr fs:[00000030h]5_2_015FE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE5E7 mov eax, dword ptr fs:[00000030h]5_2_015FE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D25E0 mov eax, dword ptr fs:[00000030h]5_2_015D25E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016505A7 mov eax, dword ptr fs:[00000030h]5_2_016505A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016505A7 mov eax, dword ptr fs:[00000030h]5_2_016505A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016505A7 mov eax, dword ptr fs:[00000030h]5_2_016505A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D2582 mov eax, dword ptr fs:[00000030h]5_2_015D2582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D2582 mov ecx, dword ptr fs:[00000030h]5_2_015D2582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01604588 mov eax, dword ptr fs:[00000030h]5_2_01604588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F45B1 mov eax, dword ptr fs:[00000030h]5_2_015F45B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F45B1 mov eax, dword ptr fs:[00000030h]5_2_015F45B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E59C mov eax, dword ptr fs:[00000030h]5_2_0160E59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C645D mov eax, dword ptr fs:[00000030h]5_2_015C645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F245A mov eax, dword ptr fs:[00000030h]5_2_015F245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165C460 mov ecx, dword ptr fs:[00000030h]5_2_0165C460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E443 mov eax, dword ptr fs:[00000030h]5_2_0160E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E443 mov eax, dword ptr fs:[00000030h]5_2_0160E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E443 mov eax, dword ptr fs:[00000030h]5_2_0160E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E443 mov eax, dword ptr fs:[00000030h]5_2_0160E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E443 mov eax, dword ptr fs:[00000030h]5_2_0160E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E443 mov eax, dword ptr fs:[00000030h]5_2_0160E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E443 mov eax, dword ptr fs:[00000030h]5_2_0160E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160E443 mov eax, dword ptr fs:[00000030h]5_2_0160E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FA470 mov eax, dword ptr fs:[00000030h]5_2_015FA470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FA470 mov eax, dword ptr fs:[00000030h]5_2_015FA470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FA470 mov eax, dword ptr fs:[00000030h]5_2_015FA470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01656420 mov eax, dword ptr fs:[00000030h]5_2_01656420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01656420 mov eax, dword ptr fs:[00000030h]5_2_01656420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01656420 mov eax, dword ptr fs:[00000030h]5_2_01656420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01656420 mov eax, dword ptr fs:[00000030h]5_2_01656420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01656420 mov eax, dword ptr fs:[00000030h]5_2_01656420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01656420 mov eax, dword ptr fs:[00000030h]5_2_01656420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01656420 mov eax, dword ptr fs:[00000030h]5_2_01656420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A430 mov eax, dword ptr fs:[00000030h]5_2_0160A430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01608402 mov eax, dword ptr fs:[00000030h]5_2_01608402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01608402 mov eax, dword ptr fs:[00000030h]5_2_01608402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01608402 mov eax, dword ptr fs:[00000030h]5_2_01608402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CC427 mov eax, dword ptr fs:[00000030h]5_2_015CC427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CE420 mov eax, dword ptr fs:[00000030h]5_2_015CE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CE420 mov eax, dword ptr fs:[00000030h]5_2_015CE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CE420 mov eax, dword ptr fs:[00000030h]5_2_015CE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D04E5 mov ecx, dword ptr fs:[00000030h]5_2_015D04E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016044B0 mov ecx, dword ptr fs:[00000030h]5_2_016044B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165A4B0 mov eax, dword ptr fs:[00000030h]5_2_0165A4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D64AB mov eax, dword ptr fs:[00000030h]5_2_015D64AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0750 mov eax, dword ptr fs:[00000030h]5_2_015D0750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160674D mov esi, dword ptr fs:[00000030h]5_2_0160674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160674D mov eax, dword ptr fs:[00000030h]5_2_0160674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160674D mov eax, dword ptr fs:[00000030h]5_2_0160674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8770 mov eax, dword ptr fs:[00000030h]5_2_015D8770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0770 mov eax, dword ptr fs:[00000030h]5_2_015E0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01654755 mov eax, dword ptr fs:[00000030h]5_2_01654755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612750 mov eax, dword ptr fs:[00000030h]5_2_01612750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612750 mov eax, dword ptr fs:[00000030h]5_2_01612750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165E75D mov eax, dword ptr fs:[00000030h]5_2_0165E75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160C720 mov eax, dword ptr fs:[00000030h]5_2_0160C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160C720 mov eax, dword ptr fs:[00000030h]5_2_0160C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0710 mov eax, dword ptr fs:[00000030h]5_2_015D0710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164C730 mov eax, dword ptr fs:[00000030h]5_2_0164C730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160273C mov eax, dword ptr fs:[00000030h]5_2_0160273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160273C mov ecx, dword ptr fs:[00000030h]5_2_0160273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160273C mov eax, dword ptr fs:[00000030h]5_2_0160273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160C700 mov eax, dword ptr fs:[00000030h]5_2_0160C700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01600710 mov eax, dword ptr fs:[00000030h]5_2_01600710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165E7E1 mov eax, dword ptr fs:[00000030h]5_2_0165E7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DC7C0 mov eax, dword ptr fs:[00000030h]5_2_015DC7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016507C3 mov eax, dword ptr fs:[00000030h]5_2_016507C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D47FB mov eax, dword ptr fs:[00000030h]5_2_015D47FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D47FB mov eax, dword ptr fs:[00000030h]5_2_015D47FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F27ED mov eax, dword ptr fs:[00000030h]5_2_015F27ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F27ED mov eax, dword ptr fs:[00000030h]5_2_015F27ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F27ED mov eax, dword ptr fs:[00000030h]5_2_015F27ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D07AF mov eax, dword ptr fs:[00000030h]5_2_015D07AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A660 mov eax, dword ptr fs:[00000030h]5_2_0160A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A660 mov eax, dword ptr fs:[00000030h]5_2_0160A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169866E mov eax, dword ptr fs:[00000030h]5_2_0169866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169866E mov eax, dword ptr fs:[00000030h]5_2_0169866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01602674 mov eax, dword ptr fs:[00000030h]5_2_01602674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EC640 mov eax, dword ptr fs:[00000030h]5_2_015EC640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01606620 mov eax, dword ptr fs:[00000030h]5_2_01606620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01608620 mov eax, dword ptr fs:[00000030h]5_2_01608620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E609 mov eax, dword ptr fs:[00000030h]5_2_0164E609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D262C mov eax, dword ptr fs:[00000030h]5_2_015D262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01612619 mov eax, dword ptr fs:[00000030h]5_2_01612619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EE627 mov eax, dword ptr fs:[00000030h]5_2_015EE627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016506F1 mov eax, dword ptr fs:[00000030h]5_2_016506F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016506F1 mov eax, dword ptr fs:[00000030h]5_2_016506F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E6F2 mov eax, dword ptr fs:[00000030h]5_2_0164E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E6F2 mov eax, dword ptr fs:[00000030h]5_2_0164E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E6F2 mov eax, dword ptr fs:[00000030h]5_2_0164E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E6F2 mov eax, dword ptr fs:[00000030h]5_2_0164E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A6C7 mov ebx, dword ptr fs:[00000030h]5_2_0160A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A6C7 mov eax, dword ptr fs:[00000030h]5_2_0160A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160C6A6 mov eax, dword ptr fs:[00000030h]5_2_0160C6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D4690 mov eax, dword ptr fs:[00000030h]5_2_015D4690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D4690 mov eax, dword ptr fs:[00000030h]5_2_015D4690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016066B0 mov eax, dword ptr fs:[00000030h]5_2_016066B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0161096E mov eax, dword ptr fs:[00000030h]5_2_0161096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0161096E mov edx, dword ptr fs:[00000030h]5_2_0161096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0161096E mov eax, dword ptr fs:[00000030h]5_2_0161096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165C97C mov eax, dword ptr fs:[00000030h]5_2_0165C97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01674978 mov eax, dword ptr fs:[00000030h]5_2_01674978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01674978 mov eax, dword ptr fs:[00000030h]5_2_01674978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01650946 mov eax, dword ptr fs:[00000030h]5_2_01650946
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F6962 mov eax, dword ptr fs:[00000030h]5_2_015F6962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F6962 mov eax, dword ptr fs:[00000030h]5_2_015F6962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F6962 mov eax, dword ptr fs:[00000030h]5_2_015F6962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C8918 mov eax, dword ptr fs:[00000030h]5_2_015C8918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C8918 mov eax, dword ptr fs:[00000030h]5_2_015C8918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0166892B mov eax, dword ptr fs:[00000030h]5_2_0166892B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165892A mov eax, dword ptr fs:[00000030h]5_2_0165892A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E908 mov eax, dword ptr fs:[00000030h]5_2_0164E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164E908 mov eax, dword ptr fs:[00000030h]5_2_0164E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165C912 mov eax, dword ptr fs:[00000030h]5_2_0165C912
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165E9E0 mov eax, dword ptr fs:[00000030h]5_2_0165E9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA9D0 mov eax, dword ptr fs:[00000030h]5_2_015DA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA9D0 mov eax, dword ptr fs:[00000030h]5_2_015DA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA9D0 mov eax, dword ptr fs:[00000030h]5_2_015DA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA9D0 mov eax, dword ptr fs:[00000030h]5_2_015DA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA9D0 mov eax, dword ptr fs:[00000030h]5_2_015DA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DA9D0 mov eax, dword ptr fs:[00000030h]5_2_015DA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016029F9 mov eax, dword ptr fs:[00000030h]5_2_016029F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016029F9 mov eax, dword ptr fs:[00000030h]5_2_016029F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016669C0 mov eax, dword ptr fs:[00000030h]5_2_016669C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016049D0 mov eax, dword ptr fs:[00000030h]5_2_016049D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169A9D3 mov eax, dword ptr fs:[00000030h]5_2_0169A9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016589B3 mov esi, dword ptr fs:[00000030h]5_2_016589B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016589B3 mov eax, dword ptr fs:[00000030h]5_2_016589B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016589B3 mov eax, dword ptr fs:[00000030h]5_2_016589B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D09AD mov eax, dword ptr fs:[00000030h]5_2_015D09AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D09AD mov eax, dword ptr fs:[00000030h]5_2_015D09AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E29A0 mov eax, dword ptr fs:[00000030h]5_2_015E29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D4859 mov eax, dword ptr fs:[00000030h]5_2_015D4859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D4859 mov eax, dword ptr fs:[00000030h]5_2_015D4859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01666870 mov eax, dword ptr fs:[00000030h]5_2_01666870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01666870 mov eax, dword ptr fs:[00000030h]5_2_01666870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165E872 mov eax, dword ptr fs:[00000030h]5_2_0165E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165E872 mov eax, dword ptr fs:[00000030h]5_2_0165E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E2840 mov ecx, dword ptr fs:[00000030h]5_2_015E2840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01600854 mov eax, dword ptr fs:[00000030h]5_2_01600854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160A830 mov eax, dword ptr fs:[00000030h]5_2_0160A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167483A mov eax, dword ptr fs:[00000030h]5_2_0167483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167483A mov eax, dword ptr fs:[00000030h]5_2_0167483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F2835 mov eax, dword ptr fs:[00000030h]5_2_015F2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F2835 mov eax, dword ptr fs:[00000030h]5_2_015F2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F2835 mov eax, dword ptr fs:[00000030h]5_2_015F2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F2835 mov ecx, dword ptr fs:[00000030h]5_2_015F2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F2835 mov eax, dword ptr fs:[00000030h]5_2_015F2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F2835 mov eax, dword ptr fs:[00000030h]5_2_015F2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165C810 mov eax, dword ptr fs:[00000030h]5_2_0165C810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169A8E4 mov eax, dword ptr fs:[00000030h]5_2_0169A8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160C8F9 mov eax, dword ptr fs:[00000030h]5_2_0160C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160C8F9 mov eax, dword ptr fs:[00000030h]5_2_0160C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FE8C0 mov eax, dword ptr fs:[00000030h]5_2_015FE8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0887 mov eax, dword ptr fs:[00000030h]5_2_015D0887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165C89D mov eax, dword ptr fs:[00000030h]5_2_0165C89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CCB7E mov eax, dword ptr fs:[00000030h]5_2_015CCB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01678B42 mov eax, dword ptr fs:[00000030h]5_2_01678B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01666B40 mov eax, dword ptr fs:[00000030h]5_2_01666B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01666B40 mov eax, dword ptr fs:[00000030h]5_2_01666B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0169AB40 mov eax, dword ptr fs:[00000030h]5_2_0169AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01698B28 mov eax, dword ptr fs:[00000030h]5_2_01698B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01698B28 mov eax, dword ptr fs:[00000030h]5_2_01698B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164EB1D mov eax, dword ptr fs:[00000030h]5_2_0164EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164EB1D mov eax, dword ptr fs:[00000030h]5_2_0164EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164EB1D mov eax, dword ptr fs:[00000030h]5_2_0164EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164EB1D mov eax, dword ptr fs:[00000030h]5_2_0164EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164EB1D mov eax, dword ptr fs:[00000030h]5_2_0164EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164EB1D mov eax, dword ptr fs:[00000030h]5_2_0164EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164EB1D mov eax, dword ptr fs:[00000030h]5_2_0164EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164EB1D mov eax, dword ptr fs:[00000030h]5_2_0164EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164EB1D mov eax, dword ptr fs:[00000030h]5_2_0164EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FEB20 mov eax, dword ptr fs:[00000030h]5_2_015FEB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FEB20 mov eax, dword ptr fs:[00000030h]5_2_015FEB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0BCD mov eax, dword ptr fs:[00000030h]5_2_015D0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0BCD mov eax, dword ptr fs:[00000030h]5_2_015D0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0BCD mov eax, dword ptr fs:[00000030h]5_2_015D0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F0BCB mov eax, dword ptr fs:[00000030h]5_2_015F0BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F0BCB mov eax, dword ptr fs:[00000030h]5_2_015F0BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F0BCB mov eax, dword ptr fs:[00000030h]5_2_015F0BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165CBF0 mov eax, dword ptr fs:[00000030h]5_2_0165CBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FEBFC mov eax, dword ptr fs:[00000030h]5_2_015FEBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8BF0 mov eax, dword ptr fs:[00000030h]5_2_015D8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8BF0 mov eax, dword ptr fs:[00000030h]5_2_015D8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8BF0 mov eax, dword ptr fs:[00000030h]5_2_015D8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0167EBD0 mov eax, dword ptr fs:[00000030h]5_2_0167EBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0BBE mov eax, dword ptr fs:[00000030h]5_2_015E0BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0BBE mov eax, dword ptr fs:[00000030h]5_2_015E0BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0A5B mov eax, dword ptr fs:[00000030h]5_2_015E0A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015E0A5B mov eax, dword ptr fs:[00000030h]5_2_015E0A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D6A50 mov eax, dword ptr fs:[00000030h]5_2_015D6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D6A50 mov eax, dword ptr fs:[00000030h]5_2_015D6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D6A50 mov eax, dword ptr fs:[00000030h]5_2_015D6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D6A50 mov eax, dword ptr fs:[00000030h]5_2_015D6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D6A50 mov eax, dword ptr fs:[00000030h]5_2_015D6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D6A50 mov eax, dword ptr fs:[00000030h]5_2_015D6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D6A50 mov eax, dword ptr fs:[00000030h]5_2_015D6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160CA6F mov eax, dword ptr fs:[00000030h]5_2_0160CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160CA6F mov eax, dword ptr fs:[00000030h]5_2_0160CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160CA6F mov eax, dword ptr fs:[00000030h]5_2_0160CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164CA72 mov eax, dword ptr fs:[00000030h]5_2_0164CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0164CA72 mov eax, dword ptr fs:[00000030h]5_2_0164CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160CA24 mov eax, dword ptr fs:[00000030h]5_2_0160CA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160CA38 mov eax, dword ptr fs:[00000030h]5_2_0160CA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F4A35 mov eax, dword ptr fs:[00000030h]5_2_015F4A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F4A35 mov eax, dword ptr fs:[00000030h]5_2_015F4A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FEA2E mov eax, dword ptr fs:[00000030h]5_2_015FEA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0165CA11 mov eax, dword ptr fs:[00000030h]5_2_0165CA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0AD0 mov eax, dword ptr fs:[00000030h]5_2_015D0AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160AAEE mov eax, dword ptr fs:[00000030h]5_2_0160AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160AAEE mov eax, dword ptr fs:[00000030h]5_2_0160AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01626ACC mov eax, dword ptr fs:[00000030h]5_2_01626ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01626ACC mov eax, dword ptr fs:[00000030h]5_2_01626ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01626ACC mov eax, dword ptr fs:[00000030h]5_2_01626ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01604AD0 mov eax, dword ptr fs:[00000030h]5_2_01604AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01604AD0 mov eax, dword ptr fs:[00000030h]5_2_01604AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01626AA4 mov eax, dword ptr fs:[00000030h]5_2_01626AA4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DEA80 mov eax, dword ptr fs:[00000030h]5_2_015DEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DEA80 mov eax, dword ptr fs:[00000030h]5_2_015DEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DEA80 mov eax, dword ptr fs:[00000030h]5_2_015DEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DEA80 mov eax, dword ptr fs:[00000030h]5_2_015DEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DEA80 mov eax, dword ptr fs:[00000030h]5_2_015DEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DEA80 mov eax, dword ptr fs:[00000030h]5_2_015DEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DEA80 mov eax, dword ptr fs:[00000030h]5_2_015DEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DEA80 mov eax, dword ptr fs:[00000030h]5_2_015DEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DEA80 mov eax, dword ptr fs:[00000030h]5_2_015DEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A4A80 mov eax, dword ptr fs:[00000030h]5_2_016A4A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01608A90 mov edx, dword ptr fs:[00000030h]5_2_01608A90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8AA0 mov eax, dword ptr fs:[00000030h]5_2_015D8AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8AA0 mov eax, dword ptr fs:[00000030h]5_2_015D8AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0D59 mov eax, dword ptr fs:[00000030h]5_2_015D0D59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0D59 mov eax, dword ptr fs:[00000030h]5_2_015D0D59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D0D59 mov eax, dword ptr fs:[00000030h]5_2_015D0D59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8D59 mov eax, dword ptr fs:[00000030h]5_2_015D8D59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8D59 mov eax, dword ptr fs:[00000030h]5_2_015D8D59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8D59 mov eax, dword ptr fs:[00000030h]5_2_015D8D59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8D59 mov eax, dword ptr fs:[00000030h]5_2_015D8D59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015D8D59 mov eax, dword ptr fs:[00000030h]5_2_015D8D59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01668D6B mov eax, dword ptr fs:[00000030h]5_2_01668D6B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01658D20 mov eax, dword ptr fs:[00000030h]5_2_01658D20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C6D10 mov eax, dword ptr fs:[00000030h]5_2_015C6D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C6D10 mov eax, dword ptr fs:[00000030h]5_2_015C6D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C6D10 mov eax, dword ptr fs:[00000030h]5_2_015C6D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EAD00 mov eax, dword ptr fs:[00000030h]5_2_015EAD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EAD00 mov eax, dword ptr fs:[00000030h]5_2_015EAD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015EAD00 mov eax, dword ptr fs:[00000030h]5_2_015EAD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01688D10 mov eax, dword ptr fs:[00000030h]5_2_01688D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01688D10 mov eax, dword ptr fs:[00000030h]5_2_01688D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01604D1D mov eax, dword ptr fs:[00000030h]5_2_01604D1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FEDD3 mov eax, dword ptr fs:[00000030h]5_2_015FEDD3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FEDD3 mov eax, dword ptr fs:[00000030h]5_2_015FEDD3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01670DF0 mov eax, dword ptr fs:[00000030h]5_2_01670DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01670DF0 mov eax, dword ptr fs:[00000030h]5_2_01670DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015C6DF6 mov eax, dword ptr fs:[00000030h]5_2_015C6DF6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FCDF0 mov eax, dword ptr fs:[00000030h]5_2_015FCDF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015FCDF0 mov ecx, dword ptr fs:[00000030h]5_2_015FCDF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01654DD7 mov eax, dword ptr fs:[00000030h]5_2_01654DD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01654DD7 mov eax, dword ptr fs:[00000030h]5_2_01654DD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CCDEA mov eax, dword ptr fs:[00000030h]5_2_015CCDEA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015CCDEA mov eax, dword ptr fs:[00000030h]5_2_015CCDEA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DADE0 mov eax, dword ptr fs:[00000030h]5_2_015DADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DADE0 mov eax, dword ptr fs:[00000030h]5_2_015DADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DADE0 mov eax, dword ptr fs:[00000030h]5_2_015DADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DADE0 mov eax, dword ptr fs:[00000030h]5_2_015DADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DADE0 mov eax, dword ptr fs:[00000030h]5_2_015DADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015DADE0 mov eax, dword ptr fs:[00000030h]5_2_015DADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_015F0DE1 mov eax, dword ptr fs:[00000030h]5_2_015F0DE1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01606DA0 mov eax, dword ptr fs:[00000030h]5_2_01606DA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01698DAE mov eax, dword ptr fs:[00000030h]5_2_01698DAE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_01698DAE mov eax, dword ptr fs:[00000030h]5_2_01698DAE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_016A4DAD mov eax, dword ptr fs:[00000030h]5_2_016A4DAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160CDB1 mov ecx, dword ptr fs:[00000030h]5_2_0160CDB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeCode function: 5_2_0160CDB1 mov eax, dword ptr fs:[00000030h]5_2_0160CDB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		11
          Process Injection          		1
          Masquerading          		OS Credential Dumping12
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable Media1
          Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
          Process Injection          		NTDS112
          System Information Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
          Obfuscated Files or Information          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe37%ReversingLabsWin32.Backdoor.FormBook
          SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.awlc7038.vip/b31a/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.awlc7038.vip/b31a/true
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1519366
          Start date and time:2024-09-26 12:22:18 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 6m 14s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:10
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@7/1@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 34
          • Number of non-executed functions: 266
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

          Simulations

          Behavior and APIs

          TimeTypeDescription
          06:23:23API Interceptor1x Sleep call for process: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.log

          Download File
          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1216
          Entropy (8bit):5.34331486778365
          Encrypted:false
          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
          MD5:1330C80CAAC9A0FB172F202485E9B1E8
          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
          Malicious:true
          Reputation:high, very likely benign file
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):7.840103659932688
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          • Win32 Executable (generic) a (10002005/4) 49.78%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Generic Win/DOS Executable (2004/3) 0.01%
          • DOS Executable Generic (2002/1) 0.01%
          File name:SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          File size:589'312 bytes
          MD5:8825b50e377782c6c889c43998b31555
          SHA1:3d23cbc80c53b1fbf382e08d39ecf5f77d0d3419
          SHA256:aaad2261843429b4a8574c5c3fd1a80e2462fab4abdd1581eb4dacca34084882
          SHA512:864e8c8ba8d279e8764a9411914d95da99526104c9b07ae92c36b0ed1c7a9b34fcd212a622429a23313af9e61854f5c28bb2d71778d9fd1614f1c7325560e81b
          SSDEEP:12288:VU01JG3ZdnU/XhUgzPma5dt6NCttGpXQ+apuaFxnkeZe1tdtTJ:VXPGrnUZUsOa5dtmC4Q+A7hZe1
          TLSH:97C41289269DCE27D4AB47F40960D1B043B99DD9B622D213EFEA3DFBBC6B7440440792
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^a...............0.................. ... ....@.. .......................`............@................................

