Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ungziped_file.exe

Overview

General Information

Sample name:ungziped_file.exe
Analysis ID:1527841
MD5:8a0c4eed07d28836f39cf33bc6640940
SHA1:281603fb0f6c50b97db2b6835762c7f5c4c6a94f
SHA256:f7a37ab3f4c3f7e67fc347335869a9616f6658f3a45465697a58585ddb7e7caf
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • ungziped_file.exe (PID: 5364 cmdline: "C:\Users\user\Desktop\ungziped_file.exe" MD5: 8A0C4EED07D28836F39CF33BC6640940)
    • ungziped_file.exe (PID: 7220 cmdline: "C:\Users\user\Desktop\ungziped_file.exe" MD5: 8A0C4EED07D28836F39CF33BC6640940)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.1639030776.0000000001940000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.1639030776.0000000001940000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bb70:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13cff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ef43