          File Icon

          Icon Hash:90cececece8e8eb0

          Static PE Info

          General

          Entrypoint:0x491206
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0xD1615EA2 [Fri Apr 25 15:09:22 2081 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Entrypoint Preview

          Instruction
          jmp dword ptr [00402000h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x911b10x4f.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x920000x5bc.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x940000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x8fb480x70.text
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000x8f20c0x8f400d4e8df8d8dd8f67aa44770765043d38cFalse0.9304493210078534data7.848663363935903IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rsrc0x920000x5bc0x6001bc2dfabece327d7888afab73570bd32False0.421875data4.110999528820951IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0x940000xc0x2006084843ab3adb18f6504406ea83dd35eFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_VERSION0x920900x32cdata0.42857142857142855
          RT_MANIFEST0x923cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

          Imports

          DLLImport
          mscoree.dll_CorExeMain

          Network Behavior

          No network behavior found

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:06:23:23
          Start date:26/09/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
          Imagebase:0x6f0000
          File size:589'312 bytes
          MD5 hash:8825B50E377782C6C889C43998B31555
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
          Reputation:low
          Has exited:true

          General

          Target ID:3
          Start time:06:23:24
          Start date:26/09/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
          Imagebase:0x180000
          File size:589'312 bytes
          MD5 hash:8825B50E377782C6C889C43998B31555
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:4
          Start time:06:23:24
          Start date:26/09/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
          Imagebase:0x140000
          File size:589'312 bytes
          MD5 hash:8825B50E377782C6C889C43998B31555
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:5
          Start time:06:23:24
          Start date:26/09/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
          Imagebase:0xb40000
          File size:589'312 bytes
          MD5 hash:8825B50E377782C6C889C43998B31555
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
          Reputation:low
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:8.9%
            Dynamic/Decrypted Code Coverage:100%
            Signature Coverage:0%
            Total number of Nodes:91
            Total number of Limit Nodes:10
            execution_graph 30966 6d01670 30968 6d01671 30966->30968 30967 6d017fb 30968->30967 30971 6d018f0 PostMessageW 30968->30971 30973 6d018ea PostMessageW 30968->30973 30972 6d0195c 30971->30972 30972->30968 30974 6d0195c 30973->30974 30974->30968 31028 6d039e0 31029 6d03a08 31028->31029 31030 6d039fe 31028->31030 31033 6d03a33 31030->31033 31038 6d03a48 31030->31038 31034 6d03a56 31033->31034 31037 6d03a75 31033->31037 31043 6d0323c 31034->31043 31037->31029 31039 6d03a56 31038->31039 31042 6d03a75 31038->31042 31040 6d0323c CloseHandle 31039->31040 31041 6d03a71 31040->31041 31041->31029 31042->31029 31044 6d03bc0 CloseHandle 31043->31044 31045 6d03a71 31044->31045 31045->31029 31046 29a4668 31047 29a467a 31046->31047 31048 29a4686 31047->31048 31050 29a4779 31047->31050 31051 29a479d 31050->31051 31055 29a4888 31051->31055 31059 29a4879 31051->31059 31056 29a48af 31055->31056 31057 29a498c 31056->31057 31063 29a44b4 31056->31063 31061 29a48af 31059->31061 31060 29a498c 31060->31060 31061->31060 31062 29a44b4 CreateActCtxA 31061->31062 31062->31060 31064 29a5918 CreateActCtxA 31063->31064 31066 29a59db 31064->31066 30975 d5d01c 30976 d5d034 30975->30976 30977 d5d08e 30976->30977 30980 4ff2c08 30976->30980 30988 4ff1434 30976->30988 30983 4ff2c45 30980->30983 30981 4ff2c79 31004 4ff155c 30981->31004 30983->30981 30984 4ff2c69 30983->30984 30996 4ff2d93 30984->30996 31000 4ff2da0 30984->31000 30985 4ff2c77 30985->30985 30989 4ff143f 30988->30989 30990 4ff2c79 30989->30990 30992 4ff2c69 30989->30992 30991 4ff155c CallWindowProcW 30990->30991 30993 4ff2c77 30991->30993 30994 4ff2d93 CallWindowProcW 30992->30994 30995 4ff2da0 CallWindowProcW 30992->30995 30993->30993 30994->30993 30995->30993 30998 4ff2db4 30996->30998 30997 4ff2e40 30997->30985 30998->30997 31008 4ff2e58 30998->31008 31002 4ff2db4 31000->31002 31001 4ff2e40 31001->30985 31002->31001 31003 4ff2e58 CallWindowProcW 31002->31003 31003->31001 31005 4ff1567 31004->31005 31006 4ff435a CallWindowProcW 31005->31006 31007 4ff4309 31005->31007 31006->31007 31007->30985 31009 4ff2e69 31008->31009 31011 4ff429e 31008->31011 31009->30997 31012 4ff155c CallWindowProcW 31011->31012 31013 4ff42aa 31012->31013 31013->31009 31014 29aafb0 31018 29ab0a8 31014->31018 31023 29ab097 31014->31023 31015 29aafbf 31019 29ab0dc 31018->31019 31020 29ab0b9 31018->31020 31019->31015 31020->31019 31021 29ab2e0 GetModuleHandleW 31020->31021 31022 29ab30d 31021->31022 31022->31015 31024 29ab0dc 31023->31024 31025 29ab0b9 31023->31025 31024->31015 31025->31024 31026 29ab2e0 GetModuleHandleW 31025->31026 31027 29ab30d 31026->31027 31027->31015 31067 29ad340 31068 29ad386 31067->31068 31072 29ad50f 31068->31072 31076 29ad520 31068->31076 31069 29ad473 31073 29ad52d 31072->31073 31079 29ad0b8 31073->31079 31077 29ad54e 31076->31077 31078 29ad0b8 DuplicateHandle 31076->31078 31077->31069 31078->31077 31080 29ad588 DuplicateHandle 31079->31080 31081 29ad54e 31080->31081 31081->31069

            Executed Functions

            Function 04FF7358 Relevance: 3.3, Strings: 1, Instructions: 2022COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 316 4ff7358-4ff735f 318 4ff7361 316->318 318->318 319 4ff7363-4ff7393 318->319 320 4ff739a-4ff7440 call 4ff70e8 * 2 319->320 321 4ff7395 319->321 334 4ff744a-4ff7456 call 4ff70f8 320->334 321->320 336 4ff745b-4ff753a call 4ff70f8 call 4ff70e8 call 4ff70f8 * 2 334->336 354 4ff7544-4ff7550 call 4ff7108 336->354 356 4ff7555-4ff7582 call 4ff7108 354->356 360 4ff7587-4ff759e 356->360 362 4ff75a4-4ff75c3 360->362 364 4ff75cd-4ff75e3 362->364 365 4ff75ec-4ff75f0 364->365 366 4ff75f7-4ff7610 365->366 368 4ff7616-4ff7620 366->368 369 4ff7627-4ff76b6 call 4ff7118 368->369 370 4ff7622 368->370 377 4ff76be-4ff76d0 369->377 370->369 378 4ff76d8-4ff8ebb call 4ff70f8 call 4ff7128 * 2 call 4ff70f8 call 4ff7138 call 4ff7128 call 4ff70f8 call 4ff7148 call 4ff7158 call 4ff7168 call 4ff7178 call 4ff7188 call 4ff7198 call 4ff7148 call 4ff7158 call 4ff7168 call 4ff7178 call 4ff7188 call 4ff7198 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71b8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff7148 call 4ff71c8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff7148 call 4ff71c8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71d8 call 4ff71e8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71f8 call 4ff7208 call 4ff71d8 * 2 call 4ff71e8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71f8 call 4ff7208 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff7218 * 2 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71d8 * 4 call 4ff71e8 377->378 681 4ff8ebd-4ff8ec9 378->681 682 4ff8ee5 378->682 683 4ff8ecb-4ff8ed1 681->683 684 4ff8ed3-4ff8ed9 681->684 685 4ff8eeb-4ff95b9 call 4ff7228 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71f8 call 4ff7208 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff7238 call 4ff7248 call 4ff7258 call 4ff7218 * 14 call 4ff7268 call 4ff7168 call 4ff7278 call 4ff7288 * 2 682->685 686 4ff8ee3 683->686 684->686 686->685
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1395679473.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4ff0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Ppeq
            • API String ID: 0-2167432870
            • Opcode ID: d17d15377b86c2cc26dea94519f230102198614ec23c10be2781f3676b19619e
            • Instruction ID: f4c591152e0d503e6b7c5e68980a68cc4f82c158a3fba20c04f20b5b20acf564
            • Opcode Fuzzy Hash: d17d15377b86c2cc26dea94519f230102198614ec23c10be2781f3676b19619e
            • Instruction Fuzzy Hash: 7323D434A10219CFDB25EF64CC94A99B7B6FF8A304F5141E9E509AB361DB31AE85CF40
            Function 04FF7368 Relevance: 3.3, Strings: 1, Instructions: 2020COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 788 4ff7368-4ff7393 789 4ff739a-4ff7620 call 4ff70e8 * 2 call 4ff70f8 * 2 call 4ff70e8 call 4ff70f8 * 2 call 4ff7108 * 2 788->789 790 4ff7395 788->790 838 4ff7627-4ff76d0 call 4ff7118 789->838 839 4ff7622 789->839 790->789 847 4ff76d8-4ff8ebb call 4ff70f8 call 4ff7128 * 2 call 4ff70f8 call 4ff7138 call 4ff7128 call 4ff70f8 call 4ff7148 call 4ff7158 call 4ff7168 call 4ff7178 call 4ff7188 call 4ff7198 call 4ff7148 call 4ff7158 call 4ff7168 call 4ff7178 call 4ff7188 call 4ff7198 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71b8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff7148 call 4ff71c8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff7148 call 4ff71c8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71d8 call 4ff71e8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71f8 call 4ff7208 call 4ff71d8 * 2 call 4ff71e8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71f8 call 4ff7208 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff7218 * 2 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71d8 * 4 call 4ff71e8 838->847 839->838 1150 4ff8ebd-4ff8ec9 847->1150 1151 4ff8ee5 847->1151 1152 4ff8ecb-4ff8ed1 1150->1152 1153 4ff8ed3-4ff8ed9 1150->1153 1154 4ff8eeb-4ff95b9 call 4ff7228 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff71f8 call 4ff7208 call 4ff71a8 call 4ff7158 call 4ff7168 call 4ff7188 call 4ff7198 call 4ff7238 call 4ff7248 call 4ff7258 call 4ff7218 * 14 call 4ff7268 call 4ff7168 call 4ff7278 call 4ff7288 * 2 1151->1154 1155 4ff8ee3 1152->1155 1153->1155 1155->1154
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1395679473.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4ff0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Ppeq
            • API String ID: 0-2167432870
            • Opcode ID: 2e9e76ffb3e25d6ade0eaa8b07776976fa59d1cc08727f09403de7a72f7fda19
            • Instruction ID: 85f17840a79205586d5458bfed831ba64ff58a33b70f8493c0e2be8c490d680e
            • Opcode Fuzzy Hash: 2e9e76ffb3e25d6ade0eaa8b07776976fa59d1cc08727f09403de7a72f7fda19
            • Instruction Fuzzy Hash: 0623D434A10219CFDB25EF64CC94A99B7B6FF8A304F5141E9E509AB361DB31AE85CF40
            Function 029AB0A8 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1301 29ab0a8-29ab0b7 1302 29ab0b9-29ab0c6 call 29a9b14 1301->1302 1303 29ab0e3-29ab0e7 1301->1303 1310 29ab0c8 1302->1310 1311 29ab0dc 1302->1311 1304 29ab0fb-29ab13c 1303->1304 1305 29ab0e9-29ab0f3 1303->1305 1312 29ab149-29ab157 1304->1312 1313 29ab13e-29ab146 1304->1313 1305->1304 1356 29ab0ce call 29ab340 1310->1356 1357 29ab0ce call 29ab331 1310->1357 1311->1303 1315 29ab17b-29ab17d 1312->1315 1316 29ab159-29ab15e 1312->1316 1313->1312 1314 29ab0d4-29ab0d6 1314->1311 1317 29ab218-29ab2d8 1314->1317 1318 29ab180-29ab187 1315->1318 1319 29ab169 1316->1319 1320 29ab160-29ab167 call 29aad10 1316->1320 1351 29ab2da-29ab2dd 1317->1351 1352 29ab2e0-29ab30b GetModuleHandleW 1317->1352 1321 29ab189-29ab191 1318->1321 1322 29ab194-29ab19b 1318->1322 1324 29ab16b-29ab179 1319->1324 1320->1324 1321->1322 1325 29ab1a8-29ab1b1 call 29aad20 1322->1325 1326 29ab19d-29ab1a5 1322->1326 1324->1318 1332 29ab1be-29ab1c3 1325->1332 1333 29ab1b3-29ab1bb 1325->1333 1326->1325 1334 29ab1e1-29ab1ee 1332->1334 1335 29ab1c5-29ab1cc 1332->1335 1333->1332 1341 29ab1f0-29ab20e 1334->1341 1342 29ab211-29ab217 1334->1342 1335->1334 1337 29ab1ce-29ab1de call 29aad30 call 29aad40 1335->1337 1337->1334 1341->1342 1351->1352 1353 29ab30d-29ab313 1352->1353 1354 29ab314-29ab328 1352->1354 1353->1354 1356->1314 1357->1314
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 029AB2FE
            Memory Dump Source
            • Source File: 00000000.00000002.1392888863.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_29a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: b1327c472e6ef79d5de8cd9e35554f6fb405a178a6c273a06cd15eee3f4f0330
            • Instruction ID: 7f93b94af350ec3f2b5958ff452d5c266e0d6f6791b84cab104f97f21dc22f57
            • Opcode Fuzzy Hash: b1327c472e6ef79d5de8cd9e35554f6fb405a178a6c273a06cd15eee3f4f0330
            • Instruction Fuzzy Hash: 44714670A00B058FD764DF2AD46179ABBF5FF88308F00892DD48AD7A50DB75E945CB90
            Function 04FF155C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1358 4ff155c-4ff42fc 1361 4ff43ac-4ff43cc call 4ff1434 1358->1361 1362 4ff4302-4ff4307 1358->1362 1370 4ff43cf-4ff43dc 1361->1370 1363 4ff435a-4ff4392 CallWindowProcW 1362->1363 1364 4ff4309-4ff4340 1362->1364 1366 4ff439b-4ff43aa 1363->1366 1367 4ff4394-4ff439a 1363->1367 1371 4ff4349-4ff4358 1364->1371 1372 4ff4342-4ff4348 1364->1372 1366->1370 1367->1366 1371->1370 1372->1371
            APIs
            • CallWindowProcW.USER32(?,?,?,?,?), ref: 04FF4381
            Memory Dump Source
            • Source File: 00000000.00000002.1395679473.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4ff0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CallProcWindow
            • String ID:
            • API String ID: 2714655100-0
            • Opcode ID: fb7ce30c13eb2369f43a148105195af98a569bd62761a2738fbd3051708615bc
            • Instruction ID: 15252d68d9363398b7420dc9f3fd73517103989490d68318850bb005ceb2de50
            • Opcode Fuzzy Hash: fb7ce30c13eb2369f43a148105195af98a569bd62761a2738fbd3051708615bc
            • Instruction Fuzzy Hash: D1411BB5900305DFDB14CF99C848AABBBF5FF98314F148459D519AB321D774A841CFA1
            Function 029A44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1375 29a44b4-29a59d9 CreateActCtxA 1379 29a59db-29a59e1 1375->1379 1380 29a59e2-29a5a3c 1375->1380 1379->1380 1387 29a5a4b-29a5a4f 1380->1387 1388 29a5a3e-29a5a41 1380->1388 1389 29a5a60-29a5a90 1387->1389 1390 29a5a51-29a5a5d 1387->1390 1388->1387 1394 29a5a42-29a5a47 1389->1394 1395 29a5a92-29a5b14 1389->1395 1390->1389 1394->1387
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 029A59C9
            Memory Dump Source
            • Source File: 00000000.00000002.1392888863.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_29a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 794ddbe9fbffcd8d932152fbba5d82dde7b23a18f78b6fb0e79ad040194dae12
            • Instruction ID: e1d45957f71f27635f31f7256f7c8cd81ac0e3b85f2220ad9b32a81f745734ec
            • Opcode Fuzzy Hash: 794ddbe9fbffcd8d932152fbba5d82dde7b23a18f78b6fb0e79ad040194dae12
            • Instruction Fuzzy Hash: 4941D2B1D00719CBEB24CFA9C884B9EBBF5FF48314F60846AD409AB251DB756946CF90
            Function 029A590C Relevance: 1.6, APIs: 1, Instructions: 92COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1398 29a590c-29a598c 1399 29a598f-29a59d9 CreateActCtxA 1398->1399 1401 29a59db-29a59e1 1399->1401 1402 29a59e2-29a5a3c 1399->1402 1401->1402 1409 29a5a4b-29a5a4f 1402->1409 1410 29a5a3e-29a5a41 1402->1410 1411 29a5a60-29a5a90 1409->1411 1412 29a5a51-29a5a5d 1409->1412 1410->1409 1416 29a5a42-29a5a47 1411->1416 1417 29a5a92-29a5b14 1411->1417 1412->1411 1416->1409
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 029A59C9
            Memory Dump Source
            • Source File: 00000000.00000002.1392888863.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_29a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 1f32ad495634c7bacdd95397217450ba7fe80c43f8812404b1bb42cc6a530ac4
            • Instruction ID: e3a90739814b70b3923e21e7d5e266c826598cd8e4c10be1c798da77ed885896
            • Opcode Fuzzy Hash: 1f32ad495634c7bacdd95397217450ba7fe80c43f8812404b1bb42cc6a530ac4
            • Instruction Fuzzy Hash: 914132B1D00759CFDB24CFA9C890B8DBBF1BF49314F20809AD408AB251CB796946CF90
            Function 029A5A84 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1420 29a5a84-29a5a90 1421 29a5a42-29a5a47 1420->1421 1422 29a5a92-29a5b14 1420->1422 1425 29a5a4b-29a5a4f 1421->1425 1426 29a5a60-29a5a61 1425->1426 1427 29a5a51-29a5a5d 1425->1427 1426->1420 1427->1426
            Memory Dump Source
            • Source File: 00000000.00000002.1392888863.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_29a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fa81274ef17548fdb012a24799deb001347f5976cb38eba44e88987f367fcc4d
            • Instruction ID: c5fbd3843484ec7432854552f53cc81a33431b5291b3492bb276de4b069873b6
            • Opcode Fuzzy Hash: fa81274ef17548fdb012a24799deb001347f5976cb38eba44e88987f367fcc4d
            • Instruction Fuzzy Hash: 6231BCB1E04349CFEB10DBA8C8A479DBBF1FF45308FA54089C046AB251DB79690ACB91
            Function 029AD0B8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1430 29ad0b8-29ad61c DuplicateHandle 1432 29ad61e-29ad624 1430->1432 1433 29ad625-29ad642 1430->1433 1432->1433
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,029AD54E,?,?,?,?,?), ref: 029AD60F
            Memory Dump Source
            • Source File: 00000000.00000002.1392888863.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_29a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 6d680b632ee323ed1d355db597d5b13263eaa66144fb3990148ba8cd0a2c850d
            • Instruction ID: 091be12a16848d3dda4b340bf7970de9211ecddf1c4b9e7704471f57875e6ba9
            • Opcode Fuzzy Hash: 6d680b632ee323ed1d355db597d5b13263eaa66144fb3990148ba8cd0a2c850d
            • Instruction Fuzzy Hash: 7E21E7B5D003489FDB10CF99D584ADEBBF4EB48314F14841AE914A7310D378A954CFA5
            Function 029AD581 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1436 29ad581-29ad61c DuplicateHandle 1437 29ad61e-29ad624 1436->1437 1438 29ad625-29ad642 1436->1438 1437->1438
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,029AD54E,?,?,?,?,?), ref: 029AD60F
            Memory Dump Source
            • Source File: 00000000.00000002.1392888863.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_29a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: a35ebab0ffe8fa20670b341da671c33e14fb72de8f3f0a9ac228de8525b4b12d
            • Instruction ID: 8486672cb3ff996345bd12b6ce60142d4ca264776b1a6b7bb69340220d171293
            • Opcode Fuzzy Hash: a35ebab0ffe8fa20670b341da671c33e14fb72de8f3f0a9ac228de8525b4b12d
            • Instruction Fuzzy Hash: D321E5B5D102489FDB10CF99D585AEEBFF4EB48320F14841AE918A7310D374A950CFA1
            Function 029AB298 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1441 29ab298-29ab2d8 1442 29ab2da-29ab2dd 1441->1442 1443 29ab2e0-29ab30b GetModuleHandleW 1441->1443 1442->1443 1444 29ab30d-29ab313 1443->1444 1445 29ab314-29ab328 1443->1445 1444->1445
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 029AB2FE
            Memory Dump Source
            • Source File: 00000000.00000002.1392888863.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_29a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: d65c2e772a11815b2703a585bf1026e4f4a6e4f5752522c425ef0e80762bc26c
            • Instruction ID: 2bc82002b8d1beb3b70238be6bea66823fe84ae2e518bf3b30f06ad3d182fdac
            • Opcode Fuzzy Hash: d65c2e772a11815b2703a585bf1026e4f4a6e4f5752522c425ef0e80762bc26c
            • Instruction Fuzzy Hash: 7711DFB6C007498FCB10CF9AD454ADEFBF8EF88328F14845AD819A7210C379A545CFA5
            Function 06D018EA Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1447 6d018ea-6d0195a PostMessageW 1448 6d01963-6d01977 1447->1448 1449 6d0195c-6d01962 1447->1449 1449->1448
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 06D0194D
            Memory Dump Source
            • Source File: 00000000.00000002.1396673847.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6d00000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 1ca5303c2ae46f1ace568c86c6a506892d9cabb18ca9ddaede90e88260799a00
            • Instruction ID: 512a20dcbeadd3e9e676cfdd70ed88be18266ad0ea1128bc7e9bd8463fabe8a1
            • Opcode Fuzzy Hash: 1ca5303c2ae46f1ace568c86c6a506892d9cabb18ca9ddaede90e88260799a00
            • Instruction Fuzzy Hash: 6811F2B5800249DFDB10DF99D885BEEFFF4EB48320F24841AE858A7240C375A944CFA1
            Function 06D018F0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1451 6d018f0-6d0195a PostMessageW 1452 6d01963-6d01977 1451->1452 1453 6d0195c-6d01962 1451->1453 1453->1452
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 06D0194D
            Memory Dump Source
            • Source File: 00000000.00000002.1396673847.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6d00000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 7fbc86a342bbd855d06166ca09b360ceebecf62a99da9ef5217f2dfbebbfbd75
            • Instruction ID: 2247263cb2c36123cf968f994ba85b53764cbbaf70d235c233f7cc2e7ce232b7
            • Opcode Fuzzy Hash: 7fbc86a342bbd855d06166ca09b360ceebecf62a99da9ef5217f2dfbebbfbd75
            • Instruction Fuzzy Hash: F511D0B5800349DFDB10DF9AD885BDEBBF8EB48320F14841AE558A7240C375A944CFA1
            Function 06D0323C Relevance: 1.3, APIs: 1, Instructions: 50COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06D03A71,?,?), ref: 06D03C18
            Memory Dump Source
            • Source File: 00000000.00000002.1396673847.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6d00000_SecuriteInfo.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: efc9821787ecff16a67c23268a591b179df7caae810b4268acc8eba6c4c86164
            • Instruction ID: 6b7020c0839d916a9a001eae107352c9b18e7dbf5e08fcbff22776c61e540b8d
            • Opcode Fuzzy Hash: efc9821787ecff16a67c23268a591b179df7caae810b4268acc8eba6c4c86164
            • Instruction Fuzzy Hash: 301122B5800649CFEB60DF9AC545BEEBBF4EB48320F15841AE958A7340D378A944CFA5
            Function 06D03BBF Relevance: 1.3, APIs: 1, Instructions: 48COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06D03A71,?,?), ref: 06D03C18
            Memory Dump Source
            • Source File: 00000000.00000002.1396673847.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6d00000_SecuriteInfo.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: 11f8bce44d9783d2a4e13db05056a755a8b117567c608fea293bf764ec54dd25
            • Instruction ID: daa063d880393375661d6949b738b94b7f2243013e3acfbc3486d0f43cd434d6
            • Opcode Fuzzy Hash: 11f8bce44d9783d2a4e13db05056a755a8b117567c608fea293bf764ec54dd25
            • Instruction Fuzzy Hash: 391133B5800249CFDB20DF9AC545BEEBBF4EB48320F14841AD518A7340C738A544CFA5
            Function 00D4D3D8 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1392236655.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d4d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f47b1ddde14ec634cfdf72689293f99c37b70b8b530036f5e2f1a7e24af515ab
            • Instruction ID: 1c5cae936f2e6cea27603b54effacd4c167db590416d1ec7ce8fb78c76ceae5d
            • Opcode Fuzzy Hash: f47b1ddde14ec634cfdf72689293f99c37b70b8b530036f5e2f1a7e24af515ab
            • Instruction Fuzzy Hash: 2B2125B1504204DFDB05DF14D9C0B26BFA6FB98324F28C56DE94D0B256C33AE856CAB2
            Function 00D4D4C4 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1392236655.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d4d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c8718aceb8d4786b3590516637352bd640ac20f061cfcec03da9987632141f22
            • Instruction ID: caca0383469385eedc2ae2ca395c4e4d2a789a210764e2091a99d6b96deaa486
            • Opcode Fuzzy Hash: c8718aceb8d4786b3590516637352bd640ac20f061cfcec03da9987632141f22
            • Instruction Fuzzy Hash: C62125B1604240DFDB05DF14D9C0B26BF66FB98318F28C569E9490B256C736D816CAB1
            Function 00D5D01C Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1392288262.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d5d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 30d2a179ce50aadfdaffd213e61cd4952cc2a466719e33cdc2d8cb052bb5e9dd
            • Instruction ID: fde5c2039f386c9f587d17fb9a65e580b27b62e38d953c9a2a97c37e06af8e15
            • Opcode Fuzzy Hash: 30d2a179ce50aadfdaffd213e61cd4952cc2a466719e33cdc2d8cb052bb5e9dd
            • Instruction Fuzzy Hash: 9321D371504240DFDF24DF18D580B16BBA6EB88315F24C569ED494B296C33AD80BCA71
            Function 00D5D005 Relevance: .1, Instructions: 62COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1392288262.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d5d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c5eec39cf166bb7b021e61bbb1d6f0b3a313fc18d8b0ac81e4ce6b7f84784a34
            • Instruction ID: b19c325fd85608b91d56d36afe719c0c142739baac4c35b1240a0b8bb694b31b
            • Opcode Fuzzy Hash: c5eec39cf166bb7b021e61bbb1d6f0b3a313fc18d8b0ac81e4ce6b7f84784a34
            • Instruction Fuzzy Hash: FC214F755093808FDB12CF24D994715BF72EB46214F29C5EADC498B6A7C33A980ACB72
            Function 00D4D3D3 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1392236655.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d4d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
            • Instruction ID: 205d98ce16043cdbaaae1699fc1e27e9f05662869e18e7cfc6cebaef45bda79f
            • Opcode Fuzzy Hash: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
            • Instruction Fuzzy Hash: 1D112676404280CFDF12CF10D5C0B16BF72FB94324F28C2A9D9090B256C33AE85ACBA1
            Function 00D4D4BF Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1392236655.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d4d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
            • Instruction ID: 554664a6b11752f6d564287f0c24e374cfb67696da9efbe2e66aeb3178294e83
            • Opcode Fuzzy Hash: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
            • Instruction Fuzzy Hash: 06112672504280CFCF12CF10D5C0B16BF72FB94314F28C6A9D8494B256C33AD85ACBA1
            Function 00D4D731 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1392236655.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d4d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4f6e161d26378cbc104088ffccfbe65c07feff1d753cbb09dfd1c378143be56f
            • Instruction ID: 3a75eb00825b6baa2d362bd610c39aefba0cbd11e10b36c01f4b1438d32a70a9
            • Opcode Fuzzy Hash: 4f6e161d26378cbc104088ffccfbe65c07feff1d753cbb09dfd1c378143be56f
            • Instruction Fuzzy Hash: 4501D4714043449BE7108B268C80B66BBA9DF80360F28881AED4A4E282D2789840CA71
            Function 00D4D730 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1392236655.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d4d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b15ad505db92124756994bbbfc053b695929391bc9b74f0b1cdb3fa44aa1a58c
            • Instruction ID: f70582185823a103f86033f9ad5c7bed8640716309f8064fbe5126fe7b2efb81
            • Opcode Fuzzy Hash: b15ad505db92124756994bbbfc053b695929391bc9b74f0b1cdb3fa44aa1a58c
            • Instruction Fuzzy Hash: C5F0CD32404244AFE7208B1AC884B62FFD8EB90774F28C55AED094F286C378A840CAB1

            Non-executed Functions

            Function 06D03448 Relevance: .4, Instructions: 353COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1396673847.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_6d00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2488bed5f26a0aef7f746c55535e93fde8355f389e8c763e54ad1d522826e15d
            • Instruction ID: f8eb39f9f4f90a6f153926404a414e1ad501860a3f36bab853e8aaf29f7cd2a8
            • Opcode Fuzzy Hash: 2488bed5f26a0aef7f746c55535e93fde8355f389e8c763e54ad1d522826e15d
            • Instruction Fuzzy Hash: 08D18A70B007069FEBA5DB79C860B6EBBF6AF88700F154469D146CB390DB34E905CBA1
            Function 04FF0040 Relevance: .3, Instructions: 315COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1395679473.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4ff0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4e408cebbe3c2d3f916fb96f258af6b122cb187db2f04bfc16268c975f0aa793
            • Instruction ID: 9bfd2469ae00631b6e6bb033795f8d44c2b8db31496180b2165bc4429e44b3c5
            • Opcode Fuzzy Hash: 4e408cebbe3c2d3f916fb96f258af6b122cb187db2f04bfc16268c975f0aa793
            • Instruction Fuzzy Hash: 0F12B8B2C827458BE390CFA5E94C1897BB1BB41318BD14A09C3621B2E5DFBC916BCF44
            Function 029ADE4C Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1392888863.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_29a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 88831de19140ea1e7a52acc5a0676a7b65b096f78d6f020d724fa25ccf136c55
            • Instruction ID: a8f6b91efef8d2410b8e650599ea0fbaf48dc251e397b2f96bbe7a92e4300964
            • Opcode Fuzzy Hash: 88831de19140ea1e7a52acc5a0676a7b65b096f78d6f020d724fa25ccf136c55
            • Instruction Fuzzy Hash: E2A18F32E003098FCF15DFB4C49459EB7B6FF88304B2445AAE905AB265DB35E915CF90
            Function 04FF003F Relevance: .2, Instructions: 217COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1395679473.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_4ff0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4c6a2b4dfc06b1d0c5da2594cc9f60cc8a6f397d3dadfe61c6280d1979cfe47b
            • Instruction ID: 7f56e30e76e82ed83d3da798d860425d4347dc142e2e7dae5fa9d7f64b54b5a4
            • Opcode Fuzzy Hash: 4c6a2b4dfc06b1d0c5da2594cc9f60cc8a6f397d3dadfe61c6280d1979cfe47b
            • Instruction Fuzzy Hash: BCC1F8B2C827458BD790CFA5E9481897BB1BB85314F914A09D3622B2E4DFBC946BCF44

            Execution Graph

            Execution Coverage:0.7%
            Dynamic/Decrypted Code Coverage:2.6%
            Signature Coverage:7.9%
            Total number of Nodes:190
            Total number of Limit Nodes:32
            execution_graph 91542 41f0d0 91545 41b930 91542->91545 91544 41f0db 91546 41b956 91545->91546 91551 409d30 91546->91551 91548 41b962 91550 41b975 91548->91550 91557 40c1b0 8 API calls 91548->91557 91550->91544 91554 409d3d 91551->91554 91558 409c80 91551->91558 91553 409d44 91553->91548 91554->91553 91565 40f170 NtClose 91554->91565 91556 409d55 91556->91548 91557->91550 91560 409c93 91558->91560 91559 409ca6 91559->91554 91560->91559 91566 41b270 91560->91566 91562 409ce3 91562->91559 91577 409aa0 91562->91577 91564 409d03 91564->91554 91565->91556 91567 41b289 91566->91567 91580 414a40 91567->91580 91569 41b2a1 91570 41b2aa 91569->91570 91609 41b0b0 91569->91609 91570->91562 91572 41b2be 91572->91570 91623 419ec0 91572->91623 91765 407ea0 91577->91765 91579 409aba 91579->91564 91581 414a54 91580->91581 91582 414b63 91580->91582 91581->91582 91630 41a320 91581->91630 91582->91569 91584 414ba7 91585 41bd80 RtlFreeHeap 91584->91585 91591 414bb3 91585->91591 91586 414d39 91587 41a450 NtClose 91586->91587 91589 414d40 91587->91589 91588 414d4f 91679 414780 NtReadFile NtClose 91588->91679 91589->91569 91591->91582 91591->91586 91591->91588 91594 414c42 91591->91594 91592 414d62 91592->91569 91593 414ca9 91593->91586 91602 414cbc 91593->91602 91594->91593 91595 414c51 91594->91595 91596 414c56 91595->91596 91597 414c6a 91595->91597 91675 414640 NtClose 91596->91675 91598 414c87 91597->91598 91599 414c6f 91597->91599 91598->91589 91643 414400 91598->91643 91633 4146e0 91599->91633 91676 41a450 91602->91676 91603 414c60 91603->91569 91604 414c7d 91604->91569 91606 414c9f 91606->91569 91608 414d28 91608->91569 91611 41b0c1 91609->91611 91610 41b0d3 91610->91572 91611->91610 91697 41bd00 91611->91697 91613 41b0f4 91700 414060 91613->91700 91615 41b140 91615->91572 91616 41b117 91616->91615 91617 414060 2 API calls 91616->91617 91619 41b139 91617->91619 91619->91615 91725 415380 91619->91725 91620 41b1ca 91735 419e80 91620->91735 91624 419edc 91623->91624 91759 1612c0a 91624->91759 91625 419ef7 91627 41bd80 91625->91627 91762 41a630 91627->91762 91629 41b319 91629->91562 91680 41af20 91630->91680 91632 41a33c NtCreateFile 91632->91584 91634 4146fc 91633->91634 91635 414724 91634->91635 91636 414738 91634->91636 91637 41a450 NtClose 91635->91637 91638 41a450 NtClose 91636->91638 91639 41472d 91637->91639 91640 414741 91638->91640 91639->91604 91682 41bf90 RtlAllocateHeap 91640->91682 91642 41474c 91642->91604 91644 41444b 91643->91644 91645 41447e 91643->91645 91646 41a450 NtClose 91644->91646 91647 41449a 91645->91647 91649 4145c9 91645->91649 91648 41446f 91646->91648 91650 4144d1 91647->91650 91651 4144bc 91647->91651 91648->91606 91655 41a450 NtClose 91649->91655 91653 4144d6 91650->91653 91654 4144ec 91650->91654 91652 41a450 NtClose 91651->91652 91656 4144c5 91652->91656 91657 41a450 NtClose 91653->91657 91663 4144f1 91654->91663 91683 41bf50 91654->91683 91658 414629 91655->91658 91656->91606 91659 4144df 91657->91659 91658->91606 91659->91606 91662 414557 91664 414575 91662->91664 91665 41458a 91662->91665 91668 414503 91663->91668 91686 41a3d0 91663->91686 91666 41a450 NtClose 91664->91666 91667 41a450 NtClose 91665->91667 91666->91668 91669 414593 91667->91669 91668->91606 91670 4145bf 91669->91670 91689 41bb50 91669->91689 91670->91606 91672 4145aa 91673 41bd80 RtlFreeHeap 91672->91673 91674 4145b3 91673->91674 91674->91606 91675->91603 91677 41a46c NtClose 91676->91677 91678 41af20 91676->91678 91677->91608 91678->91677 91679->91592 91681 41af30 91680->91681 91681->91632 91682->91642 91694 41a5f0 91683->91694 91685 41bf68 91685->91663 91687 41af20 91686->91687 91688 41a3ec NtReadFile 91687->91688 91688->91662 91690 41bb74 91689->91690 91691 41bb5d 91689->91691 91690->91672 91691->91690 91692 41bf50 RtlAllocateHeap 91691->91692 91693 41bb8b 91692->91693 91693->91672 91695 41af20 91694->91695 91696 41a60c RtlAllocateHeap 91695->91696 91696->91685 91698 41bd2d 91697->91698 91739 41a500 91697->91739 91698->91613 91701 414071 91700->91701 91702 414079 91700->91702 91701->91616 91724 41434c 91702->91724 91742 41cef0 91702->91742 91704 4140cd 91705 41cef0 RtlAllocateHeap 91704->91705 91708 4140d8 91705->91708 91706 414126 91709 41cef0 RtlAllocateHeap 91706->91709 91708->91706 91747 41cf90 91708->91747 91711 41413a 91709->91711 91710 41cef0 RtlAllocateHeap 91713 4141ad 91710->91713 91711->91710 91712 41cef0 RtlAllocateHeap 91714 4141f5 91712->91714 91713->91712 91753 41cf50 RtlFreeHeap 91714->91753 91716 414324 91754 41cf50 RtlFreeHeap 91716->91754 91718 41432e 91755 41cf50 RtlFreeHeap 91718->91755 91720 414338 91756 41cf50 RtlFreeHeap 91720->91756 91722 414342 91757 41cf50 RtlFreeHeap 91722->91757 91724->91616 91726 415391 91725->91726 91727 414a40 5 API calls 91726->91727 91728 4153a7 91727->91728 91729 4153e2 91728->91729 91730 4153f5 91728->91730 91734 4153fa 91728->91734 91731 41bd80 RtlFreeHeap 91729->91731 91732 41bd80 RtlFreeHeap 91730->91732 91733 4153e7 91731->91733 91732->91734 91733->91620 91734->91620 91736 419e9c 91735->91736 91758 1612df0 LdrInitializeThunk 91736->91758 91737 419eb3 91737->91572 91740 41af20 91739->91740 91741 41a51c NtAllocateVirtualMemory 91740->91741 91741->91698 91743 41cf00 91742->91743 91744 41cf06 91742->91744 91743->91704 91745 41bf50 RtlAllocateHeap 91744->91745 91746 41cf2c 91745->91746 91746->91704 91748 41cfb5 91747->91748 91750 41cfed 91747->91750 91749 41bf50 RtlAllocateHeap 91748->91749 91751 41cfca 91749->91751 91750->91708 91752 41bd80 RtlFreeHeap 91751->91752 91752->91750 91753->91716 91754->91718 91755->91720 91756->91722 91757->91724 91758->91737 91760 1612c11 91759->91760 91761 1612c1f LdrInitializeThunk 91759->91761 91760->91625 91761->91625 91763 41a64c RtlFreeHeap 91762->91763 91764 41af20 91762->91764 91763->91629 91764->91763 91766 407eb0 91765->91766 91767 407eab 91765->91767 91768 41bd00 NtAllocateVirtualMemory 91766->91768 91767->91579 91769 407ed5 91768->91769 91770 407f38 91769->91770 91771 419e80 LdrInitializeThunk 91769->91771 91772 41bd00 NtAllocateVirtualMemory 91769->91772 91770->91579 91771->91769 91772->91769 91773 1612bf0 LdrInitializeThunk

            Executed Functions

            Function 0041A3D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 0 41a3d0-41a419 call 41af20 NtReadFile
            APIs
            • NtReadFile.NTDLL(bMA,5EB65239,FFFFFFFF,?,?,?,bMA,?,!JA,FFFFFFFF,5EB65239,00414D62,?,00000000), ref: 0041A415
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: FileRead
            • String ID: !JA$bMA$bMA
            • API String ID: 2738559852-4222312340
            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
            • Instruction ID: 54437c4e75339082d0912fbe7e6c9053912bd6928cda1a9760da43cab1c95c7d
            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
            • Instruction Fuzzy Hash: C3F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241D630E8518BA4
            Function 0041A44A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35nativefileCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 3 41a44a-41a44c 4 41a40a-41a419 NtReadFile 3->4 5 41a44e-41a479 call 41af20 NtClose 3->5
            APIs
            • NtReadFile.NTDLL(bMA,5EB65239,FFFFFFFF,?,?,?,bMA,?,!JA,FFFFFFFF,5EB65239,00414D62,?,00000000), ref: 0041A415
            • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A475
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: CloseFileRead
            • String ID: bMA
            • API String ID: 752142053-4028532242
            • Opcode ID: 78af462d15d3bac150910254672ddd015a6ee1d60f60359f045ee51e6f0d6073
            • Instruction ID: 82e347cc4db29127b742922a7b4c660f09a1c7a08bf06e2a5bfc2d387f9b3662
            • Opcode Fuzzy Hash: 78af462d15d3bac150910254672ddd015a6ee1d60f60359f045ee51e6f0d6073
            • Instruction Fuzzy Hash: 57E02B762052046FD710EB94BC85DE7BB58EF84334F14425FF95C5B241C435E54087E0
            Function 0041A320 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 99 41a320-41a371 call 41af20 NtCreateFile
            APIs
            • NtCreateFile.NTDLL(00000060,00409CE3,?,00414BA7,00409CE3,FFFFFFFF,?,?,FFFFFFFF,00409CE3,00414BA7,?,00409CE3,00000060,00000000,00000000), ref: 0041A36D
            Memory Dump Source
            • Source File: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
            • Instruction ID: 30690d9e011530b668ed3b4ae7cc5c3fda29d367b226dbf4f68f65ca016a7565
            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
            • Instruction Fuzzy Hash: FDF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
            Function 0041A500 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 107 41a500-41a53d call 41af20 NtAllocateVirtualMemory
            APIs
            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B0F4,?,00000000,?,00003000,00000040,00000000,00000000,00409CE3), ref: 0041A539
            Memory Dump Source
            • Source File: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: AllocateMemoryVirtual
            • String ID:
            • API String ID: 2167126740-0
            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
            • Instruction ID: c35769ceed384df61eeb5fc049e905e887b244236103aac277853e7772ac0dd9
            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
            • Instruction Fuzzy Hash: 75F015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241C630F811CBA4
            Function 0041A450 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 113 41a450-41a466 114 41a46c-41a479 NtClose 113->114 115 41a467 call 41af20 113->115 115->114
            APIs
            • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A475
            Memory Dump Source
            • Source File: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
            • Instruction ID: e48275ca6f7768b9f0fd4fab79f6d7fda959a909e55c262f35bdb2090c9231ed
            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
            • Instruction Fuzzy Hash: E5D01776200214ABD710EB99DC85EE77BADEF48764F15449ABA189B242C530FA1086E0
            Function 01612BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 120 1612bf0-1612bfc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 630df219df73851381529783e37c03d6a4eb44f366f06aba509f2787b61f1dc8
            • Instruction ID: 8568c1121d67faf47896bf60325657d98b78aa78ee643513d2d1ec664fbbb709
            • Opcode Fuzzy Hash: 630df219df73851381529783e37c03d6a4eb44f366f06aba509f2787b61f1dc8
            • Instruction Fuzzy Hash: 9290023120181802D18075584C0564B004997D1301F95C015E4025758ECE158B597BA1
            Function 01612DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 121 1612df0-1612dfc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 6215539effea25498739c4f86c52e40957075287f3772b355c5e7502994ac92d
            • Instruction ID: b5e063e97dac60862e39fc2274650432662772cdad3c4ab3eaf8be652ac7df7a
            • Opcode Fuzzy Hash: 6215539effea25498739c4f86c52e40957075287f3772b355c5e7502994ac92d
            • Instruction Fuzzy Hash: E690023120181413D11175584D05707004D97D0241F95C412E442465CEDA568A52A621
            Function 00409AA0 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52314f94f59daf452594b101418944989ba10d402b895cad4abe47703a5ce96b
            • Instruction ID: 4f20240aff7f2371bb6e5cfcebb6b85206ba00274494e6c7b70a30fa46eb6871
            • Opcode Fuzzy Hash: 52314f94f59daf452594b101418944989ba10d402b895cad4abe47703a5ce96b
            • Instruction Fuzzy Hash: 48213CB2D4420957CB25D664AD52BFF737CAB54314F04007FE949A3182F638BF498BA6
            Function 0041A5F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 8 41a5f0-41a621 call 41af20 RtlAllocateHeap
            APIs
            • RtlAllocateHeap.NTDLL(&EA,?,00414C9F,00414C9F,?,00414526,?,?,?,?,?,00000000,00409CE3,?), ref: 0041A61D
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: AllocateHeap
            • String ID: &EA
            • API String ID: 1279760036-1330915590
            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
            • Instruction ID: 65e1271fa0e6f293e5ca7d904ec396d69fb6d51de338ced040ab1bfa87458b74
            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
            • Instruction Fuzzy Hash: 1DE012B2200208ABDB14EF99DC41EA777ADAF88668F118559BA085B242C630F9118AB0
            Function 0041A622 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 102 41a622-41a62b 103 41a5b5 102->103 104 41a62d-41a647 call 41af20 102->104 106 41a64c-41a661 RtlFreeHeap 104->106
            APIs
            • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A65D
            Memory Dump Source
            • Source File: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID:
            • API String ID: 3298025750-0
            • Opcode ID: 9708d594edcda5fc8893eca15c6f157fdf37ca12e2aee08b9fa9ee063b66a24e
            • Instruction ID: d7e5308ecc6ccac864cb968cc564e8cbba3d48c91f9b9386b1e81575d64c18d9
            • Opcode Fuzzy Hash: 9708d594edcda5fc8893eca15c6f157fdf37ca12e2aee08b9fa9ee063b66a24e
            • Instruction Fuzzy Hash: B7F0E5B13003106FDB18DF68DC49EE7B7AAEF44714F004519F9084B261C271E9108BF0
            Function 0041A630 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 110 41a630-41a646 111 41a64c-41a661 RtlFreeHeap 110->111 112 41a647 call 41af20 110->112 112->111
            APIs
            • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A65D
            Memory Dump Source
            • Source File: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID:
            • API String ID: 3298025750-0
            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
            • Instruction ID: a31e03847b69acb9206512889bce5d114748d47cfafea9ced6338f279cce3475
            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
            • Instruction Fuzzy Hash: 64E04FB12002046BD714DF59DC45EE777ADEF88754F014559FD0857241C630F910CAF0
            Function 01612C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 116 1612c0a-1612c0f 117 1612c11-1612c18 116->117 118 1612c1f-1612c26 LdrInitializeThunk 116->118
            APIs
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 5385377a252eb7e428f3053945a822a2edf85bde3d7c9845e2b22acac658ff25
            • Instruction ID: bfc8d285e806f97f66db87fa9c27ab3b297db8c9477e2633a6197d8b33fc86af
            • Opcode Fuzzy Hash: 5385377a252eb7e428f3053945a822a2edf85bde3d7c9845e2b22acac658ff25
            • Instruction Fuzzy Hash: A3B09B719019D5C6DA51E7644E09717795477D0701F29C065D3030755F4738C1D1E675

            Non-executed Functions

            Function 01688D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
            Download Yara Rule
            Strings
            • read from, xrefs: 01688F5D, 01688F62
            • an invalid address, %p, xrefs: 01688F7F
            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01688F34
            • *** enter .cxr %p for the context, xrefs: 01688FBD
            • Go determine why that thread has not released the critical section., xrefs: 01688E75
            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01688E3F
            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01688E4B
            • *** Inpage error in %ws:%s, xrefs: 01688EC8
            • The resource is owned shared by %d threads, xrefs: 01688E2E
            • *** Resource timeout (%p) in %ws:%s, xrefs: 01688E02
            • The resource is owned exclusively by thread %p, xrefs: 01688E24
            • *** then kb to get the faulting stack, xrefs: 01688FCC
            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01688D8C
            • write to, xrefs: 01688F56
            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01688E86
            • *** enter .exr %p for the exception record, xrefs: 01688FA1
            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01688DB5
            • <unknown>, xrefs: 01688D2E, 01688D81, 01688E00, 01688E49, 01688EC7, 01688F3E
            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01688F26
            • The critical section is owned by thread %p., xrefs: 01688E69
            • a NULL pointer, xrefs: 01688F90
            • This failed because of error %Ix., xrefs: 01688EF6
            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01688DC4
            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01688DD3
            • *** An Access Violation occurred in %ws:%s, xrefs: 01688F3F
            • The instruction at %p tried to %s , xrefs: 01688F66
            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01688FEF
            • The instruction at %p referenced memory at %p., xrefs: 01688EE2
            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01688DA3
            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01688F2D
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
            • API String ID: 0-108210295
            • Opcode ID: d0b8c7786290105a6a978c620579bbaa8e59c11a55580496377e07c93378e762
            • Instruction ID: 5a44f9a345ea500801a76429d81ffeb75f53afe476777b892afcabca5c05ce93
            • Opcode Fuzzy Hash: d0b8c7786290105a6a978c620579bbaa8e59c11a55580496377e07c93378e762
            • Instruction Fuzzy Hash: 68811475A40205BFDB61AF99CC49D6B3F3AFF56B90F40818CF6046F252E7758842CA62
            Function 01652349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2160512332
            • Opcode ID: bfed40601b1ff37c0eadcf832ed88a30c65c19888fabfdc8e5d64f14deae2cc2
            • Instruction ID: 804dca72e213655456e686defb0aa09484388f1a65793a2254d2b18440f171a0
            • Opcode Fuzzy Hash: bfed40601b1ff37c0eadcf832ed88a30c65c19888fabfdc8e5d64f14deae2cc2
            • Instruction Fuzzy Hash: E8928871608342EFE761CE29CC90B6BBBE9BB84754F04492DFA959B350D770E844CB92
            Function 01608620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
            Download Yara Rule
            Strings
            • corrupted critical section, xrefs: 016454C2
            • Thread identifier, xrefs: 0164553A
            • Address of the debug info found in the active list., xrefs: 016454AE, 016454FA
            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0164540A, 01645496, 01645519
            • Critical section address., xrefs: 01645502
            • 8, xrefs: 016452E3
            • double initialized or corrupted critical section, xrefs: 01645508
            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016454CE
            • Invalid debug info address of this critical section, xrefs: 016454B6
            • Thread is in a state in which it cannot own a critical section, xrefs: 01645543
            • undeleted critical section in freed memory, xrefs: 0164542B
            • Critical section debug info address, xrefs: 0164541F, 0164552E
            • Critical section address, xrefs: 01645425, 016454BC, 01645534
            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016454E2
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
            • API String ID: 0-2368682639
            • Opcode ID: b8721c5955981400fc2b8b3e4073b64cfb70a5296025ace89b2730d361ab3a38
            • Instruction ID: 4a10e43ff90a70322e720f84d1c73139cb591d2c6e11b811d0e77094add00023
            • Opcode Fuzzy Hash: b8721c5955981400fc2b8b3e4073b64cfb70a5296025ace89b2730d361ab3a38
            • Instruction Fuzzy Hash: BA819EB1A01359EFDB21CF99CC81BAEBBB9FB48714F244119F505BB280D3B5A941CB90
            Function 016029F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
            Download Yara Rule
            Strings
            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01642624
            • @, xrefs: 0164259B
            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016424C0
            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01642506
            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01642409
            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016422E4
            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01642412
            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016425EB
            • RtlpResolveAssemblyStorageMapEntry, xrefs: 0164261F
            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01642602
            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01642498
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
            • API String ID: 0-4009184096
            • Opcode ID: 1e6cf3e519f7eebb7bdc01fe82eb0703b746f2711c5f6a579e24b9bdff4396f8
            • Instruction ID: f24d9719fd9955d94a87c832b878b2678c9e76e8e4842292e42b447d542e3e78
            • Opcode Fuzzy Hash: 1e6cf3e519f7eebb7bdc01fe82eb0703b746f2711c5f6a579e24b9bdff4396f8
            • Instruction Fuzzy Hash: A30280F1D002299BDB66DB54CC94BEAB7B8AF54304F1041DEE609A7281EB309E84CF59
            Function 01678B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
            • API String ID: 0-2515994595
            • Opcode ID: e385bf7d89a54f49574282a5653c58cddb8e09c002203216ccfc281e3eb6a299
            • Instruction ID: 4f4f072ff6867206a9175d6726922c3329acdb9006c081b382758ad3c807b54a
            • Opcode Fuzzy Hash: e385bf7d89a54f49574282a5653c58cddb8e09c002203216ccfc281e3eb6a299
            • Instruction Fuzzy Hash: 3751C0726043029BD329DF188C48BABBBECFF98640F544A1DFA59C7241E770DA05CB92
            Function 015EAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
            • API String ID: 0-3197712848
            • Opcode ID: 0733005ff3f9c592bfc9721c734f2f3a0fb63bfc6e8df7c87887971984d0d477
            • Instruction ID: d4994f4d1450cfd1696eabb0d3fccddbbf4f19dc8aa5df851259435c51a5fa32
            • Opcode Fuzzy Hash: 0733005ff3f9c592bfc9721c734f2f3a0fb63bfc6e8df7c87887971984d0d477
            • Instruction Fuzzy Hash: BD12D071A083428FD329DB28C884BBABBE5BFC4714F044A1DF9958F291E774D944CB92
            Function 01680274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
            • API String ID: 0-1700792311
            • Opcode ID: 5bbf1e420c6d35e74cf3dc52ac8524c125249fe93cd96b8356a902d1676aa3f2
            • Instruction ID: 952a84cf752d1f1698e996d4c21eb8a329c5a399545b1262bb2e9efe0e73620a
            • Opcode Fuzzy Hash: 5bbf1e420c6d35e74cf3dc52ac8524c125249fe93cd96b8356a902d1676aa3f2
            • Instruction Fuzzy Hash: A3D1ED31600686DFDB22EFA8C851AADBBF1FF89714F08894DF5459B352C7349989CB24
            Function 015DADE0 Relevance: 9.3, Strings: 7, Instructions: 573COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI$MZER
            • API String ID: 0-664215390
            • Opcode ID: f16d22328df52b4f610aecd3683bfd821a54e83e4b54050181576752f9d4f971
            • Instruction ID: f0e32db8a6c4fb80444ac08ee5348d3b8cb676b6e7d2c8f9b09b82d9cb78d685
            • Opcode Fuzzy Hash: f16d22328df52b4f610aecd3683bfd821a54e83e4b54050181576752f9d4f971
            • Instruction Fuzzy Hash: D43280759002698BEB32CB5CCC94BEEBBB6BF86340F1541E9D849AB351D7319E818F44
            Function 016589B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
            Download Yara Rule
            Strings
            • VerifierFlags, xrefs: 01658C50
            • AVRF: -*- final list of providers -*- , xrefs: 01658B8F
            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01658A67
            • VerifierDlls, xrefs: 01658CBD
            • VerifierDebug, xrefs: 01658CA5
            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01658A3D
            • HandleTraces, xrefs: 01658C8F
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
            • API String ID: 0-3223716464
            • Opcode ID: d354346c4f2cb0ac1f7ae0a32c337807201f63c4946ddce28e8958b186c0bff9
            • Instruction ID: 207fe2dfbc1ec9347ce3a6469a04cc8312342e603048b83a447dc3160d4f552d
            • Opcode Fuzzy Hash: d354346c4f2cb0ac1f7ae0a32c337807201f63c4946ddce28e8958b186c0bff9
            • Instruction Fuzzy Hash: 13910E72641706EFD362DF6A8C80B6A77EDBB94B14F04455CFE42AFA81D730A8018795
            Function 01654DD7 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrutil.c, xrefs: 01654E06
            • LdrpGenericExceptionFilter, xrefs: 01654DFC
            • Execute '.cxr %p' to dump context, xrefs: 01654EB1
            • LdrpProtectedCopyMemory, xrefs: 01654DF4
            • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01654E38
            • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01654DF5
            • ***Exception thrown within loader***, xrefs: 01654E27
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
            • API String ID: 0-2973941816
            • Opcode ID: 2bb76a1aa7b48124132bdeea6c786dd1b1954432f326726341805d5a367f2eee
            • Instruction ID: b163d6c932318700873e3ce56013cd2d1b2ded2aa89fa67c9116ba40808cc5e6
            • Opcode Fuzzy Hash: 2bb76a1aa7b48124132bdeea6c786dd1b1954432f326726341805d5a367f2eee
            • Instruction Fuzzy Hash: F4218E721481027FE3A49A6CDC89D767BADFF81A50F240148F911AE740DF50ED91D225
            Function 015DEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
            • API String ID: 0-1109411897
            • Opcode ID: f4afea5ca0398809f4ab676845d1825293480a174c707a7fc452bd70c70fe94b
            • Instruction ID: 278846a1f4309b6946608fe13122c933d1558eacd5dbc8fb870ef9af6f088a22
            • Opcode Fuzzy Hash: f4afea5ca0398809f4ab676845d1825293480a174c707a7fc452bd70c70fe94b
            • Instruction Fuzzy Hash: 70A21774A0562A8FDB74DF19CC887ADBBB5FB85304F1442EAD909AB251DB309E81CF40
            Function 016063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
            • API String ID: 0-792281065
            • Opcode ID: 7e486153c935c4d272732c9f52971c55bdd7c4db9cd10cb783a93e139453bffe
            • Instruction ID: 08b7e08c2e46199f3e99f26790becc0ab8f9b9ac172502a319dac44364d20d97
            • Opcode Fuzzy Hash: 7e486153c935c4d272732c9f52971c55bdd7c4db9cd10cb783a93e139453bffe
            • Instruction Fuzzy Hash: CB911471B013129FEB2ADF58DC46BBB7BA2FF40B14F15801CE9016B381DB60A811C7A9
            Function 015C645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
            Download Yara Rule
            Strings
            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01629A2A
            • apphelp.dll, xrefs: 015C6496
            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 016299ED
            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01629A01
            • minkernel\ntdll\ldrinit.c, xrefs: 01629A11, 01629A3A
            • LdrpInitShimEngine, xrefs: 016299F4, 01629A07, 01629A30
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-204845295
            • Opcode ID: 00e609b032b6a7e115ef3d8d8df5c9026d0849003ff25262c3df00ad787b916c
            • Instruction ID: c032676b8627e62ace0d91feb2f144ca6651c9d76f80d965713c5934c51daf8a
            • Opcode Fuzzy Hash: 00e609b032b6a7e115ef3d8d8df5c9026d0849003ff25262c3df00ad787b916c
            • Instruction Fuzzy Hash: 4751E1712087119FE724DF64DC85BAB77E8FBC4B48F40491DE9859B250DB70E904CBA2
            Function 01602674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01642180
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 016421BF
            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0164219F
            • RtlGetAssemblyStorageRoot, xrefs: 01642160, 0164219A, 016421BA
            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01642178
            • SXS: %s() passed the empty activation context, xrefs: 01642165
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
            • API String ID: 0-861424205
            • Opcode ID: ba62ca24eeca52eb7a4c2236e1e0f8bf822b08573daf98f76049b2226dbbaf09
            • Instruction ID: df5c18f2af716b30514d98c6047cafa249326d016dd84a5d537f77e3c242b787
            • Opcode Fuzzy Hash: ba62ca24eeca52eb7a4c2236e1e0f8bf822b08573daf98f76049b2226dbbaf09
            • Instruction Fuzzy Hash: 0C314876F4021177F7228A9A9CA5FAB7B79EF94A80F15405DFB047B280D7709E01C7A1
            Function 0160C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • LdrpInitializeImportRedirection, xrefs: 01648177, 016481EB
            • LdrpInitializeProcess, xrefs: 0160C6C4
            • Unable to build import redirection Table, Status = 0x%x, xrefs: 016481E5
            • Loading import redirection DLL: '%wZ', xrefs: 01648170
            • minkernel\ntdll\ldrredirect.c, xrefs: 01648181, 016481F5
            • minkernel\ntdll\ldrinit.c, xrefs: 0160C6C3
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-475462383
            • Opcode ID: 0be2365b53a9c58ecf22cea90ca64166d68c0d6c0dd9ce969add412fe29635f9
            • Instruction ID: ecc00595f1d75cca7eab0e2e89573a26ce74ab7abd34ace245a2292db2cd578f
            • Opcode Fuzzy Hash: 0be2365b53a9c58ecf22cea90ca64166d68c0d6c0dd9ce969add412fe29635f9
            • Instruction Fuzzy Hash: C831FF716447029FC324EA68DD86E2BBBA5BF94B10F05065CF981AB391E620EC04C7A2
            Function 00416C96 Relevance: 7.6, Strings: 6, Instructions: 89COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID:
            • String ID: $: $: $Host$Host: $Unknown
            • API String ID: 0-3527920956
            • Opcode ID: ca2a84aae5977f9a79efcca4d0259edcf242e1af3bc692640038c874db03e4b9
            • Instruction ID: f1cd631b048bbb4889564975b38741a7c39c98e60ecb489c9b58d4bda563616d
            • Opcode Fuzzy Hash: ca2a84aae5977f9a79efcca4d0259edcf242e1af3bc692640038c874db03e4b9
            • Instruction Fuzzy Hash: 3221B472904208AAD715CEE5DC81FEFB3A8DFC5314F04865EE9199B241C778A644C7E9
            Function 0161096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 01612DF0: LdrInitializeThunk.NTDLL ref: 01612DFA
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01610BA3
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01610BB6
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01610D60
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01610D74
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
            • String ID:
            • API String ID: 1404860816-0
            • Opcode ID: fa59496bd8542421f78b1931a914fc26bca662aa2a6ac3cc4ee196cd4a8a4420
            • Instruction ID: f77c40b0ee8fe5d168f60993b585c568c41a2908285222944f6c0fa1182f3f65
            • Opcode Fuzzy Hash: fa59496bd8542421f78b1931a914fc26bca662aa2a6ac3cc4ee196cd4a8a4420
            • Instruction Fuzzy Hash: 4C426B75900715DFDB21CF28CC80BAAB7F5BF48314F1885A9E989EB245D770AA85CF60
            Function 015DA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
            • API String ID: 0-379654539
            • Opcode ID: 6314c147566f5e3f9a214776b71d1fd8c0f976b1ec2ebb36f9fefb1989ff1198
            • Instruction ID: efb07aaefb91bd4066249e91879dcdfd3e473c3069a7f3b9ed03acf5881a27ee
            • Opcode Fuzzy Hash: 6314c147566f5e3f9a214776b71d1fd8c0f976b1ec2ebb36f9fefb1989ff1198
            • Instruction Fuzzy Hash: 4AC165755083828FDB21CF68C444B6BBBE4BF84704F04896EF9968B251E774CA49CB66
            Function 01608402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
            Download Yara Rule
            Strings
            • @, xrefs: 01608591
            • LdrpInitializeProcess, xrefs: 01608422
            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0160855E
            • minkernel\ntdll\ldrinit.c, xrefs: 01608421
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1918872054
            • Opcode ID: f1abc78098b79ee60da39d80a2a0e162be38f317aa608a54dba33b0718e972cc
            • Instruction ID: 59944b8c8c1456663656474180d0f56e52deb995272110f84f95f3b3a6d0ed7c
            • Opcode Fuzzy Hash: f1abc78098b79ee60da39d80a2a0e162be38f317aa608a54dba33b0718e972cc
            • Instruction Fuzzy Hash: 1C91AB71948346AFD722DE25CC91EABBAECBF84744F44092EFA8597181E330D904CB66
            Function 0160273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
            Download Yara Rule
            Strings
            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 016421D9, 016422B1
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 016422B6
            • .Local, xrefs: 016028D8
            • SXS: %s() passed the empty activation context, xrefs: 016421DE
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
            • API String ID: 0-1239276146
            • Opcode ID: a675a2877f98bd170df1fb0cedacd992827a3accd96477779a8b8814773d32c7
            • Instruction ID: 94f2e889ea092abc76f080262eb3a1647f474771911344da2cdc4a8fd47744e0
            • Opcode Fuzzy Hash: a675a2877f98bd170df1fb0cedacd992827a3accd96477779a8b8814773d32c7
            • Instruction Fuzzy Hash: E3A1D531900219DBDB29CF59DC98BAAB3B5BF58354F2541EDE908AB391D7309E81CF80
            Function 01604AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
            Download Yara Rule
            Strings
            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01643437
            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0164342A
            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01643456
            • RtlDeactivateActivationContext, xrefs: 01643425, 01643432, 01643451
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
            • API String ID: 0-1245972979
            • Opcode ID: 6709f9277ebbb15738b8362691c5b38d0390b03dc4f61598e6cc40d29c36d55e
            • Instruction ID: 7c8f149ca2fd339a42e925224934f1ff881e35319f71beeee13a0ca84f52829e
            • Opcode Fuzzy Hash: 6709f9277ebbb15738b8362691c5b38d0390b03dc4f61598e6cc40d29c36d55e
            • Instruction Fuzzy Hash: BD611232641A229FD73B8F1CCC81B6AB7E5BF80B50F14852DEA559B380DB30E841CB95
            Function 015D64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
            Download Yara Rule
            Strings
            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01631028
            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016310AE
            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01630FE5
            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0163106B
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
            • API String ID: 0-1468400865
            • Opcode ID: 6045b667fcfe47123ab470f6ff8908a30ad29ee5b6b097672147192f917fcd2e
            • Instruction ID: f47e02d50df4f761f22b68efab23bda4af12ca11fce554fc2a69c4ccc298e1ce
            • Opcode Fuzzy Hash: 6045b667fcfe47123ab470f6ff8908a30ad29ee5b6b097672147192f917fcd2e
            • Instruction Fuzzy Hash: D271BCB19043059FCB21DF68CC84B9B7BA9BF95764F84086CF9488B24AD734D589CB92
            Function 01604D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
            Download Yara Rule
            Strings
            • Querying the active activation context failed with status 0x%08lx, xrefs: 0164365C
            • LdrpFindDllActivationContext, xrefs: 01643636, 01643662
            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0164362F
            • minkernel\ntdll\ldrsnap.c, xrefs: 01643640, 0164366C
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
            • API String ID: 0-3779518884
            • Opcode ID: 732b893ecec534a6292be7fae035e840d56c79ba8d19c6411d64caebd5f17e41
            • Instruction ID: 93b2351e9e5e7a5026530446eef92faac17b644f0fec8d51c26a3c17da9ef57e
            • Opcode Fuzzy Hash: 732b893ecec534a6292be7fae035e840d56c79ba8d19c6411d64caebd5f17e41
            • Instruction Fuzzy Hash: 2331B623900612AFDF3BAA0CCC99A7BB6A4FB01654F46416ADB04673D1EFA0DC8087D5
            Function 015F245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
            Download Yara Rule
            Strings
            • apphelp.dll, xrefs: 015F2462
            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0163A992
            • LdrpDynamicShimModule, xrefs: 0163A998
            • minkernel\ntdll\ldrinit.c, xrefs: 0163A9A2
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-176724104
            • Opcode ID: 4fc423d0f624248bef8ef8c47f300d5cd715acff708d836148475e07c95d8bfc
            • Instruction ID: 574b27f3dc56f85adccc4817696a72afc61ff4963dcf20720b55951992d199be
            • Opcode Fuzzy Hash: 4fc423d0f624248bef8ef8c47f300d5cd715acff708d836148475e07c95d8bfc
            • Instruction Fuzzy Hash: 07315772A00202EFDB319F9DDC85ABA7BB5FBC0B04F56405DE951AB345C7B0A892D790
            Function 015E29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
            Download Yara Rule
            Strings
            • HEAP: , xrefs: 015E3264
            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 015E327D
            • HEAP[%wZ]: , xrefs: 015E3255
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
            • API String ID: 0-617086771
            • Opcode ID: 88c8f42843df72c2b0cf1a6a99bc70c897520f6771d7540c1f80bea33958739b
            • Instruction ID: 8223f460811620d8a4c159c5a25c3c0f2cc4cfabf23cf5fc46876cc2ce833095
            • Opcode Fuzzy Hash: 88c8f42843df72c2b0cf1a6a99bc70c897520f6771d7540c1f80bea33958739b
            • Instruction Fuzzy Hash: 7F92BC71E042499FDB29CF68C448BAEBBF5FF48300F188499E85AAB395D735A941CF50
            Function 015E0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-4253913091
            • Opcode ID: caef5b4c84690ecc3b32039e7f6603511361671d3da244bd06891e0b5b5e908f
            • Instruction ID: 7f73723b03cefce74beeaf1da692ce3934ecdaea192dd47606829f4654a4904a
            • Opcode Fuzzy Hash: caef5b4c84690ecc3b32039e7f6603511361671d3da244bd06891e0b5b5e908f
            • Instruction Fuzzy Hash: 11F1AE70B00606DFEB29CF68C898B6AB7F5FF84704F1485A8E5569B381D774E981CB90
            Function 015F6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $@
            • API String ID: 0-1077428164
            • Opcode ID: e12f33f19756ea708a6fd238f7845761cf9163af0a592a40e43c424a1e319a70
            • Instruction ID: 8d2db2bbfc6afa515623a8ca5c97eb3c31d05250c4011e409ee79f307cf9411e
            • Opcode Fuzzy Hash: e12f33f19756ea708a6fd238f7845761cf9163af0a592a40e43c424a1e319a70
            • Instruction Fuzzy Hash: E9C25E71A083419FE725CF28C841BABBBE5BFC8754F04892EFA899B251D734D845CB52
            Function 015CA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: FilterFullPath$UseFilter$\??\
            • API String ID: 0-2779062949
            • Opcode ID: dba4a570bfb9cba9d3e467cb9ed8b9c9ae472bb218c2fcbf111bb89f1726164b
            • Instruction ID: 8bc3c06dc80826c243a5d69660bae3a453715a5af14a364c1deefb4afc7c35e9
            • Opcode Fuzzy Hash: dba4a570bfb9cba9d3e467cb9ed8b9c9ae472bb218c2fcbf111bb89f1726164b
            • Instruction Fuzzy Hash: 97A16B719016399BDB319F68CC88BAEB7B9FF44710F1001E9EA09AB250E7359E84CF54
            Function 015F0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
            Download Yara Rule
            Strings
            • Failed to allocated memory for shimmed module list, xrefs: 0163A10F
            • minkernel\ntdll\ldrinit.c, xrefs: 0163A121
            • LdrpCheckModule, xrefs: 0163A117
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
            • API String ID: 0-161242083
            • Opcode ID: 6f6cfb38776ffeaf48cda2d7058cb09986631a99e8f165059d090c3e3ddccf6a
            • Instruction ID: af8285b24232374f1bea6f15dc9972297fa7ea0ec55c34317227ace07b727c52
            • Opcode Fuzzy Hash: 6f6cfb38776ffeaf48cda2d7058cb09986631a99e8f165059d090c3e3ddccf6a
            • Instruction Fuzzy Hash: E371DD71A002069FDB25DFA8CD81BBEB7F6FB84204F18442DE942DB392E734A941CB54
            Function 015E0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-1334570610
            • Opcode ID: 91c2d959a5c937c285231cc879f0939d7f2fea768c2cc0ed9febbc4a2094fe52
            • Instruction ID: abcb67c70ba2aaee64b925d5567e17a09c058c4bd3b1c305a175a96bb3539676
            • Opcode Fuzzy Hash: 91c2d959a5c937c285231cc879f0939d7f2fea768c2cc0ed9febbc4a2094fe52
            • Instruction Fuzzy Hash: F8617E70B003069FDB29DF28C844B6ABBE6FF45704F14855DE49A8F292D7B0E881CB95
            Function 0160C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
            Download Yara Rule
            Strings
            • Failed to reallocate the system dirs string !, xrefs: 016482D7
            • minkernel\ntdll\ldrinit.c, xrefs: 016482E8
            • LdrpInitializePerUserWindowsDirectory, xrefs: 016482DE
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1783798831
            • Opcode ID: 953740480f31fee6e144b228800ee8c913c43b23b3a90cd145d3bbcfa5ab66e0
            • Instruction ID: a58cefab2c3b28726643c4a49e0f7dbd708db43dce34d148186d5c3aaef31ae9
            • Opcode Fuzzy Hash: 953740480f31fee6e144b228800ee8c913c43b23b3a90cd145d3bbcfa5ab66e0
            • Instruction Fuzzy Hash: 6541F071550312AFC726EB68DC44B6B77E8FF84754F004A2AB949DB390EB74D8108B96
            Function 0168C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
            Download Yara Rule
            Strings
            • PreferredUILanguages, xrefs: 0168C212
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0168C1C5
            • @, xrefs: 0168C1F1
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
            • API String ID: 0-2968386058
            • Opcode ID: 2f203be837f82c67641619419718915a7883974fe42d3face9a6e2e5173d73c1
            • Instruction ID: 8119a7f6619b0abcf42ae2aa2b6c90e30a7eb3aebf406e60b3dd63d1f992e471
            • Opcode Fuzzy Hash: 2f203be837f82c67641619419718915a7883974fe42d3face9a6e2e5173d73c1
            • Instruction Fuzzy Hash: 94417471D0021AEBDF11EBD8CCA1FEEB7B9BB54704F14816AE609E7280D7749A44CB60
            Function 01664144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
            • API String ID: 0-1373925480
            • Opcode ID: 35f89072d2114541da5f590323750bd37bb27cbd2776f3f334eff9a229797666
            • Instruction ID: 956ff22dc23efbe6d748ab0177aa51a81a859c07f16998bde7aca58fea19879c
            • Opcode Fuzzy Hash: 35f89072d2114541da5f590323750bd37bb27cbd2776f3f334eff9a229797666
            • Instruction Fuzzy Hash: 4241EF31A00659CBEB26DBA9CC44BADBBFDFF95340F24045AD901AF781DB359941CB50
            Function 01654755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01654888
            • LdrpCheckRedirection, xrefs: 0165488F
            • minkernel\ntdll\ldrredirect.c, xrefs: 01654899
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-3154609507
            • Opcode ID: 1ecd4ec2ede2208e4a0a97077b06b6e1e11cdd82d69dcb80010b9830d261dfc4
            • Instruction ID: a09772f71106e4bcef0d71204cf1a6c73e76e123504cbbdd0a44eee0d84d1afc
            • Opcode Fuzzy Hash: 1ecd4ec2ede2208e4a0a97077b06b6e1e11cdd82d69dcb80010b9830d261dfc4
            • Instruction Fuzzy Hash: 1C41D132A042519FCBA1CE69DC40A367BE9BF49A50F0605ADED899B311FB30D890CB91
            Function 015E0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-2558761708
            • Opcode ID: bbc76f7c54d38fe40ccb1852f0048564f3083b4c6a99a55eb9c29338be8b0a0e
            • Instruction ID: fb7f33284b4ebc763a3fc3cc2ffea102ae320e9ece0320f55612c2fdb55175f9
            • Opcode Fuzzy Hash: bbc76f7c54d38fe40ccb1852f0048564f3083b4c6a99a55eb9c29338be8b0a0e
            • Instruction Fuzzy Hash: FF1189317561429FDB2DCA18CC59B6AB3E9FF80B16F18812DF4068F292DB74E842C755
            Function 016520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
            Download Yara Rule
            Strings
            • LdrpInitializationFailure, xrefs: 016520FA
            • Process initialization failed with status 0x%08lx, xrefs: 016520F3
            • minkernel\ntdll\ldrinit.c, xrefs: 01652104
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2986994758
            • Opcode ID: 34284f054ff1c330d44915f1ff129c765430bbc7ab47b157b53e0424fd008b3e
            • Instruction ID: d4d61b9c9c5626ce36b80ee66afb12afbb4c36a89fdb361351aae689ffcec541
            • Opcode Fuzzy Hash: 34284f054ff1c330d44915f1ff129c765430bbc7ab47b157b53e0424fd008b3e
            • Instruction Fuzzy Hash: 1FF0FF34640308AFE720E64CDC96FEA3B68FB40B44F14001CFB006B285D2A0A9508AA4
            Function 015E03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: #%u
            • API String ID: 48624451-232158463
            • Opcode ID: 4ac932cbcfcdb4e8e5c570e960ecc5a1d2400739119ac5f68367995be8899659
            • Instruction ID: a13b33bd23189430934764a026c8ff0af6f6da9311d16bd1e77aa0e2728bc652
            • Opcode Fuzzy Hash: 4ac932cbcfcdb4e8e5c570e960ecc5a1d2400739119ac5f68367995be8899659
            • Instruction Fuzzy Hash: C8713872E0014A9FDB05DFA8CD94BAEBBF8BF48744F144069E905AB251EB34ED01CB64
            Function 015DA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
            Download Yara Rule
            Strings
            • LdrResSearchResource Enter, xrefs: 015DAA13
            • LdrResSearchResource Exit, xrefs: 015DAA25
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
            • API String ID: 0-4066393604
            • Opcode ID: 80618d39b5e087790172b59a904bdea94effde7b08a28cf75181eb7bc7915c7a
            • Instruction ID: 3a9a097a116e6e5fe643da51e25e22041630e072e100346f9a7240e0a4cff2dc
            • Opcode Fuzzy Hash: 80618d39b5e087790172b59a904bdea94effde7b08a28cf75181eb7bc7915c7a
            • Instruction Fuzzy Hash: 37E14E71E00219AFEB22CF9DCD90BAEBBBABF84310F14452AE901EB351D7749941CB51
            Function 0169A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: `$`
            • API String ID: 0-197956300
            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction ID: 402b83c38501041fc4a692c998fcc5fd74af98bf3283eb634d265a84f46c567f
            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction Fuzzy Hash: 25C1BD312043429BEB25CF68CC45B6BBBEAAFC4718F184A2DF696CB290D774D505CB81
            Function 0164E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Legacy$UEFI
            • API String ID: 2994545307-634100481
            • Opcode ID: b3e7a34462924fb22b1b127b97b0a52e8335305794332089f19781f5ebdac9cc
            • Instruction ID: 7f6933957e709f82713fcef6407b2b793c8fa995afb8d76b83874a451e0ecd4e
            • Opcode Fuzzy Hash: b3e7a34462924fb22b1b127b97b0a52e8335305794332089f19781f5ebdac9cc
            • Instruction Fuzzy Hash: 7E614C71E006199FEB15DFA8CC80BAEBBB9FF44700F15446EE649EB251D736A901CB50
            Function 016743D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$MUI
            • API String ID: 0-17815947
            • Opcode ID: d280d2002ae20d41f90098efc4d8ffd2edf14c0fa89e96ac43136e2f6b3c44ce
            • Instruction ID: 406926e6b38be6ec93e4bcbefc3e524d567a5d6c037f626d9436a5dfa3593193
            • Opcode Fuzzy Hash: d280d2002ae20d41f90098efc4d8ffd2edf14c0fa89e96ac43136e2f6b3c44ce
            • Instruction Fuzzy Hash: 40510971E0021EAEEB11DFA9CC94AEEBBB9FB44754F140529E615B7290EB309905CB60
            Function 015D04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
            Download Yara Rule
            Strings
            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 015D063D
            • kLsE, xrefs: 015D0540
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
            • API String ID: 0-2547482624
            • Opcode ID: 415a46cfe549cc23e24a4d6eddeb3ffb580b6953870309e57c4455166efd18cc
            • Instruction ID: aaa9729e94dd991c79246414c8e6f6bd1663a9b6acf15f137108d8134edb2ed4
            • Opcode Fuzzy Hash: 415a46cfe549cc23e24a4d6eddeb3ffb580b6953870309e57c4455166efd18cc
            • Instruction Fuzzy Hash: 9551AC715047428FD734EF2CC4446ABBBE4BF85304F14483EEA9A8B281E770D545CBA2
            Function 015DA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
            Download Yara Rule
            Strings
            • RtlpResUltimateFallbackInfo Exit, xrefs: 015DA309
            • RtlpResUltimateFallbackInfo Enter, xrefs: 015DA2FB
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
            • API String ID: 0-2876891731
            • Opcode ID: cfb947df219cdbfff7c82b4ab1111fa1a5933a09d8ee11b8fc06a22d7e943cbf
            • Instruction ID: 80614b7bdc772418a25995f058fccd1effb81503ed9f4cd55676dacf27debf4b
            • Opcode Fuzzy Hash: cfb947df219cdbfff7c82b4ab1111fa1a5933a09d8ee11b8fc06a22d7e943cbf
            • Instruction Fuzzy Hash: E3417630A0464ADBDB29CF6DC890B6EBBB5BF85704F2444A9E901DF291EBB5D900CB50
            Function 0160A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Cleanup Group$Threadpool!
            • API String ID: 2994545307-4008356553
            • Opcode ID: 5cd1d554b5894c5285a88d2c25a0c51df11403c6ee4fc8fbeb7fe3cd59e68dfd
            • Instruction ID: fa332cc1ff9834ad2caea81e4bc88789375ac7671a133307473089a5b2c11c94
            • Opcode Fuzzy Hash: 5cd1d554b5894c5285a88d2c25a0c51df11403c6ee4fc8fbeb7fe3cd59e68dfd
            • Instruction Fuzzy Hash: 8B01D1B2260700AFD312DF54CD55F2677F8E785755F04893DA648CB290E374D804CB4A
            Function 015DC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MUI
            • API String ID: 0-1339004836
            • Opcode ID: f7c3154eb0c3072f392e7bb09de0386ddadc95ef849f43b2839d5c05d1633d5d
            • Instruction ID: a8909bccfe9fc2b86eafa7d8e9061fdadb1a5e3c4b583c6e9fdc7c7dbccff300
            • Opcode Fuzzy Hash: f7c3154eb0c3072f392e7bb09de0386ddadc95ef849f43b2839d5c05d1633d5d
            • Instruction Fuzzy Hash: 4C823975E002598BEB35CFADC880BEDBBB5BF48310F148169E959AF391DB709981CB50
            Function 01656420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 6105904c2b98601f28fc5f7d50397578a6e19ef7b4b01ee7b39ce37e99b34208
            • Instruction ID: 22209e6821cd249604adc680a92496fa4125d942b7f5bdb6b2aebaae02e6d900
            • Opcode Fuzzy Hash: 6105904c2b98601f28fc5f7d50397578a6e19ef7b4b01ee7b39ce37e99b34208
            • Instruction Fuzzy Hash: F2916072A4121AAFEB21DF95CC85FAE7BB8FF54750F500059FB01AB290D774A900CBA0
            Function 0160A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: GlobalTags
            • API String ID: 0-1106856819
            • Opcode ID: 105e15a1662bd01f7bc09cc1845c81fa309651f8c570c10cabc49330757e7d06
            • Instruction ID: 564ff6b549f6eeb40bbbff72a2ce43e164b5c845bf941577b22350874847d338
            • Opcode Fuzzy Hash: 105e15a1662bd01f7bc09cc1845c81fa309651f8c570c10cabc49330757e7d06
            • Instruction Fuzzy Hash: F9716EB5E0021ADFEF28CF9CD9906ADBBB1BF89754F14812EE505AB341E7319941CB60
            Function 01674978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .mui
            • API String ID: 0-1199573805
            • Opcode ID: 4cb2629b04e84fc1a5e09c29e6494b10e64299dad0901b7e14ba17dd60232107
            • Instruction ID: 021dab8d6e31096e3f14a118f0ad7b4a44ecedbc0a9aff0532d448402078eb9e
            • Opcode Fuzzy Hash: 4cb2629b04e84fc1a5e09c29e6494b10e64299dad0901b7e14ba17dd60232107
            • Instruction Fuzzy Hash: AB519472D0022A9BDB15EF99DC48AAEBBB4BF54A10F05416AED11BB354DB349C01CBE4
            Function 015EE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: EXT-
            • API String ID: 0-1948896318
            • Opcode ID: a5b848e79818e0d678388734c24be606c02576a656c00f3d75fdce497c39c191
            • Instruction ID: 73e79b5e8900ed2ead130db56cde48e154edf25815031b8615e31811c6587ecc
            • Opcode Fuzzy Hash: a5b848e79818e0d678388734c24be606c02576a656c00f3d75fdce497c39c191
            • Instruction Fuzzy Hash: 8541EF729683529BD718DA78D849B6FBBE8FFC8704F04092DFA84DB180E674D904C796
            Function 015CCDEA Relevance: 1.4, Strings: 1, Instructions: 138COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AlternateCodePage
            • API String ID: 0-3889302423
            • Opcode ID: 397a0297b53e4252da2b3ae0fc57aed3d9adf9020fcc9961bdb1f847ee07c9c7
            • Instruction ID: 5fd6d14c43b5dbbe91f7759b1705487438f3a5c8ee2c30d26d11555aa160bfba
            • Opcode Fuzzy Hash: 397a0297b53e4252da2b3ae0fc57aed3d9adf9020fcc9961bdb1f847ee07c9c7
            • Instruction Fuzzy Hash: 9041F072D00619AADF25DFD8CC80AAFBBB8FF85610F14415EE916F7640D7B49A41CA50
            Function 0164C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryHash
            • API String ID: 0-2202222882
            • Opcode ID: 157b99d5ea2fb2d8543ffb8d75079a4af0e222ef4231ea9c57e7f16ec1220603
            • Instruction ID: 5cb63e295e840f45e5db60f3eb16cac999be3b77937c2995baf2e6946b4189ae
            • Opcode Fuzzy Hash: 157b99d5ea2fb2d8543ffb8d75079a4af0e222ef4231ea9c57e7f16ec1220603
            • Instruction Fuzzy Hash: CC4145B1D0152DAFDB21DA60CC84FDEB77DAB44714F0145E9EA08AB240DB709E89CF98
            Function 01666B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: #
            • API String ID: 0-1885708031
            • Opcode ID: 7ccf7b5eb591476514fad241225672178b80cbc4f6a03668733f7cb29e6f5054
            • Instruction ID: 53f648b12dc243cd5b43ad1445735f01f80d405d5bcc2d5ef5944d0e2d462a88
            • Opcode Fuzzy Hash: 7ccf7b5eb591476514fad241225672178b80cbc4f6a03668733f7cb29e6f5054
            • Instruction Fuzzy Hash: 9C312631E00B099FEB22CB69DC50BAE7BACEF44704F144068E941AB286DB75EC15CB94
            Function 0164CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryName
            • API String ID: 0-215506332
            • Opcode ID: 41febc79d2b34ed635cfef6d86a3d10f9586412ddde56c5c146f64894e04b130
            • Instruction ID: 5e8b081b6f9654cfd4e1e9613fb3d6e62e1d6857e2b019a6896852ac10a3480a
            • Opcode Fuzzy Hash: 41febc79d2b34ed635cfef6d86a3d10f9586412ddde56c5c146f64894e04b130
            • Instruction Fuzzy Hash: F731313690251AAFEB16CA59CC54EAFBBB4FF80720F014069E905AB350D7309E00DBE0
            Function 0165892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
            Download Yara Rule
            Strings
            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0165895E
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
            • API String ID: 0-702105204
            • Opcode ID: 164d8d34a53240cfa0b06e11d762e6787f98b59b7fce782a60ee669f996d5d77
            • Instruction ID: 7de541ab1334f7e9c1a207f1127c818381ec61bd4b38c82b47e337dce9791d41
            • Opcode Fuzzy Hash: 164d8d34a53240cfa0b06e11d762e6787f98b59b7fce782a60ee669f996d5d77
            • Instruction Fuzzy Hash: 9401F7313102129FE7745E5F8C84A767BBAFFC5794F04101CFA421BA51CB206841C796
            Function 01672000 Relevance: .8, Instructions: 757COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4bb080cf4bfa50a8053e8860ffb9a088d8b1eae5507c2821c3d91587945c8d0d
            • Instruction ID: 3f4214a501a697ad94536fd36d502da6bf8c90f984a4282d6a3f5f1d834a0111
            • Opcode Fuzzy Hash: 4bb080cf4bfa50a8053e8860ffb9a088d8b1eae5507c2821c3d91587945c8d0d
            • Instruction Fuzzy Hash: C342D1726083419FE725CF68CCA0A6BBBE5BF88700F19492EFA8697350D731D945CB52
            Function 01668158 Relevance: .6, Instructions: 617COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: aafb10c09c1e0b7924b78642c9edcd8a0053d67effa9ac6fa521973812b351ed
            • Instruction ID: 41822fe19af11f07f40c2a44f5c6341e4de67959d5263823bf3b5fd29e57c9fd
            • Opcode Fuzzy Hash: aafb10c09c1e0b7924b78642c9edcd8a0053d67effa9ac6fa521973812b351ed
            • Instruction Fuzzy Hash: 3D422A75A103199FEB24CF69CC81BADBBF9BF88300F158199E949EB242D7349985CF50
            Function 015E2840 Relevance: .6, Instructions: 605COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c7650543fa8682e247ec86c80aec8db3e4b83f4b29f44bb2bb67f6561ba2826d
            • Instruction ID: 40991c773750b7e973171abac1c007b82d56db90a705fd300b3019bb23fc66ea
            • Opcode Fuzzy Hash: c7650543fa8682e247ec86c80aec8db3e4b83f4b29f44bb2bb67f6561ba2826d
            • Instruction Fuzzy Hash: 1732BB70A00756ABEB29CF69CC447BEBBF6BF84304F24811DD5869B385D735AA42CB50
            Function 0167A118 Relevance: .6, Instructions: 591COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb7cd549ad28fc43ed39f32112c0ac2f1e299fee3d255cc66982f006263e44a3
            • Instruction ID: bd77aad5dc70223c45ab37015eeb4ea236569752c1369a44e34c754f52b0b977
            • Opcode Fuzzy Hash: fb7cd549ad28fc43ed39f32112c0ac2f1e299fee3d255cc66982f006263e44a3
            • Instruction Fuzzy Hash: AD22C1742046618FEB25CFADC89437ABBF1AF44300F1C8599E9968F386E735D492CB61
            Function 015D6A50 Relevance: .5, Instructions: 548COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4539cbbaf12c6b29993855e4f310aa546b137f0c7710acab8946577f15cf4715
            • Instruction ID: ff0aa990c6965bd93de0ae21316ed79e54e8fffced9df4c4084e58d4e527393a
            • Opcode Fuzzy Hash: 4539cbbaf12c6b29993855e4f310aa546b137f0c7710acab8946577f15cf4715
            • Instruction Fuzzy Hash: 05326B71A05215CFDB25CF6CC880AAEBBF1FF88310F148569E956AB391D774E842CB91
            Function 015F4A35 Relevance: .4, Instructions: 423COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction ID: e41cf60b1f53f8aa3e78547917bc1e8de6ee0b8d41c2d0d22b43139602c47ab1
            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction Fuzzy Hash: FDF13C71E0021A9BDB15CF99D980BAEBBF5BF88710F09856DEA05EB341E774D841CB60
            Function 0166892B Relevance: .4, Instructions: 386COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6d5350dc47a1c7d8a4ee8bfd73f0bdea35bf9c5d144f4652ae5ab5a37a618f77
            • Instruction ID: 84fc1f5ab52be007947ee45a990bf57075841fee66fb499f7a847bddcbfc1a87
            • Opcode Fuzzy Hash: 6d5350dc47a1c7d8a4ee8bfd73f0bdea35bf9c5d144f4652ae5ab5a37a618f77
            • Instruction Fuzzy Hash: C8D1C072E0070A9BDF15CF69CC41ABEB7FEBF88304F188169D955A7241E735E9068B60
            Function 015D65D0 Relevance: .4, Instructions: 383COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f87a5a698f526fc6c00acdd6b2d93425f6fb2e7c6391e04985fcd449682fd2e7
            • Instruction ID: a5d6985b40b8b67a67f504d61b4a185631f4a01dc9ddcb517b4634b422f2d5cf
            • Opcode Fuzzy Hash: f87a5a698f526fc6c00acdd6b2d93425f6fb2e7c6391e04985fcd449682fd2e7
            • Instruction Fuzzy Hash: 09E17F71508342CFC725CF2CC590A6ABBE1FF89314F05896DE9998B351DB31E946CB92
            Function 015C8397 Relevance: .4, Instructions: 380COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 59ddd2be5a25ca547c3959f5f42b8612263991816d73f90f148dc8546cde1ee1
            • Instruction ID: 04adcca6022f1fff4e1cf765e0e45e62b74f879e42b4361fec1e85c7074eb404
            • Opcode Fuzzy Hash: 59ddd2be5a25ca547c3959f5f42b8612263991816d73f90f148dc8546cde1ee1
            • Instruction Fuzzy Hash: D0D1B171A006269FDB24DFA8CC90ABEB7E5FF94B04F04462DE9169F280E734E955CB50
            Function 01658243 Relevance: .3, Instructions: 322COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction ID: 7d20a0bdc503d1cb23830bc91a302f2f33eca050462f7636a908fab32064c0a7
            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction Fuzzy Hash: 85B18374A006059FDB64DF9ACD40AABBBBEBF84344F10845DAE4297B91DB34E906CB50
            Function 015E0535 Relevance: .3, Instructions: 300COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction ID: 0a5ca3e9242c62c40f59508265bfe5645af5786e043cbcd9d8ee1b86eb43c968
            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction Fuzzy Hash: D5B1E531B006469FDB19DBA8CC54BBEFBF6BF84200F284599E5529B385DB70D941CB90
            Function 015F0DE1 Relevance: .3, Instructions: 295COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2cbe5774101bf12b9e07a8df0d1d7b7914ee8e146db3c08ff127bbcdc880a77f
            • Instruction ID: 14da1a10f7e14c1b53ce912ddff4137e482c61d2d302a5b09849e83b6e75d757
            • Opcode Fuzzy Hash: 2cbe5774101bf12b9e07a8df0d1d7b7914ee8e146db3c08ff127bbcdc880a77f
            • Instruction Fuzzy Hash: CCC12C70E0025ADFDB25DFE9C884AADBBB6FF84304F14412DE616AF286D771A941CB50
            Function 015D83C0 Relevance: .3, Instructions: 281COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1949f111ed0ca27d14aca48152e7a0d2b151c6d21e836d71630fdb9b94b37bdb
            • Instruction ID: 2308070ee60aa8d7f2470d4db91006fb8407e2efb574d0adfc729676e020996d
            • Opcode Fuzzy Hash: 1949f111ed0ca27d14aca48152e7a0d2b151c6d21e836d71630fdb9b94b37bdb
            • Instruction Fuzzy Hash: F5C157741083419FD764CF19C884BAABBE5FF88304F44496DE9898B391E775E908CF92
            Function 015CC427 Relevance: .3, Instructions: 280COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 364a69e58c81bdd258812143276832c663fb113fd434a1c768f34b4ee42c8a05
            • Instruction ID: 3f1aba1c37627a4c1e029ea93038aa2ffcc89c12decc01d9b508dbc5499cb2a3
            • Opcode Fuzzy Hash: 364a69e58c81bdd258812143276832c663fb113fd434a1c768f34b4ee42c8a05
            • Instruction Fuzzy Hash: B6B16E70A006668FDB24DFA8C990BA9B3B5BF54700F0485EDD50EAB281EB749D85CF24
            Function 015FE5E7 Relevance: .3, Instructions: 278COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6d17137be4a1f6d7d03fab90eb8af5a32606ceb53e20498d79f8ac53029b6b85
            • Instruction ID: e3ff295311dc6d1d977d8402c0faec7eeae6e30db8f794a982064f4de211bbb7
            • Opcode Fuzzy Hash: 6d17137be4a1f6d7d03fab90eb8af5a32606ceb53e20498d79f8ac53029b6b85
            • Instruction Fuzzy Hash: 69A12631E402599FEB21DB98CC45BAEBBB5FF40754F0601A9EB01AF2A1D7749D40CB92
            Function 01610185 Relevance: .3, Instructions: 276COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a909a066d60394a1d729194be2a0f02230c17a0001b25374fc38ad658a6c5798
            • Instruction ID: 0915a0f6bc1a37007e16cad14169eb7b34bd2a0f8e551955cc1a4b3c921454e3
            • Opcode Fuzzy Hash: a909a066d60394a1d729194be2a0f02230c17a0001b25374fc38ad658a6c5798
            • Instruction Fuzzy Hash: 57A1BF70B41616DBEF25CF69CD90BAAB7B1FF58318F084029EA4597385DB34E852CB90
            Function 016A4500 Relevance: .3, Instructions: 275COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d22deec9cee819a24f0a23a471f08406552ae5a8820c659ddcfe33f1a014f679
            • Instruction ID: 5f6b0cf283a34ba784b6267c3c267a73a33a611ed8e71b9fbd8d07c881efb1b2
            • Opcode Fuzzy Hash: d22deec9cee819a24f0a23a471f08406552ae5a8820c659ddcfe33f1a014f679
            • Instruction Fuzzy Hash: 8CA1BB72A102529FC725DF18CD80B2ABBE9FF98704F890528E5899B751DBB4EC11CF91
            Function 016560E0 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 16b2b19d8a5f5111462da2779569ae0711138b7ba4f8ef6ceabcdbf7a7089672
            • Instruction ID: 1b290e03713d1c8ece7836d6382cc717c7b0dceb0fe02cba1fe1ece0ed0bdf0b
            • Opcode Fuzzy Hash: 16b2b19d8a5f5111462da2779569ae0711138b7ba4f8ef6ceabcdbf7a7089672
            • Instruction Fuzzy Hash: 98918D71E00216AFDF55CFA8DC84BBEBBB5AF48750F5541A9EA10AB341D734E900CBA0
            Function 015EE3F0 Relevance: .3, Instructions: 261COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 707f4349b0e320d5234ab7c94ee0b9fb01fb3b5eac3bec60e31873ab54423d50
            • Instruction ID: 74a514a14a6ef6d69e7824782265389216dfce653b7d227f358851a993073f90
            • Opcode Fuzzy Hash: 707f4349b0e320d5234ab7c94ee0b9fb01fb3b5eac3bec60e31873ab54423d50
            • Instruction Fuzzy Hash: 25911131E106168BEB289B69C889B7EBBE2FFD4714F05446AE9059F380E774D901CB51
            Function 01626ACC Relevance: .2, Instructions: 226COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f8efdc9446e2a35f06a65512b80833ba321a327b227bb9305310ea04fafde4bc
            • Instruction ID: 31440f532ed7951364678e2456dde0fedb941f25452f87cad1efa879029ec3e9
            • Opcode Fuzzy Hash: f8efdc9446e2a35f06a65512b80833ba321a327b227bb9305310ea04fafde4bc
            • Instruction Fuzzy Hash: 3F8194B1E0062A9FDB18CF69C940ABEBBF9FB48700F14852EE855D7640E734D951CBA4
            Function 0169AB40 Relevance: .2, Instructions: 222COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction ID: cb2d5294d639451f88ccf1407bad651b9daf93c13bd843d0582d7bb038ee1539
            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction Fuzzy Hash: F3819172A0021A9FDF19CF98C890AAEBBFABF84310F14856DD9169B344D734E901CB44
            Function 015C6D10 Relevance: .2, Instructions: 216COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c3c66dbf7de1d7fb6b9f292a77310bf1e39f5ef93756ba398f9cb5e05de5a0a6
            • Instruction ID: ed152e49ad1ec8c796fd1f5442811789618845b20579e16a3f272f215de33fbd
            • Opcode Fuzzy Hash: c3c66dbf7de1d7fb6b9f292a77310bf1e39f5ef93756ba398f9cb5e05de5a0a6
            • Instruction Fuzzy Hash: 3C717D76604A729BDB21DE29CD80B6AB7E8FFC4358F044929E955DB300E730E9458F92
            Function 0160E284 Relevance: .2, Instructions: 212COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2c077353019f14d4e628fff30e014e52f3f4cbedff1315f1a5e5588162a478fb
            • Instruction ID: 6e693a6c7a55ee6e3111134e6eb63e35ac8586609eee4cc73f625e4a308b68dd
            • Opcode Fuzzy Hash: 2c077353019f14d4e628fff30e014e52f3f4cbedff1315f1a5e5588162a478fb
            • Instruction Fuzzy Hash: 1A814171A006199FDB2ACFA9C880AEFBBBAFF48354F14482DE555A7250D731AC45CB50
            Function 015EC640 Relevance: .2, Instructions: 206COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6893f6d78f283f0a29bf56ffc4bb09e1c104200b66295dab232174ff854aef77
            • Instruction ID: 120489422b346606454cbbbd863f23c67711be136b0b8a2d184a375f4f16f381
            • Opcode Fuzzy Hash: 6893f6d78f283f0a29bf56ffc4bb09e1c104200b66295dab232174ff854aef77
            • Instruction Fuzzy Hash: 6C719BB6D046659FCB298F59C9947FEBBF5FF88710F14461AE942AB350D734A800CBA0
            Function 01668D6B Relevance: .2, Instructions: 206COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ac13a4403cb5854bb4685f5121e88380f8d41f7fe13517e3450a593a79f78059
            • Instruction ID: df25ef227f30bf5e031c0cefe438ad74c65e9043024ee20704de8434acdbf510
            • Opcode Fuzzy Hash: ac13a4403cb5854bb4685f5121e88380f8d41f7fe13517e3450a593a79f78059
            • Instruction Fuzzy Hash: 9571C0709042569FCB15CF6DCC40ABABBF9EF99304F088099E994DB311E335EA45C7A0
            Function 0165035C Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction ID: 97c5b0e80a9f4434943e3a6c2329cfcb3fd3994e8fa3cf90fbc6dfeb6e09ff21
            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction Fuzzy Hash: 6A716E71E0060AEFDB54DFA9C984A9EBBF9FF88704F144569E905AB250DB30EA41CB50
            Function 016662A0 Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 81382f92638936d9dc8c3f3f7cc8f6cfee16a3de021e75560245a28c45b6074c
            • Instruction ID: e27f721679b8999d5d82e5f001594a3722a8a7baf7d5ccd23459d836103a3519
            • Opcode Fuzzy Hash: 81382f92638936d9dc8c3f3f7cc8f6cfee16a3de021e75560245a28c45b6074c
            • Instruction Fuzzy Hash: 5471D032200702AFEB229F18DC54F66BBFAFF40764F14852CE6569B2A0D775E944CB50
            Function 015D8AA0 Relevance: .2, Instructions: 197COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a868e9e5ba958b5a992a4069a1ee9e2abf519db9e72c879a64a5996042e7560f
            • Instruction ID: 7e19fc70f4e4c84d2e1034c1cd942b79917b01cd66c3a08ea57b4b28a1bdcdd4
            • Opcode Fuzzy Hash: a868e9e5ba958b5a992a4069a1ee9e2abf519db9e72c879a64a5996042e7560f
            • Instruction Fuzzy Hash: 8B817A72A043168FEB25CF9CDDA4BAEB7B1BF88314F15912DD910AB285CB749D41CB90
            Function 0160CDB1 Relevance: .2, Instructions: 197COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7a2048b4ceebb0a2643afad6a951b87b744ef1e625da5c5e5500f064479b38b6
            • Instruction ID: 62dd4a2338b512e6fd897d2abcb210aeb747110aa7dd8fc83b501521bdc280b6
            • Opcode Fuzzy Hash: 7a2048b4ceebb0a2643afad6a951b87b744ef1e625da5c5e5500f064479b38b6
            • Instruction Fuzzy Hash: 00619F71A00206DFCB1ADFA8CC90AAEB7B9FF49314F144669EA11EB391D7709D41CB54
            Function 015FEDD3 Relevance: .2, Instructions: 166COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cd7fc3e4683910faedb5c0137cdf8acccbe60ca734e5a3450e1852d218c01e18
            • Instruction ID: 0b5cf34692bdad08a5d6a643a895267c99e5ab1d06869afe0506839dac18be24
            • Opcode Fuzzy Hash: cd7fc3e4683910faedb5c0137cdf8acccbe60ca734e5a3450e1852d218c01e18
            • Instruction Fuzzy Hash: 1D51C171A007429FDB35DF59C885A2BB7F9FB80709F11082EE2028B661D7B4E844CB91
            Function 015FCDF0 Relevance: .2, Instructions: 165COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6851680e3e689f07d8311deac1a97bfa9ae5f47be04d730b0759b45304561ce1
            • Instruction ID: 9e32cd2e622054822895948f74876c127dad6fdfb2f76f8eb954076a61a6526e
            • Opcode Fuzzy Hash: 6851680e3e689f07d8311deac1a97bfa9ae5f47be04d730b0759b45304561ce1
            • Instruction Fuzzy Hash: 76515175E0060ADFCF15CF5CC980AEDBBF1FB88210F198569DA25AB340D735A941CB64
            Function 01698DAE Relevance: .2, Instructions: 162COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cde000475e0190be1bd81e5dbfe1b5cd35595b8eab8d73e7ee3f2213a20efd3
            • Instruction ID: 5bec962bc65ea5a7c5e8761387534976760e151cdddb1eea360f0d3df872b41d
            • Opcode Fuzzy Hash: 3cde000475e0190be1bd81e5dbfe1b5cd35595b8eab8d73e7ee3f2213a20efd3
            • Instruction Fuzzy Hash: A551BD7260430A9BDB11DF28CC40BAAB7EAEF95350F04892DF98597291D734E909CB96
            Function 0160E443 Relevance: .2, Instructions: 158COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cb0a31510e8cdaa89f1c2b6a24aa77d15fe3958811b7d82787c4092ccae5aeb6
            • Instruction ID: f1f8dd5da2c5bbe4c975db628a6bcff1aae6bf23acd079e264d38657f098dc12
            • Opcode Fuzzy Hash: cb0a31510e8cdaa89f1c2b6a24aa77d15fe3958811b7d82787c4092ccae5aeb6
            • Instruction Fuzzy Hash: 3851AA31640A16DFCB26EFA9CD80EABB3F9FF58744F410869E546872A0D732E911CB50
            Function 015F45B1 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction ID: b4b7a0ff535bce7eb22cc80e26bce6a1a7261a5fdc01f0921b2d9be73b4a95ae
            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction Fuzzy Hash: 68517B75E0121AABDF15DF98C840BAFBBB9BF85354F14406DEA01AF250E734DA45CBA0
            Function 0165E9E0 Relevance: .2, Instructions: 154COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction ID: ec6a1d0f77f2419896b86111be45d7b317cd437ba3f6061cb137bee495060c4d
            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction Fuzzy Hash: 7951A471D0020AAFEF619E94CD94BAEFB75AB00325F154669DD12A7290E7329F41CBA0
            Function 01698B28 Relevance: .2, Instructions: 152COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb3c658fc7e763af244e7f41f47bc15c5d84d698aadef480992a00fa9c2ba01d
            • Instruction ID: 93906c1a64ba6c8d58693c2846a96d2ce8d95d35021d99050abccc74b85eee53
            • Opcode Fuzzy Hash: fb3c658fc7e763af244e7f41f47bc15c5d84d698aadef480992a00fa9c2ba01d
            • Instruction Fuzzy Hash: 1A41F4717016499BDF29DB2DCC94F3BBB9EEF92220F088219E91587385DB30D801C791
            Function 0165CBF0 Relevance: .1, Instructions: 148COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3074131916d801b1b3f0ffad0173a8318d3ff356ee204b2b275d3ea8d232a56b
            • Instruction ID: 25b2dc8347f83f5b3080e8df2874e3d634978a15ca54ceb1ff1a239170d26465
            • Opcode Fuzzy Hash: 3074131916d801b1b3f0ffad0173a8318d3ff356ee204b2b275d3ea8d232a56b
            • Instruction Fuzzy Hash: EC517A7290031ADFCB60DFA9CD909AEBBB9FF88358F154619D946A7304D770AD01CB90
            Function 0160A430 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4a09fcf08b0683e474445be57b56c09e03e16d418f5d269cad146a48d6d13f9c
            • Instruction ID: 6866f9272ab8bd6bdc2ed7d0de5b6b00ff087412042f4cdb22392de4d48e7d6a
            • Opcode Fuzzy Hash: 4a09fcf08b0683e474445be57b56c09e03e16d418f5d269cad146a48d6d13f9c
            • Instruction Fuzzy Hash: 384113716403029FCB2FEFA8DC81B7B776ABB56748F01502DED429B281D7B69810CB95
            Function 0169A9D3 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction ID: 5821e76cbc36798d1f43ad1b99c2958c0aa809e3c0758c8fe3dcae18b3e9f6e6
            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction Fuzzy Hash: F241B231A017169FDF25CFA8CD84A6AB7EDFB80214B05462EED528B344EB34ED05C794
            Function 016001F8 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9857c24eb3d1dc313f067e9ab2265e9e066c26e1ea508187ae4aee36315e033a
            • Instruction ID: 12893713d2d106543c5716c24b61aad13bf85f8449c8dd47c1d964cb3c0fd6c5
            • Opcode Fuzzy Hash: 9857c24eb3d1dc313f067e9ab2265e9e066c26e1ea508187ae4aee36315e033a
            • Instruction Fuzzy Hash: 9641AD369002169BDB1ADFA8C840BEEB7B5BF48750F14816AF915E7380E7359D41CBA4
            Function 015FEBFC Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 043b18f54e2e0dc0be5b98cd9bfc8fc8f52922e292fea09f9eba8841e7ce2ed6
            • Instruction ID: c0684afdbf563e6704d235d9e76b94ded0cac422a050eaa40daa086b7512741d
            • Opcode Fuzzy Hash: 043b18f54e2e0dc0be5b98cd9bfc8fc8f52922e292fea09f9eba8841e7ce2ed6
            • Instruction Fuzzy Hash: 1B41D2726003029FD725DF28CC89A2BB7E9FF88314F01486EEA56CB765DB71E8448B51
            Function 01612750 Relevance: .1, Instructions: 137COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction ID: 783759d99dd5d99f4259132085148dee887a17775a38e5749d18b355c43c909d
            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction Fuzzy Hash: 7E516A75A41215DFDB15CF98C880AAEF7B2FF84710F2881A9D916EB351D730AE42CB90
            Function 015D6154 Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b88ed1b28278654512e92232dbcd71197317eaffb14a9c6d44a193efcc6a2b5
            • Instruction ID: 67482b34a8670b270889295d96c7cbc5c6cc6377ec0f6a5e035955af56e95d33
            • Opcode Fuzzy Hash: 3b88ed1b28278654512e92232dbcd71197317eaffb14a9c6d44a193efcc6a2b5
            • Instruction Fuzzy Hash: C451BE709002179FDB39CB6CCC04BA9BBB5FF55314F1482A9E529AB2D1D7749982CB84
            Function 015D0BCD Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 32a83c3e655da32362df6a05e5ddf328d1f6e981cc0be370d338d44f24c21826
            • Instruction ID: 3da4bcbc861b8c99da3a5cea5c446640fa15963476de10b42a63d30930aed827
            • Opcode Fuzzy Hash: 32a83c3e655da32362df6a05e5ddf328d1f6e981cc0be370d338d44f24c21826
            • Instruction Fuzzy Hash: 9C419E76A006299ACB31DF6CCD40BEAB7B8BF45740F0104A9E908AF291D7749E80CF91
            Function 015D0D59 Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ea5e57cb790d30320d744e770fe3dc0fdfffcc7222e58ad2985aec2fb2f31aef
            • Instruction ID: 0ca8a7c3f4990c551e593da1dd2849ad6696679cd863309557ea43a5ea92963e
            • Opcode Fuzzy Hash: ea5e57cb790d30320d744e770fe3dc0fdfffcc7222e58ad2985aec2fb2f31aef
            • Instruction Fuzzy Hash: EB41AF71A007199FEB31DF29CC80B6AB7AAFB95714F04449AF9459B281D7B0ED40CB91
            Function 0169866E Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction ID: 948dd4f492cb252309ba2a3c653efac78d637cdb45eb8e1a1e2d3f0c238d0dfd
            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction Fuzzy Hash: 1341A475B00219ABDF15DF99CC84ABFBBBEAF89610F144069E904AB341D770DD01C7A0
            Function 015D0887 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f82a866eeefdc4157202ddedd6f6e996bd70ecec8c6a208823f07e9d98f115d5
            • Instruction ID: 0159b66651f0e0552eb87c911d992632e64e12152d4731a044d51838b7a5ccf3
            • Opcode Fuzzy Hash: f82a866eeefdc4157202ddedd6f6e996bd70ecec8c6a208823f07e9d98f115d5
            • Instruction Fuzzy Hash: CE41B1B16007029FE735CF2DC880A26B7F9FF89314F144A6DE5568BA90E731E846CB90
            Function 015FA470 Relevance: .1, Instructions: 127COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1b6cc7fdc6cd0bc0c922d69d118b538592f7b25b8a7aa6984f6dddf0d3174ad4
            • Instruction ID: 5932d8547f016929dba48a56e88c21d922eb2c30545204dfd6bd262f1ffbf28f
            • Opcode Fuzzy Hash: 1b6cc7fdc6cd0bc0c922d69d118b538592f7b25b8a7aa6984f6dddf0d3174ad4
            • Instruction Fuzzy Hash: 8E41DD32940206CFDF25DF6CCDA87AE7BF0FB98350F041559D625AB285DB319900CBA1
            Function 015D8BF0 Relevance: .1, Instructions: 124COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d0e5f59665f53a38730a72272e3401fed5be96cc98fd855bfd3f70ace0845e17
            • Instruction ID: af47c3b0a15a0b1852c261db8a548c3b44fac29adc03731148566c1189b4f763
            • Opcode Fuzzy Hash: d0e5f59665f53a38730a72272e3401fed5be96cc98fd855bfd3f70ace0845e17
            • Instruction Fuzzy Hash: F941B832A01216CFE734DF5CCC90A6ABBB6FBD4604F14802AD9119F265DB75D842CB90
            Function 015C8918 Relevance: .1, Instructions: 123COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 850890394a2121bf11748a5049211f92b47041c3a54956d18843ccc590e9cd20
            • Instruction ID: 25c0b4c8bd3dc52171ffccac3fcabc17d29aea4eb2904a0cdaeea4b067fd3630
            • Opcode Fuzzy Hash: 850890394a2121bf11748a5049211f92b47041c3a54956d18843ccc590e9cd20
            • Instruction Fuzzy Hash: C7415B315187169ED312DF69C840AABB7E9FF84B54F40092EFA85DB250E731DE148BA3
            Function 015CA020 Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction ID: 13fd98f0284c2b82ee786940f959e09a32689cc3935cb082b45eec307b3b93c0
            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction Fuzzy Hash: 70411A31A0062ADFEB11DE9C8840BB97FA1FB94B95F15806EEA459F341E7328D40CB91
            Function 015D09AD Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b6e7f62ea42f4e96295e38bab8e302b7ec9568b2fe3d6a0a565e16cd66518d34
            • Instruction ID: d04285c3f972bbbc6b67a99fd8bbffef079b26a5d4e128792096fd2b4a110c55
            • Opcode Fuzzy Hash: b6e7f62ea42f4e96295e38bab8e302b7ec9568b2fe3d6a0a565e16cd66518d34
            • Instruction Fuzzy Hash: 0D414971A40601EFD725CF19C840A2ABBF5FF94314F248A6AE459CF291E7B1E9428B91
            Function 01600710 Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction ID: a9e4da3631409a3d691e12589c47d14c13c29ea5d5703bf59893b585f52f8453
            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction Fuzzy Hash: D4412875A00605EFDB29CF98C980BAABBF8FF18740B10496DE556D7291D330EA45CF50
            Function 015D262C Relevance: .1, Instructions: 119COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 74284a1affb773e790e5a47b9945b8ba9c3e0ac4a352323a6ab6f05cb8322613
            • Instruction ID: 41f1741ab3469ac615cc790054f25ee03e2e57aca77487e5477c27dd652f2669
            • Opcode Fuzzy Hash: 74284a1affb773e790e5a47b9945b8ba9c3e0ac4a352323a6ab6f05cb8322613
            • Instruction Fuzzy Hash: 044168B19017019FCB36EF2CC940A6AB7B2FF94710F1586ADC4069B6A5DB30A942CB51
            Function 0160C8F9 Relevance: .1, Instructions: 116COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f18980245060018523afa462f8df5262f5e971ee2ee928bae168a5402f9c1a4f
            • Instruction ID: 64bd60cd93cff29683dcf8a28278c48ee4aedfd74ad318afc0efd3936a6d4719
            • Opcode Fuzzy Hash: f18980245060018523afa462f8df5262f5e971ee2ee928bae168a5402f9c1a4f
            • Instruction Fuzzy Hash: B73188B1A01205DFDB16CFA8C840B99BBF4FB49714F2081AED119EB391D3329902CF94
            Function 016507C3 Relevance: .1, Instructions: 114COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d7f9254bdf6d0ebab7d47fdfc76d4527e1f5fde41e0a40741396212930c14752
            • Instruction ID: 6a688a2de79c17cddf31c3bfbd47ae26257b555a613bf950009dd6f992dce5ca
            • Opcode Fuzzy Hash: d7f9254bdf6d0ebab7d47fdfc76d4527e1f5fde41e0a40741396212930c14752
            • Instruction Fuzzy Hash: 9C4156B2508301AFD760DF29CC45BABBBE8FB88754F104A2EF99897250D770D904CB96
            Function 016505A7 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b3f405918aaab8a9481ddc3b0443da8bffdeead5acaa76c2350e7c62149f670
            • Instruction ID: 430818698f996d317377a1b5737ac9096b85748a27a85bc8b5abf66ec1b89e82
            • Opcode Fuzzy Hash: 9b3f405918aaab8a9481ddc3b0443da8bffdeead5acaa76c2350e7c62149f670
            • Instruction Fuzzy Hash: E241C1726046529FC320DF68CC40A6AB7E9FFC8700F14062DF9959B780E730E914C7AA
            Function 015D4859 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3ea7d403c5ef6230177ba8b89e617090e127947912c5d293f57424a29e5ee5e
            • Instruction ID: 0e315c0ab3d008891a9f34bab6c53e2ded79a0628b87b7184bcde976f25dd733
            • Opcode Fuzzy Hash: a3ea7d403c5ef6230177ba8b89e617090e127947912c5d293f57424a29e5ee5e
            • Instruction Fuzzy Hash: 27418D306003028BD735DF2ED884B3ABBEABF80354F14486DE6858F691DB70D951CB91
            Function 015E02E1 Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction ID: 1015e3ee25ce29cefa7bc6478773f493306906575daa558ae5fd44d2a9a51231
            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction Fuzzy Hash: F531E432A04245AFDB258B6CCC44BAFBBE9FF58350F0845A5F455DB392C6B49844CBA4
            Function 015D4260 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65d8a5efc29ff036a5071cc044b137b22f6735b8b72793504f69a6f695d6043d
            • Instruction ID: da85d05726db94b034c6c2b4e6091eb83b8a6f45ce1dedfe3100ded4ed5c1a1b
            • Opcode Fuzzy Hash: 65d8a5efc29ff036a5071cc044b137b22f6735b8b72793504f69a6f695d6043d
            • Instruction Fuzzy Hash: D8418D35200B45DFD722CF2CC885BAA7BE5BF85714F14882DE65A8B750DB74E844CB50
            Function 01670DF0 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
            • Instruction ID: d5760c985a3784a51ee09dff3fdcc8f3688dd00b56aff2a1a41f441eff527494
            • Opcode Fuzzy Hash: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
            • Instruction Fuzzy Hash: 7031C172505346AFD726DB24CC05E6BBBE8EF91660F04496DF9918B250E770EC05CBB2
            Function 0164EB1D Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3a0f36091266c764456583e42e9f895b2f9c1e358b74dc17423a76c6213b8001
            • Instruction ID: 31627ddac613600652bf563908e4909ab1de3e6cb67b5169c862e70656a20e7b
            • Opcode Fuzzy Hash: 3a0f36091266c764456583e42e9f895b2f9c1e358b74dc17423a76c6213b8001
            • Instruction Fuzzy Hash: A831C1316016869BF326576CCF48B257BD9BB40B84F1D04A4AF459B7D2DB2ED841C234
            Function 016961C3 Relevance: .1, Instructions: 97COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d3da15e6551f5950a21aeb5d2d961e97491816e90189c47648b62baac5a77976
            • Instruction ID: b4a6bf5d30c880aa82360b18dc6f026cbdda244626af6b54bbc78c6b020651f2
            • Opcode Fuzzy Hash: d3da15e6551f5950a21aeb5d2d961e97491816e90189c47648b62baac5a77976
            • Instruction Fuzzy Hash: 5031C475A00216EBDB15DF98CD44BAEB7B9FB44740F5581A9E900AB244D770ED01CBA4
            Function 0167483A Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c43c3563dd6e6544b48bfdab7903262c17b804470885d948b67f6cf1645b8821
            • Instruction ID: c0e43120a156461297acc6643f8738ec0108f7a7a6fde06591958f020424f280
            • Opcode Fuzzy Hash: c43c3563dd6e6544b48bfdab7903262c17b804470885d948b67f6cf1645b8821
            • Instruction Fuzzy Hash: 26313476A4012DABCF21DF54DD88BDEBBB6AB98350F1500E5E508A7250DB30DE518F90
            Function 015FEB20 Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cc6f711309dbc73e725970bcf038a7d8825dfb00f4d7c2428f05b19f5af0a79e
            • Instruction ID: b820215d27140afffdd51c080c942f378a5e17969f25e361647effd82a5111f5
            • Opcode Fuzzy Hash: cc6f711309dbc73e725970bcf038a7d8825dfb00f4d7c2428f05b19f5af0a79e
            • Instruction Fuzzy Hash: 6D31B972D00219AFDB31DFA9CD45AAEB7F9FF44750F014469E516EB260D7709E008BA1
            Function 016960B8 Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b0058fe1d362cfeb6e719fb440a1bd2a2109591786100356c505211a82e80882
            • Instruction ID: e3a768ef19bda2bbb3af25186eaa5dc626315ae2c60c442b45d3021137686b08
            • Opcode Fuzzy Hash: b0058fe1d362cfeb6e719fb440a1bd2a2109591786100356c505211a82e80882
            • Instruction Fuzzy Hash: B031A2B1A40706AFDB269FADCC50B6AB7BEAF84755F00406EE506DB351DA70DD018B90
            Function 015D07AF Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 33925d50ebea309208e1f4aa2692b91de7488d5d1168b307773af57490a669e7
            • Instruction ID: f32db1477d8912647f0b41c3a4e9f5e870e41912c01cf73e8c82088d62d46dc5
            • Opcode Fuzzy Hash: 33925d50ebea309208e1f4aa2692b91de7488d5d1168b307773af57490a669e7
            • Instruction Fuzzy Hash: 6931C232A04612DBC722DE6C8895A6BBBE5FFD4650F01492DFD5AAF350DA30DC1187E1
            Function 015D8550 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2c89b190eaa0d34463bcecbb4f55258d261556ee4631b8a15ad7a44b84095c60
            • Instruction ID: 3196aab89763bfb1dec4be29b01f490f4ee5caab703fbb9bc296a07d8d3fe630
            • Opcode Fuzzy Hash: 2c89b190eaa0d34463bcecbb4f55258d261556ee4631b8a15ad7a44b84095c60
            • Instruction Fuzzy Hash: F1318CB16093029FE720CF1DC840B2AFBE5FB98B00F49496DE9859B351D770E848CB91
            Function 0160A6C7 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction ID: 6c0a173d4f1b965d27fb15935956f140672cbe1029eded565c930e9ab3fd0486
            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction Fuzzy Hash: 91312E76B00701AFE765CF6DCD40B67BBF8BB48690F14452DA59AC3790E730E9008B64
            Function 0167EBD0 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a7da958629e57488adb1ccaf9c4dd181617163006717a16317c26240fa013101
            • Instruction ID: 8ffb10ba4bdb00eb9bd01a730548b86ab6011dcc4e3b111ccb5523e187a3fdf3
            • Opcode Fuzzy Hash: a7da958629e57488adb1ccaf9c4dd181617163006717a16317c26240fa013101
            • Instruction Fuzzy Hash: 6731EF75A05302CFC715DF19C94486ABBF5FF89604F044AAEE4989B311D332E948CB92
            Function 015F438F Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 762e03dc7006711bb0ad99b8a827b35a76305a3ab01336ec358b942e0b4b12d1
            • Instruction ID: c1076b120d34f886516aaae4903d6c988ffd4f068789992fa67b1fd30c5ba48b
            • Opcode Fuzzy Hash: 762e03dc7006711bb0ad99b8a827b35a76305a3ab01336ec358b942e0b4b12d1
            • Instruction Fuzzy Hash: F331C232B002069FD724EFA8CD84A6FBBF9BB84304F00852DD206EB655D730D945CBA0
            Function 015CCB7E Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction ID: 0a26777fd4a95b164984ef6f1f20bc57dfbb276c34748dba2a614f1287ad97e2
            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction Fuzzy Hash: 8121F936E00667AEDB109FF9C840BAFBBB5BF54740F058475DA55EB340E270C9008B90
            Function 015CC156 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b3a4057a900e475f2eef2c5c75a634825d96a7bafb682812a9a9d071b2c9909e
            • Instruction ID: 2eac7db31e9482c0be5907aa620675c3b1513dcb485302faf35e0c472b1056cd
            • Opcode Fuzzy Hash: b3a4057a900e475f2eef2c5c75a634825d96a7bafb682812a9a9d071b2c9909e
            • Instruction Fuzzy Hash: BD3149725002218BDB31AF68CC44B7977B4BF91304F4481A9D9459F382DB78D982CF90
            Function 0168C3CD Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction ID: 0916dbb5076702cf25333a8f626496fe445e4b8a7ef3edbf30c6a89b3679757d
            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction Fuzzy Hash: 55212D3660065267CB25BBD98C00AFFBBB6EF40710F40851EFA558B691E734D990C774
            Function 015CE420 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 29261c2986e42d147437b58386e3781d2a9ce353b0b2dbfbf139c7d25c46fd6e
            • Instruction ID: 7586ac8015c7390682f2db2b6224cea29d5fff26a6e231aedafd17903954733b
            • Opcode Fuzzy Hash: 29261c2986e42d147437b58386e3781d2a9ce353b0b2dbfbf139c7d25c46fd6e
            • Instruction Fuzzy Hash: DA31C431A011299FDB35DF58CC82FEEBBB9FB55B40F0104A9E645AB290D6749E808F90
            Function 01604588 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction ID: 81b29f519bcf06bb51a93d5d660a8a5824465243e58e88ef6f2daa6cbf9e6ee0
            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction Fuzzy Hash: 14216535A00615EBCB26CF98CD80A9BBBA5FF48714F108169EE159B281EA71DA05CB50
            Function 016044B0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9cf790515642ea18d8a423807d92ae5d1380a016607bf220066a58bcbd0d9633
            • Instruction ID: 00a2fe16b1ebc2eadcbc9f67c2788043fda7ccb867cfbfe36af5a8fc172f3400
            • Opcode Fuzzy Hash: 9cf790515642ea18d8a423807d92ae5d1380a016607bf220066a58bcbd0d9633
            • Instruction Fuzzy Hash: F321B1726087469BC727DF18DC80B6B77E5FB88760F014619FA589B781DB31E901CBA2
            Function 015CE388 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction ID: b17513faaebb69e58d343b7f6a4607260e77bbc18a588f43feb00d94f482ce34
            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction Fuzzy Hash: 4A31AB31600605EFD721CFA8C985F6ABBF9FF85754F1049A9E5128B280E770EE01CB50
            Function 0164E609 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a6757473ee9d7a87ad42202da5375395198bca8dfb03db6a9b3eac910172b3ae
            • Instruction ID: c55e9561aea387f7dd66ee68c5188e42d7da5c2cafd0e33adace2680b8cac726
            • Opcode Fuzzy Hash: a6757473ee9d7a87ad42202da5375395198bca8dfb03db6a9b3eac910172b3ae
            • Instruction Fuzzy Hash: 3931A075A00215DFCB14CF1CCC849AEB7B6FF88304F15445AE8099B391E776EA51CB94
            Function 015D8D59 Relevance: .1, Instructions: 83COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
            • Instruction ID: 6b77f7f55e3dff33dc47d90f1ad55b2b6b0c3fcc34f53e6bc7c063905b3e5103
            • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
            • Instruction Fuzzy Hash: F621D831A02646DBE726A72CDD25B2577F4BF90750F1904A8DD428B7D3E765DC41C250
            Function 016506F1 Relevance: .1, Instructions: 79COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: efd33a75a91a8b08406aa7ab55b06d16ed3feaa82a554457b80f53050434c59d
            • Instruction ID: 3c634c895fc9535a9d223dd5035bb46fc198904fd8819106e8431b0c955fc133
            • Opcode Fuzzy Hash: efd33a75a91a8b08406aa7ab55b06d16ed3feaa82a554457b80f53050434c59d
            • Instruction Fuzzy Hash: 5E21807190062A9BCF14DF59CC81ABEB7F8FF48740F540069F941AB254E778AD51CBA0
            Function 0165019F Relevance: .1, Instructions: 78COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3743c335fcfdafd306a76ec10a713356b5b658ed771532589980fbe625290753
            • Instruction ID: 9d315e4aae4d3147c6a6a63bb40a933b6792fdec4d8b3a06a467160e4d5eaf01
            • Opcode Fuzzy Hash: 3743c335fcfdafd306a76ec10a713356b5b658ed771532589980fbe625290753
            • Instruction Fuzzy Hash: 3A218B72A00645AFD715DBACCD44A6AB7E8FF88780F1440A9F905DB7A0D734ED50CB68
            Function 01650283 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 23cc667db8c5545dec7d97c8bab56a06b1e7f0b2ea58af1c84f01a2cb68586a1
            • Instruction ID: a653d020c410d284bbad720ebb2a93acc4426bd9dcca4856a93b569658e0ad1d
            • Opcode Fuzzy Hash: 23cc667db8c5545dec7d97c8bab56a06b1e7f0b2ea58af1c84f01a2cb68586a1
            • Instruction Fuzzy Hash: 7821AF729042469BD721EF69DD48F5BBBECBF90380F08445ABE848B252D734D905C6A2
            Function 015F2835 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 495b5c528c8e5c2f09294fcbd3ec544aaa1a111a06c6f1664d76e3585d542cbf
            • Instruction ID: 37a825b83ae2691a4f19cc7f45de57de4c2dd02b04d09df652dd2ce2c6d3efee
            • Opcode Fuzzy Hash: 495b5c528c8e5c2f09294fcbd3ec544aaa1a111a06c6f1664d76e3585d542cbf
            • Instruction Fuzzy Hash: 52210B72A057869BE326576CCD18B243BD5BF81774F2807A8FB60DF7E2DB68C8018250
            Function 0160A30B Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 342f52b6b4939465d676311ac28b406727bba90cfed86bd7988266a51dd93aac
            • Instruction ID: d1d0558ab87dc88deadb67a99fdac02114e7c9709aaf1fae353b305dc0e74dd2
            • Opcode Fuzzy Hash: 342f52b6b4939465d676311ac28b406727bba90cfed86bd7988266a51dd93aac
            • Instruction Fuzzy Hash: 3F219879610B019FC729DF69CC00B56B7F5FF48B44F2484A8A50ACBB61E331E842CB98
            Function 01650946 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c9e2b0fee2b391d0e193104852c036c7cd3ca29b2cd846e3c86ff8081c5105f3
            • Instruction ID: c59739b0e810e57cb18e398c6c4e638774ef0f02e65ce361e079987a94a19b38
            • Opcode Fuzzy Hash: c9e2b0fee2b391d0e193104852c036c7cd3ca29b2cd846e3c86ff8081c5105f3
            • Instruction Fuzzy Hash: 4421E7B1E00259AFCB60DFAAD9819AEFBF9FF98700F10012EE405A7354DB749941CB54
            Function 016680A8 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction ID: 2cd395fddee4c59472877bc6db9fd6ed68ec0320983a581ef3a89c3c30aaa0ac
            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction Fuzzy Hash: 45216772A0020AEFDB129FA8CC44BAEBBBEFF88315F204859F915A7251D734DD518B50
            Function 01600124 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction ID: e01d5dfc6c70b8e31d64fe499c05d962b97fc3bb5bb487e23215e28842019450
            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction Fuzzy Hash: B911D073600605AFD7279F94CC40F9BBBB9EB80795F1044A9F6048B2C0D671ED44CB54
            Function 015D8770 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1d9098480e8406e77b4ad6fa91b95a678de7a456cf356fa469bf2f0a88bb534c
            • Instruction ID: 4de1c60ecc5156878f6fea035a963e0b69277e2086151e0c1fb6b29be1b165d8
            • Opcode Fuzzy Hash: 1d9098480e8406e77b4ad6fa91b95a678de7a456cf356fa469bf2f0a88bb534c
            • Instruction Fuzzy Hash: CE1194357016129BDB26CF4EC5C0A6ABBE9FF8A750B1A406DEE099F305D6B2D901C790
            Function 0160AAEE Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction ID: 00f58a1733043d33658c69b35318a44525707b356f18e36d3421ee5ce1fbb01f
            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction Fuzzy Hash: 74216872600B41DFD72A8F99C944A66BBE6FB94B90F14896DE54A8B750C770EC01CB80
            Function 015D80E9 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 02b0868c21782666e8250f8c0131a2de7b36664b4638390e43e0527afc029b1b
            • Instruction ID: 17b004711c87fe20b4d11aeb108afa9d2870680b18c402c8edee0cb00a27345d
            • Opcode Fuzzy Hash: 02b0868c21782666e8250f8c0131a2de7b36664b4638390e43e0527afc029b1b
            • Instruction Fuzzy Hash: 47215B75A00206DFCB24CFACC591AAEBBF5FB88318F24416DD105AB351DB71AD0ACB90
            Function 0160674D Relevance: .1, Instructions: 65COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d10dc92a3a55a7f9831d0cf8a12a98e29808f016ef9885c2ae77bf55f274d35b
            • Instruction ID: 6170cf3a1e28659964070b9c9242a707f6ddf7c53da3a85921be2f2ad02abe43
            • Opcode Fuzzy Hash: d10dc92a3a55a7f9831d0cf8a12a98e29808f016ef9885c2ae77bf55f274d35b
            • Instruction Fuzzy Hash: 72216D75510A01EFD7298F69CC41B77B7E8FF84650F04882DE59AC7290DB70E960CB60
            Function 01666870 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 46e91c8cc8b24b0eaeda42f8c26e2c1d51f65586e96784db4e06cc6ff71abad1
            • Instruction ID: b2ac1d0c5b63a857221c189b297dfedfd4681bf7ce3e4cb17fc7d5051592fe30
            • Opcode Fuzzy Hash: 46e91c8cc8b24b0eaeda42f8c26e2c1d51f65586e96784db4e06cc6ff71abad1
            • Instruction Fuzzy Hash: 84119132240616EFC722DB69ED40F9A77ACFF95750F114069F6059B261DA70E901CBE0
            Function 015FE8C0 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9f3bb59055e936fd41b164a3e9346821f7de254422973fadf0eafd6fb167684d
            • Instruction ID: 8521eae2134d11ca69335d7a19ccb31ec6b7024a62add947724046f21a540208
            • Opcode Fuzzy Hash: 9f3bb59055e936fd41b164a3e9346821f7de254422973fadf0eafd6fb167684d
            • Instruction Fuzzy Hash: DA1148337001109BCB1ACB29CD85A7B7297EFD1670F25496CEA228F390EA308812C3A4
            Function 016066B0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 74b601dcc3d0f40fc62cbc1ca173e46c7f84c5cea3c3099398e1208268764676
            • Instruction ID: 59ec1015b23397d2ec1fba21f291103b8d6c991801f82739e0f33f2899d0a264
            • Opcode Fuzzy Hash: 74b601dcc3d0f40fc62cbc1ca173e46c7f84c5cea3c3099398e1208268764676
            • Instruction Fuzzy Hash: A011CE76A01216EFCB2ACF59CD84A6BBBF8AF84610F01407AD9059B350E770DD10CBA0
            Function 0169A8E4 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction ID: 6241bda62e566ef1571fd8d3bf4bac4efc32826b9d5a155872d007a74f4ad56c
            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction Fuzzy Hash: 2911E236A10909AFDF19CB58CC05A9DBBFAFF84210F058269EC45A7380E631AD01CB80
            Function 015D0AD0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction ID: e1357bc9ddde5f1d13971e219a84b7efd8806c226a2109eed6389488b0910e5b
            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction Fuzzy Hash: 2621F4B5A00B059FD3A0CF29C440B56BBF4FB48B10F10492EE98ACBB40E371E814CB94
            Function 0165E7E1 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction ID: 481f388970a88ab2d46ad7aa3c97f2a9e966c120e9249b3d79c89dcad472836f
            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction Fuzzy Hash: D3119132600601EFEF659F48CC40B56FBA6EB55754F06842DED0A9B250D732DE40D790
            Function 015F27ED Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 380d02cb0e1a9f7c473e7357549d5a0e00acc3a74364fb5ef12b716dfa0696ff
            • Instruction ID: 50ea082306593b7ff40d538792b3464a03379fe28845e3cce8ff0cd34faa0773
            • Opcode Fuzzy Hash: 380d02cb0e1a9f7c473e7357549d5a0e00acc3a74364fb5ef12b716dfa0696ff
            • Instruction Fuzzy Hash: 7401C472605685ABE326A6AE9C58F276BDDFF80794F0500A9FA41CF291DA14DC00C261
            Function 015D4690 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cd4ee49b8ce61fb316329be43e13e9d25ac443b8ed10c91ce3dd6823c3f109d4
            • Instruction ID: cf95d1bb58e4a4ba450a3c1a7ed5f3b1a8b72d450688c94c9a0ad51e04623f1b
            • Opcode Fuzzy Hash: cd4ee49b8ce61fb316329be43e13e9d25ac443b8ed10c91ce3dd6823c3f109d4
            • Instruction Fuzzy Hash: 15110E36241681AFDB35CF5EC880F2A7BA8FB86B64F024119F9058FA80C770E841CF60
            Function 01606620 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8718596f6a7b949c6e64f3a3be239abf404516b2987941d6df9f70e7b6c6049
            • Instruction ID: c41e3b032c2a60aa5b1ed6c3af48e606fc234075ab2bb2c655928c3b2b1967ee
            • Opcode Fuzzy Hash: e8718596f6a7b949c6e64f3a3be239abf404516b2987941d6df9f70e7b6c6049
            • Instruction Fuzzy Hash: C9118E72A10726ABDB26DF59CD80B5FFBB8FF84750F540459EA05AB340DB30AD118BA1
            Function 015FEA2E Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: faf6cb34df5944855229430e00b727804e310a7e88d67b5d5a179a1c8db24a5f
            • Instruction ID: 6ed77ef2e7d504de9ce91896ff872906e58f481bcfce5750edac0a90b6daf12c
            • Opcode Fuzzy Hash: faf6cb34df5944855229430e00b727804e310a7e88d67b5d5a179a1c8db24a5f
            • Instruction Fuzzy Hash: B001C07160024A9FC325DF18DC49F2ABBE9FBD1714F21816EE1068F260C7B0AC46CB94
            Function 015FE53E Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction ID: ed637dcb939eb0301026d9dfb1b408577ee78c2c55d771df2e735aac625978db
            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction Fuzzy Hash: 6911C671A016C69BE722971C8D48B2937D4FB81784F1A04E4DE418F792F728C842C252
            Function 0165E75D Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction ID: 4bc9335730336153d04e5da9f584f105c70b7a5577d4ac8a51f82cc6f4ab031f
            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction Fuzzy Hash: 8601D236B00506AFEF659F58CD00F7AFAA9FB81750F058028EE099B260E772DE41C790
            Function 015CA250 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction ID: 1ecbc56c6a96679d03cfe340998ed7be8fb9b90da38af7d2e7e0a5a351ad7869
            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction Fuzzy Hash: 4501043240473A9FEB218F599840A367FE6FB55B64700892DF8958F281E331D400CBA0
            Function 0164E1D0 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: af42f4817b0c98893e50d6ef5f7aab47d409de46b6116703181fd7fc4161c51b
            • Instruction ID: 5052a2fbc3531a178b83782a97a87d1e4e77d6a5aa5618c1ae7ec5623f9f5848
            • Opcode Fuzzy Hash: af42f4817b0c98893e50d6ef5f7aab47d409de46b6116703181fd7fc4161c51b
            • Instruction Fuzzy Hash: 61117932241642EFDB25AF19CD91F16BBB8FF94B44F2400A9EA059B661C235E901CA90
            Function 015D6259 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 10670b56526f38673aa2f94d192431ee49ec4cc71a9af2da74b0a01ea00b4b49
            • Instruction ID: 0a16a94ad539b57f8229b0af460af6997631731dfb1d836d9ffdff566688168c
            • Opcode Fuzzy Hash: 10670b56526f38673aa2f94d192431ee49ec4cc71a9af2da74b0a01ea00b4b49
            • Instruction Fuzzy Hash: 7911A070541229ABDB35EB68CC51FE973B5BF04710F5441D8A319AA1E0D7709E81CF88
            Function 015C6DF6 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3fb6f06d8a0112caac28d857268e760a4a4d81b5cad126220ce6410001fc5e35
            • Instruction ID: 5aa954bb10e700e2f0849a420aa0a6019a3846cc656bbfc91b4673a8f2010d15
            • Opcode Fuzzy Hash: 3fb6f06d8a0112caac28d857268e760a4a4d81b5cad126220ce6410001fc5e35
            • Instruction Fuzzy Hash: 9D01F131310A22AFCB216E699C45867BBA6FFC4728F00052CF9868B651DB21EC11CBD0
            Function 01606DA0 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
            • Instruction ID: c3dec66d0f7d6d1c769137ea9d47adb37f6e87c001fcedb34ab6edf754adb0b5
            • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
            • Instruction Fuzzy Hash: 7F01287260831667EF2E9B59DC04B9B7FA4EB80B50F044059EA065F2C0DB74DCA1C3E0
            Function 01656050 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c95ad8b01e7f87ff64b4fd7accad06dcd6e6eeb76924b0e585ecc89c42225012
            • Instruction ID: 6b2d5c96cb2ae6be4d76ed13cd793093cfc1c6ae503a418b135dbd23c842e071
            • Opcode Fuzzy Hash: c95ad8b01e7f87ff64b4fd7accad06dcd6e6eeb76924b0e585ecc89c42225012
            • Instruction Fuzzy Hash: E4112973900119ABCB16DB94CC84DEFBBBDFF48258F044166E906E7211EA34EA55CBE0
            Function 015D208A Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction ID: 942a0c7814b007f28e6b15b621e44490cc9c7fe937b6ff55811c1b7fb6a5360d
            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction Fuzzy Hash: D30124326011118BEF258A2DDC80B96B7BBBFC4700F5945A9ED058F346DB72CC81CB90
            Function 01666500 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: de920df91518c3f3303f81862c86b8bfbefc18e15f031a4beeddd2a19d3acb7b
            • Instruction ID: 11364cdf77c6de47a498ae606ed066df8f57c2b89fe998d1c4ea5a825ee08501
            • Opcode Fuzzy Hash: de920df91518c3f3303f81862c86b8bfbefc18e15f031a4beeddd2a19d3acb7b
            • Instruction Fuzzy Hash: 1711A1366441469FD711CF69EC01BA6BBB9FB9A314F088159E849CB325D732EC81CBA1
            Function 0165C810 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee9f9c49a7cbdf949ace081161af424f24d5adec648cda1d60e51bde93ea1939
            • Instruction ID: 29ab4188de2bb73d4567d62d2ccac30896684c729f4f00a6dd66832939e3a979
            • Opcode Fuzzy Hash: ee9f9c49a7cbdf949ace081161af424f24d5adec648cda1d60e51bde93ea1939
            • Instruction Fuzzy Hash: 3E11E8B1E002099FCB04DFA9D945AAEBBF8FF58350F14406AA905E7355D674EA01CBA4
            Function 015CC020 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction ID: 161353a1e1ff56e679905f361b25a7b15d9c1bf1926413860b185df58d807c5b
            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction Fuzzy Hash: 4B01B532100B459FEB229AA9CD00AAB77E9FFC5650F05881DEA469B640DAB0E402CB50
            Function 016120F0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0077b85146e7e57b8d233af5cf410342bb2a4a01da6370673f740de37e26f586
            • Instruction ID: 21f734cdeaa955819e6e7c7e65f800c787f589eef68c5452b070568832d10449
            • Opcode Fuzzy Hash: 0077b85146e7e57b8d233af5cf410342bb2a4a01da6370673f740de37e26f586
            • Instruction Fuzzy Hash: 1C116D75A0024DEFCB05EFA4CD51BAE7BBAFB44384F104059EA069B254DB35AE11CB90
            Function 0160E5CF Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: de80edcd72df7a0428c5c841ac54452df172a583574c68d4a8c343c7c91b3dfa
            • Instruction ID: c6b462627e97f33b1956c1f201254be3ee8ec60b54171de5f1ec96c5483e1400
            • Opcode Fuzzy Hash: de80edcd72df7a0428c5c841ac54452df172a583574c68d4a8c343c7c91b3dfa
            • Instruction Fuzzy Hash: 9B01D471A11A027BD315BB29CD44E13B7ECFFD9654B000629B1098B650DB64EC11C6A0
            Function 016669C0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 57239862eae483b912f453248b5cb34dfc316081e296ea4f8b254bbc44e6cee8
            • Instruction ID: 78a8624a54948ac3721578dca7ba38d47bacf536c9ded27020bfb1be24ef078d
            • Opcode Fuzzy Hash: 57239862eae483b912f453248b5cb34dfc316081e296ea4f8b254bbc44e6cee8
            • Instruction Fuzzy Hash: BB01D8322142069BC324DF6ADC4896AFBACFB94660F154129ED5987280E7309911C7D1
            Function 0165C460 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1d94f1b2a2565603ed8107e4fb382ee928fac749bfd83cdfb2e769756809b790
            • Instruction ID: 7b18e096609d34f8563133c3c91e65409ca17df5f282de37a3c32d50f3f1f908
            • Opcode Fuzzy Hash: 1d94f1b2a2565603ed8107e4fb382ee928fac749bfd83cdfb2e769756809b790
            • Instruction Fuzzy Hash: ED113975A01249ABDB15EF68CC44EAE7BBAEB48344F004059ED0197340DB35A911CB90
            Function 0165C97C Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 740e1bdb191993a8da535180c1203a90dedad0deb1b7432d23eb2cedb6f1a77b
            • Instruction ID: 0a1adf903b6e7b91d34a264507fe580b6335d112068924f62140ff9703f416bf
            • Opcode Fuzzy Hash: 740e1bdb191993a8da535180c1203a90dedad0deb1b7432d23eb2cedb6f1a77b
            • Instruction Fuzzy Hash: 411179B16083099FC700DF69C842A5BBBF8FF98350F00451EB998D7390E630E900CB96
            Function 0165CA11 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 246d25267a1a76561ec196cb5beeaa000501c4a1f29b89590778fa99f657830d
            • Instruction ID: cc902b153a0213d69106cf3c5ef205d0e5cdec01be95cd0849ccbbde119837d4
            • Opcode Fuzzy Hash: 246d25267a1a76561ec196cb5beeaa000501c4a1f29b89590778fa99f657830d
            • Instruction Fuzzy Hash: FB118BB16083099FC300DF69C841A5BBBE8FF99350F00851EF998D73A4E630E900CB96
            Function 016A4A80 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
            • Instruction ID: 684c5e6c77706eaadc5dd6e7ff4e2fc6d5cfaf09c64e81710b2f15e6ffbf2197
            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
            • Instruction Fuzzy Hash: D401B1322006069FD7259A69DC54F96BBEAFFC5210F484819EB428B654DEB1FC41CB94
            Function 015EE016 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction ID: 4d82955e4f3c70fc5b5e6d72cf1787c1a10a6736efd7087b70f086689d5375f4
            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction Fuzzy Hash: 48017C326109949FE32A861DCA48F2A7BD8FB84754F0904A1F905CF691D728DD40C621
            Function 015C826B Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 695d31f86d9e1dcad19b6b3d4b15e8ed66009d7cd20ddd3c99795e954f908165
            • Instruction ID: 304083db82bcad8e3e8a6c545494f1d85a9f90434223315307d551dc387b030d
            • Opcode Fuzzy Hash: 695d31f86d9e1dcad19b6b3d4b15e8ed66009d7cd20ddd3c99795e954f908165
            • Instruction Fuzzy Hash: 4C01D431610905DFD714DFA9DC14ABE77EAFF80A10F09406D9D01AB240DE60D801C690
            Function 015D2582 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 54db08fa82ffa7b5ab1ece2105242e7826dce7c02acf75a7392ce2783ccaa1c3
            • Instruction ID: a1020cb8c9786dfcd8577c6b78e63e97d749fede40b6e337b7f349571f572eed
            • Opcode Fuzzy Hash: 54db08fa82ffa7b5ab1ece2105242e7826dce7c02acf75a7392ce2783ccaa1c3
            • Instruction Fuzzy Hash: D1F0D132A41B21ABC7319B5A8C44F57BAA9FBC4A90F004428A60A9B640DA30ED01CBA0
            Function 015FC073 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction ID: cbbbb6d06c6c8a8b2c447d87337c8133a23c64230258a2f8e1968adf129c7487
            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction Fuzzy Hash: 6BF0C2B3A00615ABD324DF4DDC40E6BFBEEEBD1A80F04812CA605CB220EA31DD05CB90
            Function 015CC310 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction ID: c4b6e594d1928bc56df0594ac2d76c2df7ce846af043b3db101da44b1ac5e08d
            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction Fuzzy Hash: 01F0C233204A239FD7325ED99840B2FAA95AFD1E64F1A007DF20E9F604CA648D0297D0
            Function 0160CA6F Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction ID: 8bf1156d4d88601238378eaa4206c4c08abe03d350743116464c9879fa45ca83
            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction Fuzzy Hash: 6D01D1326016859BD327976DCD09F5ABBDDEF81754F0841A5FE048F7A1D77AC841C220
            Function 016A61E5 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee2d91689df3385600c6a87ed9d9700ef3b7a5fe7f4ab05d34d9dc975e30e735
            • Instruction ID: 03dd8004919fa84bfabc516d336550056df3180adf5ce4e2647bd4d96710e26b
            • Opcode Fuzzy Hash: ee2d91689df3385600c6a87ed9d9700ef3b7a5fe7f4ab05d34d9dc975e30e735
            • Instruction Fuzzy Hash: FF014F71A00249DFDB04DFA9D945AEEBBF8BF58350F14405AE505AB380D774EA01CB98
            Function 016563C0 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction ID: 96c6187ca3bc0953375cf4696a813ea44bc29946370d8359e8e92b2b14ae46e1
            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction Fuzzy Hash: 4CF0127210001EBFEF019F94DD80DAF7B7EFF55298B104165FA1196160D631DD21E7A0
            Function 0165A4B0 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5389d193847442bbde31be39ac733e8feb2d6d2a164a6f31e2c685cf8a6d1310
            • Instruction ID: 055359648ee47e0425ffaf328ab21d6a9b66753bea7259b150a77d049d6cdfa7
            • Opcode Fuzzy Hash: 5389d193847442bbde31be39ac733e8feb2d6d2a164a6f31e2c685cf8a6d1310
            • Instruction Fuzzy Hash: 65018536100209AFCF129E84DC40EDA3F66FB4C768F068205FE1966220C732E971EB81
            Function 015CC0F0 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1087a5e86576f0025fbb9755ab04cb6273f71e914f96434eb9e851e8f34128c
            • Instruction ID: 195b1f927ff94879a7e94e28aa9f781393e0d72282431a19ea3fe4305e836304
            • Opcode Fuzzy Hash: c1087a5e86576f0025fbb9755ab04cb6273f71e914f96434eb9e851e8f34128c
            • Instruction Fuzzy Hash: D9F024717442425FF3249A9A9C01B3632DAF7C8A50F69846EEB0D8F2C1E971DC018394
            Function 0160656A Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d7613ed5725ae26951b814b2b4d73d26a3d8a55f56e1292bc6d64d9523a12414
            • Instruction ID: ceb0d871b7bce6645abd22ee3ec05daf0e3b46e3d702a59de64902d28f45801f
            • Opcode Fuzzy Hash: d7613ed5725ae26951b814b2b4d73d26a3d8a55f56e1292bc6d64d9523a12414
            • Instruction Fuzzy Hash: F901A4706007859FE327972CCD49B2637E5BB40B44F484194BA019BBE6EB69E4128214
            Function 0167437C Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction ID: 51b029b7e28590db0aee1b426d1cf07e51dd79ecff86f7d55149856c444b3aa0
            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction Fuzzy Hash: 80F0E935341E2347EB36AA2F8C28B3AA696AFD0A60B05072C9619CB7C0DF20DC018780
            Function 0165E872 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction ID: 42d3fd4addde9a4c64795693cf418115a735955640540853b44fb03632b5f206
            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction Fuzzy Hash: 81F0B432B505129BDB618A4DCC80F12F7A8BFD5A60F1A0064AA089F760C362ED0287D0
            Function 0165C89D Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3ec63f513043c8cdc420e1f5e77c177ef71c84a77d35d00ea99bc93c9814711
            • Instruction ID: f79541e40282054abf9fc18e04af5f0a2e7ebb99b333920af0b9368af0a728a5
            • Opcode Fuzzy Hash: a3ec63f513043c8cdc420e1f5e77c177ef71c84a77d35d00ea99bc93c9814711
            • Instruction Fuzzy Hash: B0F0C2706053059FC354EF28C946A1BBBE8FF98710F44465EBC98DB394EA34E901C796
            Function 01600854 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction ID: 323114b2b72ada9712516d6c5db718c46e0fedd9eadb5484d44a1f776b293dea
            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction Fuzzy Hash: 5DF0B472610205AFE719DF25CC05F57B6E9FF99344F258078A545DB2E0FAB0DE01C654
            Function 01658D20 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1088a5accf5e19454c9733c9b6ba694bd4d215ff4e35071f2719ec8c887f47a7
            • Instruction ID: 5d4eb1208d872d55b1cb6435736950a32e1749a23ff47030e2bedcc26b4db9d2
            • Opcode Fuzzy Hash: 1088a5accf5e19454c9733c9b6ba694bd4d215ff4e35071f2719ec8c887f47a7
            • Instruction Fuzzy Hash: F5F090336002446FE7316A1DAC48B6BFBDEFBD4720F095519FD462B61187346C90CB80
            Function 0165C912 Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cd8853e37d07700e36ca221fb0e088cf0e75f091b50790b6217c8016db165ee8
            • Instruction ID: 1ee9a94097761541f19fe05c76f53c1a03d7e0e01c0dd9b3e7ed0a71e1b9d1e0
            • Opcode Fuzzy Hash: cd8853e37d07700e36ca221fb0e088cf0e75f091b50790b6217c8016db165ee8
            • Instruction Fuzzy Hash: D6F06270A0124DDFCB04EF69C915A6EB7F8FF58340F008059B955EB385DA78EA01CB54
            Function 015D47FB Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c041ccf3489bee23ce2fc1ae00d24effdb5f0c2436fefd1e3b1e1544e8a5b3eb
            • Instruction ID: 6cfddd92bc4f657913871ed0b4f53e26938c5bbaaa65bfa6552a11a1b8d8890e
            • Opcode Fuzzy Hash: c041ccf3489bee23ce2fc1ae00d24effdb5f0c2436fefd1e3b1e1544e8a5b3eb
            • Instruction Fuzzy Hash: D2F0B4319167E19FE732CB5CC45DB29BBD4BB016A0F08496AD549CFD02C774D880C750
            Function 01690115 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c339d586dda1c0a840f9b7c52f3306ff8b7e1aeb9b27092c6a489117d080883f
            • Instruction ID: 897b019aad92ba187a7c7ecf5803744d86dd4124c65fdf6e4b1c0e20b2deeb89
            • Opcode Fuzzy Hash: c339d586dda1c0a840f9b7c52f3306ff8b7e1aeb9b27092c6a489117d080883f
            • Instruction Fuzzy Hash: B8F027A64156811FCF326B6CEC502E13F6EA741514F092089D4A0A7305C7748493C368
            Function 0160C5ED Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9a4c9c633dc7f092f2eb006396928b01b92fb23310df0e8d959df52c70c6697
            • Instruction ID: f9665563da3c430a73c99e410f84d24998be81c359e095bbd0182c2c20972d8b
            • Opcode Fuzzy Hash: e9a4c9c633dc7f092f2eb006396928b01b92fb23310df0e8d959df52c70c6697
            • Instruction Fuzzy Hash: 39F0BE71932A619BE33B965CCD88B137BE4AB416A0F0896A5D906C7692C760E881CA50
            Function 01612619 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction ID: ab70a79ab45a066ecb3e7492fd7f6a89c1c6d33407407d390b1c317ee55036c3
            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction Fuzzy Hash: C6E0D8323006416BE7119E598CD4F5777AFEFD2B14F18047DB5045F296CAE2DC0986A4
            Function 01666030 Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction ID: d5a2246e18287822ae08040a2941dd1185c05a785bb52a066011fc71c2080f0e
            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction Fuzzy Hash: C3F01C72114204AFE3218F1AEE44B52BBFCEB55364F55C065E6099B661D379EC40CBA4
            Function 015D0710 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction ID: 058cb7056930cd1d38d24ef1aedfcc081b1ccf3405e1059896db548fe580f0ca
            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction Fuzzy Hash: D2F0E53A2047559BDB2ADF19C440A957BE4FB41350F010494FC528F351E732E981CF94
            Function 016049D0 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction ID: eee4270ee221f35ca84a7e3e43e76e10522fd9536e8a54f693e4c20d43135243
            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction Fuzzy Hash: B9E09232254145ABD73A2A598C00B6776A6ABD07A0F150429EB008B298DF74DC81D798
            Function 015D25E0 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8964e338dc4c387ad81d3e06f77c8472e44d77d876bdbddb826e48d6e5e620c0
            • Instruction ID: 1ce74873ef4faf086d0b05f99077bce33d78663b0a6693cb386b75b214722122
            • Opcode Fuzzy Hash: 8964e338dc4c387ad81d3e06f77c8472e44d77d876bdbddb826e48d6e5e620c0
            • Instruction Fuzzy Hash: B4E092321006959BC321FB2ADD11F9A77AAFFA0364F114519B1155B190CB30A810C798
            Function 01654000 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction ID: 0f22fc9fc1c4d9c7d22deae0ab6f8558ef538ef1f7c551f8f884c729614f133b
            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction Fuzzy Hash: 70E0C2343003058FE755CF19C844B627BB6BFD5A10F28C0A8A9488F309EB32E882CB40
            Function 0160CA38 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd717ee8b38b5d8b369d385a46c4685cae839113abbf9463b10d69a03588dd3b
            • Instruction ID: d0a0d242697012e6f2be39cc578afc8279a1d39ac9bd0743e97bcd3cd31fdf57
            • Opcode Fuzzy Hash: bd717ee8b38b5d8b369d385a46c4685cae839113abbf9463b10d69a03588dd3b
            • Instruction Fuzzy Hash: BBD02B324910216ECB3FE228BC04FA73A9AAB80320F0588E0F908D6091D518CCC182D4
            Function 015C823B Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction ID: d59d8e7c49415e6b1e16c11f6da313d1b93c43f597cac3e6b01eebb3a8b2d666
            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction Fuzzy Hash: F2E08C31400A21EEDB322E55DC18B5176E2FF94F10F24482DE0861E1A887B0A881DA48
            Function 015D2050 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b50007e79989d73704ad7485dd84fbf35f7874a1ddc3c0a35f8aeee6444b9c14
            • Instruction ID: 23df083cdfad78cdf53e1fd2962bb15a23764906b54c48c885adc79ef03cf450
            • Opcode Fuzzy Hash: b50007e79989d73704ad7485dd84fbf35f7874a1ddc3c0a35f8aeee6444b9c14
            • Instruction Fuzzy Hash: 81E0C2321005616BC321FB5EDD10F5A739EFFE4260F000121F1558B694CB70EC10C798
            Function 01608A90 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
            • Instruction ID: 1501b41a2883d5faaf204b3ed6e713ba5fea8acc08ca63a36a06cf1ea6fba85e
            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
            • Instruction Fuzzy Hash: EBE08633511A1887C729DE18D911B7377A8EF45720F09463EAA13477C1C634E544C794
            Function 01626AA4 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction ID: 64c285ad31954e731e48643f986a1c3c61773a3a4b270100a29146b9e9537a51
            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction Fuzzy Hash: EFD05E36911A50AFC3329F1BEE04D13BBF9FFC4A10705066EE94683A20C770E806CBA0
            Function 0160E59C Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction ID: 8db3180c99d4511aebd581acab6ebef63df7708c02476e9663a2861fc76d25c3
            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction Fuzzy Hash: BAD0A932A64A20ABD772AA1CFC04FC333E8BB88724F060499B009CB150C360EC81CA84
            Function 0164E908 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction ID: 543d1e58dff7d50ac4ca6f9409ff2a79aabb9d4f13b578b91bfd016076b93ba0
            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction Fuzzy Hash: 05E0EC359506859BDF66DF59CA44F5ABBF5FB94B40F150458A1085F660C729E900CB40
            Function 015CA0E3 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction ID: 9c8ab9e76f86fc253de8d91bd47716ccda1f12a0ff3c0afd712860b31b2a8cfc
            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction Fuzzy Hash: 80D022326220319BCB285A95AC04F676D45BFC0EE0F0A006C340BAB800C1048C42C2E0
            Function 0160A830 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction ID: 3ad9d6bd720b394802ab90b911d0c764295442333d37a8ddbba3bfcf5f89e6bf
            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction Fuzzy Hash: 92D012371E054DBBCB119F66DC01F957BA9FBA4BA0F444020B5098B5A0C63AE960D584
            Function 0160CA24 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 22eac3cf23e744978c38815586d49d248984a6dff058c4bc926ba008d42a7b2c
            • Instruction ID: f013145d169007e0237e44c7cfb78ee8500323ea8036820ab41e97d94c062193
            • Opcode Fuzzy Hash: 22eac3cf23e744978c38815586d49d248984a6dff058c4bc926ba008d42a7b2c
            • Instruction Fuzzy Hash: 81D09E349565129BDF1BDB59CD1497A7AB4FF54640B4001A8EA0156660D325D8618650
            Function 015E02A0 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction ID: 4437cab79a962e901dbf3b396a74b6232c81fb6e63e11826cbaac07e37a0bf38
            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction Fuzzy Hash: 86D0E935B56E80CFD61BCB5DC9A8B1973F4BB84B44F854490F541CBB62D66CD944CE40
            Function 0160C700 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction ID: 57c760c6493f3b66af97f890ac709eec1365c6ab2dae7e725f4e154047c1ea6c
            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction Fuzzy Hash: 16C012322A0648AFC716AA99CD01F027BA9FBA8B40F000061F2098B670C631E820EA84
            Function 015F0310 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction ID: 0d70b9a06fa1724c60ccee02c9efc27fa9bf8d9a2a247bf79566db3cc9fac88a
            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction Fuzzy Hash: D2D01236140249EFCB01DF45C890D9A772BFBD8710F148019FD190B6518A31ED62DA50
            Function 015D0750 Relevance: .0, Instructions: 9COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction ID: cd7b09cf0c619f6c707a63227835b74fae942d522f5bcf0d4b14858e1994c36c
            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction Fuzzy Hash: 23C04C757019468FDF15DB59D794F4577E4F754740F1518D0E805CBB21E725E801CA10
            Function 016A4DAD Relevance: .0, Instructions: 6COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
            • Instruction ID: 17572a6833baa482ff890273b725a08df0b23cb588b76be0a16be51d325272d9
            • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
            • Instruction Fuzzy Hash: 3FB01232212546CFC7026720CB00B1836A9BF417C0F0940F466008D830D618C910E501
            Function 01614340 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbc9c33e9610b0c7192809816ae6fb798d2e285bee77de67f09995c9c13f037e
            • Instruction ID: 182ddd8312b6c3dbd46b9c98327660b402796015919df11992be1a0f002ace5f
            • Opcode Fuzzy Hash: dbc9c33e9610b0c7192809816ae6fb798d2e285bee77de67f09995c9c13f037e
            • Instruction Fuzzy Hash: E2900231605C1012914075584C855474049A7E0301B55C011E4424658DCE148A565761
            Function 01614650 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ffe64bcb1a98a50a27c9f476efd8bdca51a0b7909385c16302bd3d99ed59732b
            • Instruction ID: 9ce050461c9b8b02394a3d2d2d408b03ac49e894ec2ea56aa1d32561ea713bcd
            • Opcode Fuzzy Hash: ffe64bcb1a98a50a27c9f476efd8bdca51a0b7909385c16302bd3d99ed59732b
            • Instruction Fuzzy Hash: 1E90026160191042414075584C054076049A7E1301395C115E4554664DCA1889559769
            Function 01612B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 34380866b42ece6ac60211f2d7ed126c69b7bbf17a28dc7f658f7bd6c7942f4a
            • Instruction ID: cbb91de27eb12c448937f5356a817a8e9e5ee2194a90650f999b277ed5e9784d
            • Opcode Fuzzy Hash: 34380866b42ece6ac60211f2d7ed126c69b7bbf17a28dc7f658f7bd6c7942f4a
            • Instruction Fuzzy Hash: C090026120281003410575584C15617404E97E0201B55C021E5014694EC92589916625
            Function 01612BE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b0f4eb3cc581ae0ae895d11b3683fae25519968b127c0f27e2d75103db227075
            • Instruction ID: 7316a9b4f2919a592cdd748088656e9950714ffd01c076508552fcbd645f1553
            • Opcode Fuzzy Hash: b0f4eb3cc581ae0ae895d11b3683fae25519968b127c0f27e2d75103db227075
            • Instruction Fuzzy Hash: 9B90023120585842D14075584C05A47005997D0305F55C011E4064798EDA258E55BB61
            Function 01612BA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 30322239d1f8e9c4e0964240827453e2394f029fb5cfccdc9bdc6882b9fc02e1
            • Instruction ID: c95812f93d79f4ba80725195ba96fcc9526d6746d45e9ceba21a11ee97086a5b
            • Opcode Fuzzy Hash: 30322239d1f8e9c4e0964240827453e2394f029fb5cfccdc9bdc6882b9fc02e1
            • Instruction Fuzzy Hash: EB90023160581802D15075584C15747004997D0301F55C011E4024758ECB558B557BA1
            Function 01612B80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b2a7ce616ca57579efe4ce8d5daecf1c008f8b2eb69eda7dc7f3536bf460d66f
            • Instruction ID: 0847501610ea457dba34d9d40144a0488c0f2ca9136507569e1367d191c0fad9
            • Opcode Fuzzy Hash: b2a7ce616ca57579efe4ce8d5daecf1c008f8b2eb69eda7dc7f3536bf460d66f
            • Instruction Fuzzy Hash: 8E90023120181802D10475584C05687004997D0301F55C011EA024759FDA6589917631
            Function 01612AF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 584344bf19ad418d0b8790ddbf4e8ad314a3cc28b88a0b2a52ff5c71c1040573
            • Instruction ID: 4b9f1fa8396806b2b0981abdb94c5a58f0da719c01d1b2a921af3fd187418abe
            • Opcode Fuzzy Hash: 584344bf19ad418d0b8790ddbf4e8ad314a3cc28b88a0b2a52ff5c71c1040573
            • Instruction Fuzzy Hash: 07900225221810020145B9580E0550B0489A7D6351395C015F5416694DCA2189655721
            Function 01612AD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 82804b25de4a6750f842cb0fa265974d8bbb30ea8779c96341a657b6ca5b7f31
            • Instruction ID: da470a4a43a7eb88612ea0928f6ec341ff8bd35606e6c03f3345fd6fbb17fec6
            • Opcode Fuzzy Hash: 82804b25de4a6750f842cb0fa265974d8bbb30ea8779c96341a657b6ca5b7f31
            • Instruction Fuzzy Hash: 34900225211810030105B9580F05507008A97D5351355C021F5015654DDA2189615621
            Function 01612AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 678c0fcab6939262f0b68bfce60a321d89f6e4708b02d36017aeab0d48611a5c
            • Instruction ID: 51f0601e712df9623c1aa807e8ae6a3e386c3a58192eca49ab1b679d5c42f2cb
            • Opcode Fuzzy Hash: 678c0fcab6939262f0b68bfce60a321d89f6e4708b02d36017aeab0d48611a5c
            • Instruction Fuzzy Hash: F59002A1201950924500B6588C05B0B454997E0201B55C016E5054664DC92589519635
            Function 01612D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e7f4418103e1423287e7ebe8b93eec6f2de92969256f1b8138cf34553198460c
            • Instruction ID: 5bd3f11c1d170827f026bdc04e54e6b636cb1c3d86ede53c1f2a3267f43177a5
            • Opcode Fuzzy Hash: e7f4418103e1423287e7ebe8b93eec6f2de92969256f1b8138cf34553198460c
            • Instruction Fuzzy Hash: 9A90022130181003D14075585C196074049E7E1301F55D011E4414658DDD1589565722
            Function 01612D00 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7b056be94b8f608a9a891dff598454a6b087aed6827322934800898ecbf13f69
            • Instruction ID: 8ae3af0961e17e163f14ed6efd44a61bde7d199a385b156cdf98b44d18c762bc
            • Opcode Fuzzy Hash: 7b056be94b8f608a9a891dff598454a6b087aed6827322934800898ecbf13f69
            • Instruction Fuzzy Hash: 7990022120585442D10079585C09A07004997D0205F55D011E5064699ECA358951A631
            Function 01612D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 680cd5e01ab0f0d4f2b1e24d00b39fca9420e5dc4be62eb81a2c196a04d892d7
            • Instruction ID: d6b9c97ea60c09f22b0e332a2be958f2e17ba507b666c18a5201ff19916f81f5
            • Opcode Fuzzy Hash: 680cd5e01ab0f0d4f2b1e24d00b39fca9420e5dc4be62eb81a2c196a04d892d7
            • Instruction Fuzzy Hash: 8890022921381002D18075585C0960B004997D1202F95D415E401565CDCD1589695721
            Function 01612DD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d4400ff1e14956eea25af7eecb98d9736066453191c0edc1d5d29e80993a733b
            • Instruction ID: ae755583a0ad4ee051405baf45d47e3c91f5a886c01832cfb6b0df815340851f
            • Opcode Fuzzy Hash: d4400ff1e14956eea25af7eecb98d9736066453191c0edc1d5d29e80993a733b
            • Instruction Fuzzy Hash: D1900221242851525545B5584C05507404AA7E0241795C012E5414A54DC9269956DB21
            Function 01612DB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c4346d04603354bfeae4fcf7946a1591e2a047d7052186db883f39cf469d55e0
            • Instruction ID: 19522ceb493b034e23a42e250b192d1ee936899db4701f6dfee97dad8bf6df3c
            • Opcode Fuzzy Hash: c4346d04603354bfeae4fcf7946a1591e2a047d7052186db883f39cf469d55e0
            • Instruction Fuzzy Hash: 2390023124181402D14175584C05607004DA7D0241F95C012E4424658FCA558B56AF61
            Function 01612C60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 91d7e8766ddd396209096271a817aeadfb3d10b1c41f05354077860c5bc7a459
            • Instruction ID: f27590f5075f61692d0762b60d6e86254475afe70700479a13376580bf8b053d
            • Opcode Fuzzy Hash: 91d7e8766ddd396209096271a817aeadfb3d10b1c41f05354077860c5bc7a459
            • Instruction Fuzzy Hash: 6790023120181842D10075584C05B47004997E0301F55C016E4124758ECA15C9517A21
            Function 01612C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2e293fe5b84ac368a4a0bdfe12cddbe9cfc2362aa6d56c4605eddc10e2a687b0
            • Instruction ID: f889ed1cfa4773b280cc71c7ddb9c411a150ecaafc2c97523976c8b5e050171b
            • Opcode Fuzzy Hash: 2e293fe5b84ac368a4a0bdfe12cddbe9cfc2362aa6d56c4605eddc10e2a687b0
            • Instruction Fuzzy Hash: 8D90023120189802D11075588C0574B004997D0301F59C411E842475CECA9589917621
            Function 01612CF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0c0c2235a29883b3e209bd1bbda2346698d6773635f62bcf77674d7d43d12e7e
            • Instruction ID: ba011ee8e54494f1564ca60909a2c7f010109dae1e61afed16ff001c94b1c204
            • Opcode Fuzzy Hash: 0c0c2235a29883b3e209bd1bbda2346698d6773635f62bcf77674d7d43d12e7e
            • Instruction Fuzzy Hash: 5590023120181403D10075585D09707004997D0201F55D411E442465CEDA5689516621
            Function 01612CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 08c1922825a493b42c33940e9339884d0398d4fdf64a1351f3da97e71db8c2ba
            • Instruction ID: a7629691f331ce7ee7786ea1706cb93204456e95af45a9efa837a874631d609d
            • Opcode Fuzzy Hash: 08c1922825a493b42c33940e9339884d0398d4fdf64a1351f3da97e71db8c2ba
            • Instruction Fuzzy Hash: 7790022160581402D14075585C19707005997D0201F55D011E4024658ECA598B556BA1
            Function 01612CA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b590c29623a8487feeb08961c2722d046e05bf47ca0f82eb515fd1136e90bdf1
            • Instruction ID: 0fd791b217d23798141692c51e5c8413608df0afa7fbeadf5a6ef1ae70b95c60
            • Opcode Fuzzy Hash: b590c29623a8487feeb08961c2722d046e05bf47ca0f82eb515fd1136e90bdf1
            • Instruction Fuzzy Hash: 2C90023120181402D10079985C09647004997E0301F55D011E9024659FCA6589916631
            Function 01612F60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8fafa62022b014fbc9640652edac352fd74982f855f52a7aff9deabfffb3628e
            • Instruction ID: 211424f88e307c8fb2dae9aa59790ed887084260a52e7c3573263ae868dadc1f
            • Opcode Fuzzy Hash: 8fafa62022b014fbc9640652edac352fd74982f855f52a7aff9deabfffb3628e
            • Instruction Fuzzy Hash: EB90026121181042D10475584C05707008997E1201F55C012E6154658DC9298D615625
            Function 01612F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9829b8bf5b8e49ab88216082e65ba67f6f910999e325e689a092d116a0d1a210
            • Instruction ID: b02df82243e4eb097a483bfb82dd66210e51dec4323e80a516f33e0624d75724
            • Opcode Fuzzy Hash: 9829b8bf5b8e49ab88216082e65ba67f6f910999e325e689a092d116a0d1a210
            • Instruction Fuzzy Hash: 3F90026134181442D10075584C15B070049D7E1301F55C015E5064658ECA19CD526626
            Function 01612FE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bf99e8023c779d4a2067d628ea230ef158ef8fa55ca9a121b4c6568d671f9775
            • Instruction ID: 8d61b361bc60a45343750d85b577a1da4f5651c903fc5cc6c0ab952afb5a6e06
            • Opcode Fuzzy Hash: bf99e8023c779d4a2067d628ea230ef158ef8fa55ca9a121b4c6568d671f9775
            • Instruction Fuzzy Hash: 5B900221211C1042D20079684C15B07004997D0303F55C115E4154658DCD1589615A21
            Function 01612FA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f9ae916370eb0a9632707bdd35bb78a8883aa287e704dcf04f1088ca0dc004f7
            • Instruction ID: dd6f0fd21885ba96a4362b85e431599dfa89e75604a024e2fc0e3b65c0772a29
            • Opcode Fuzzy Hash: f9ae916370eb0a9632707bdd35bb78a8883aa287e704dcf04f1088ca0dc004f7
            • Instruction Fuzzy Hash: E2900231201C1402D10075584C09747004997D0302F55C011E9164659FCA65C9916A31
            Function 01612FB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0c5394b77865c7da7c55607b7c92e9f0e77b2661c0030382121dac99ddf6a8b2
            • Instruction ID: fb37c67d5be50593c08bd7c6394e8be4d678b1f3622c3447bb98d6c822d377d6
            • Opcode Fuzzy Hash: 0c5394b77865c7da7c55607b7c92e9f0e77b2661c0030382121dac99ddf6a8b2
            • Instruction Fuzzy Hash: B390022160181042414075688C459074049BBE1211755C121E4998654EC95989655B65
            Function 01612F90 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8e2163b064879e2f613defe4685261441c2e98b8a9ef24ab30a0f9a0fb06ca3c
            • Instruction ID: 73f74937a717ec2f65fe6866114243ac865205125b951366e627f7c81cecb004
            • Opcode Fuzzy Hash: 8e2163b064879e2f613defe4685261441c2e98b8a9ef24ab30a0f9a0fb06ca3c
            • Instruction Fuzzy Hash: E4900231201C1402D10075584C1570B004997D0302F55C011E5164659ECA2589516A71
            Function 01612E30 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b8119164aa9d85125471ebaffaea0de6206059906f888643893d5192593301a0
            • Instruction ID: 3ffd90e8e70154620b81279f63ab7a864a72bfe1d90cae1b267e58e529c30c91
            • Opcode Fuzzy Hash: b8119164aa9d85125471ebaffaea0de6206059906f888643893d5192593301a0
            • Instruction Fuzzy Hash: 3790022130181402D10275584C15607004DD7D1345F95C012E5424659ECA258A53A632
            Function 01612EE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 05186317a2b3b32fbccb3c26beb05f3a8b5007939f4faf5f3171bf6af87f79b7
            • Instruction ID: 885b81f58ed79e057bd16e07dcd984f5d28de4dc2461f6936f8f42969f794011
            • Opcode Fuzzy Hash: 05186317a2b3b32fbccb3c26beb05f3a8b5007939f4faf5f3171bf6af87f79b7
            • Instruction Fuzzy Hash: B6900261201C1403D14079584C05607004997D0302F55C011E6064659FCE298D516635
            Function 01612EA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4e55256d0dc0c1f6415fc9f319ab0d1dfc82484d633d7d636122bdd20f050617
            • Instruction ID: bf36bbdc61ccc0d6d2b07e5664eb95841635d23c8cd1ab6a19a7446d1b91be6a
            • Opcode Fuzzy Hash: 4e55256d0dc0c1f6415fc9f319ab0d1dfc82484d633d7d636122bdd20f050617
            • Instruction Fuzzy Hash: 6890027120181402D14075584C05747004997D0301F55C011E9064658FCA598ED56B65
            Function 01612E80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3fc68f86644d78a36b620b12ff5e532c25be8d73f6141186aece8094a3357b29
            • Instruction ID: 20c487206ed887156b1a66d173fba9dccda979343c72250b43d1abd58805ff17
            • Opcode Fuzzy Hash: 3fc68f86644d78a36b620b12ff5e532c25be8d73f6141186aece8094a3357b29
            • Instruction Fuzzy Hash: 1B90022160181502D10175584C05617004E97D0241F95C022E5024659FCE258A92A631
            Function 01613010 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b52e1f274e18111c70c4dc4e0076742631202e910a1613efcd75be380bd43d5
            • Instruction ID: aea657b6dd8581215e6aabb95eab5166c07ae6c70cb241c3e527b86a3e886780
            • Opcode Fuzzy Hash: 2b52e1f274e18111c70c4dc4e0076742631202e910a1613efcd75be380bd43d5
            • Instruction Fuzzy Hash: 0F900221201C5442D14076584C05B0F414997E1202F95C019E8156658DCD1589555B21
            Function 01613090 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 73ac1a79a6e780b5a90d814a307b2ce8cd25890c041567d173c5219c756c9428
            • Instruction ID: 2547bd809a4ece33647f1d332d2b44ff13803446d68000b6dac706def0c044d5
            • Opcode Fuzzy Hash: 73ac1a79a6e780b5a90d814a307b2ce8cd25890c041567d173c5219c756c9428
            • Instruction Fuzzy Hash: 3390022124181802D14075588C15707004AD7D0601F55C011E4024658ECA168A656BB1
            Function 016135C0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 900d143fe8d980f3b1feba00b3663811ee9c61412491fdd852231f881918598d
            • Instruction ID: 3c3f61a017173325ca8e9ec00c062b9c55d1fbc34442aab300bcc62d8822af3a
            • Opcode Fuzzy Hash: 900d143fe8d980f3b1feba00b3663811ee9c61412491fdd852231f881918598d
            • Instruction Fuzzy Hash: C090023160591402D10075584D15707104997D0201F65C411E442466CECB958A516AA2
            Function 016139B0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1aafce500b0e532c8f340b64f3bf2ef3bf3c0cc0560e1be968d6b9208e94e246
            • Instruction ID: e7d6a68b76468e1c6c1b18cf1d64ee903f967c7ef74539dbfe9886db10ea4c49
            • Opcode Fuzzy Hash: 1aafce500b0e532c8f340b64f3bf2ef3bf3c0cc0560e1be968d6b9208e94e246
            • Instruction Fuzzy Hash: B990022124586102D150755C4C056174049B7E0201F55C021E4814698EC95589556721
            Function 01613D70 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b811cdcdaa72b7aa4ff8f5d473dd84891510581a6e760f40e8fc0f9569a0a822
            • Instruction ID: cef4d29ddcb0f6a309c3a40c0a4c8392598d37a1898b57df1faf7695a2931801
            • Opcode Fuzzy Hash: b811cdcdaa72b7aa4ff8f5d473dd84891510581a6e760f40e8fc0f9569a0a822
            • Instruction Fuzzy Hash: 8890023520181402D51075585C05647008A97D0301F55D411E442465CECA5489A1A621
            Function 01613D10 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b85a887065c430160460fb79d904ca6cb33d98e6de249cc51b2fcee771821dde
            • Instruction ID: be2b0a1a3b31bff3413f0eba3e9562a20931b89c3eccdf378efdc6a86fb67dae
            • Opcode Fuzzy Hash: b85a887065c430160460fb79d904ca6cb33d98e6de249cc51b2fcee771821dde
            • Instruction Fuzzy Hash: C790023120281142954076585C05A4F414997E1302B95D415E4015658DCD1489615721
            Function 01612C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction ID: b63a207241a7d351a0224af561503c5aa0c46b6dd5a1f7ba940cc6fb92d7acec
            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction Fuzzy Hash:
            Function 01612890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: a84ad75c20e76b955be83d7b7d08a7def6e367b0c8d50d514152ddbdb6f608f7
            • Instruction ID: a6829fc1494ed08a29d009c1b379e38989a7217fff204e3aacebfd26a27646cd
            • Opcode Fuzzy Hash: a84ad75c20e76b955be83d7b7d08a7def6e367b0c8d50d514152ddbdb6f608f7
            • Instruction Fuzzy Hash: CC5105B6A00116BFDB11DFAD8DA097EFBB9BB08240728C62DE465D7645D334DE048BE0
            Function 01682410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: 36679c72ce197927796b574291c802500f83e77b53a68c015bf0ee37bfccb3e9
            • Instruction ID: 0291b412cc02ec8d45f4a7afa689cf95188b85626742bb7300c8cdf1b8f298d3
            • Opcode Fuzzy Hash: 36679c72ce197927796b574291c802500f83e77b53a68c015bf0ee37bfccb3e9
            • Instruction Fuzzy Hash: 9E51F2B5A40646AECB30EF9CCCA097FBBF9AF44200B44856DE596D7641E774EA40CB70
            Function 01607630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
            Download Yara Rule
            Strings
            • ExecuteOptions, xrefs: 016446A0
            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01644655
            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 016446FC
            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01644787
            • Execute=1, xrefs: 01644713
            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01644725
            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01644742
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
            • API String ID: 0-484625025
            • Opcode ID: ca9a686d4ef9c95a35401a783ce2c1571973cd9a9fb3a957a3b2b53ffa9869ef
            • Instruction ID: 4b0fe321ec20cde6c7a47b971ffe006fd5c8eef090666b5e83ecc46271278e6c
            • Opcode Fuzzy Hash: ca9a686d4ef9c95a35401a783ce2c1571973cd9a9fb3a957a3b2b53ffa9869ef
            • Instruction Fuzzy Hash: B6513931600219ABEF26EBA8DC95FBB77A9EF14340F14009DE605AB2C1DB71AA41CF54
            Function 0161B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-$0$0
            • API String ID: 1302938615-699404926
            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction ID: cf8ea444b8e580e21110bfaedaec8086839a30b4b3bda6d4a713893810f8fec0
            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction Fuzzy Hash: CA81DE70E012598EEF25CE6CCC907FEBBB2AF55720F1C451AE861A7399C7308841CBA5
            Function 015FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
            Download Yara Rule
            Strings
            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016402BD
            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016402E7
            • RTL: Re-Waiting, xrefs: 0164031E
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
            • API String ID: 0-2474120054
            • Opcode ID: 036ba71c880b657eea9a155099776c5fa2959b3639ad5c053df3cef4d7a93129
            • Instruction ID: 3c4e0c2430ff69e935962ef3eb260d0cfe018f910f7c33dc96a9e803480b1891
            • Opcode Fuzzy Hash: 036ba71c880b657eea9a155099776c5fa2959b3639ad5c053df3cef4d7a93129
            • Instruction Fuzzy Hash: D4E1DE326047429FD725CF28C884B6ABBE1BF88714F144A5EF6A58B7E1DB74D844CB42
            Function 0160BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
            Download Yara Rule
            Strings
            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01647B7F
            • RTL: Resource at %p, xrefs: 01647B8E
            • RTL: Re-Waiting, xrefs: 01647BAC
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 0-871070163
            • Opcode ID: 16f26cfd364800c20624b7761f824253ed780ba2ba8c18bee429d358febfc4d9
            • Instruction ID: 25b596e2ba3af5a01ec735de879af6806ab70b934ae38a1761c924a1b16fa899
            • Opcode Fuzzy Hash: 16f26cfd364800c20624b7761f824253ed780ba2ba8c18bee429d358febfc4d9
            • Instruction Fuzzy Hash: BF41B0353007029FD72ADE29CC40B6BB7E5EB98710F104A1DFA5A9B780DB71E8458B96
            Function 0160B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0164728C
            Strings
            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01647294
            • RTL: Resource at %p, xrefs: 016472A3
            • RTL: Re-Waiting, xrefs: 016472C1
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 885266447-605551621
            • Opcode ID: 5fe3fd9fb6ae367bf13822fb95e0062c44e7b0b3c9e55da8c634731daad766a7
            • Instruction ID: e1238dfcfdae055a42ce7875f05afb3fd8e61356c544f87e901477b7f4c96a9f
            • Opcode Fuzzy Hash: 5fe3fd9fb6ae367bf13822fb95e0062c44e7b0b3c9e55da8c634731daad766a7
            • Instruction Fuzzy Hash: 5741FD36701206ABC726CE29CC41B6BBBA6FB94710F14861DFD55AB380DB21E8428BD5
            Function 01682300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$]:%u
            • API String ID: 48624451-3050659472
            • Opcode ID: 600f8f4200974141110fdaa2e6783cb977045a1ea0123588a816c6dc7dee7504
            • Instruction ID: 29e06732338423ee4b1bb3371d61e4d00436fcb68d1b9a4771ba9b6a7cf0041f
            • Opcode Fuzzy Hash: 600f8f4200974141110fdaa2e6783cb977045a1ea0123588a816c6dc7dee7504
            • Instruction Fuzzy Hash: 7A318476A006199FDB20DE2DCC60BEEB7F9FF44610F84455DE949E3200EB309A54CBA0
            Function 01617D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-
            • API String ID: 1302938615-2137968064
            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction ID: ace941460e368821aa6f428ddda428c04fbb94928c2701d23176c5c0dadd7102
            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction Fuzzy Hash: 75919F71E0020A9EEB24DF6DCC81ABFBBA5AF44320F6C851AE955E73C8D7309941CB51
            Function 015D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015A0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_5_2_15a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $$@
            • API String ID: 0-1194432280
            • Opcode ID: 48ce21ca832979924d87d715c0fd444eecdc9dcb7635dc7852b2e4db1322e03f
            • Instruction ID: e69fd9672c7834d4cc505d899c1589fd873e7f0d378dea599e4ec067329f5ce9
            • Opcode Fuzzy Hash: 48ce21ca832979924d87d715c0fd444eecdc9dcb7635dc7852b2e4db1322e03f
            • Instruction Fuzzy Hash: 73810B71D0026A9BDB35CB58CC55BEEB6B4BF48714F0041DAEA19B7280D7705E85CFA4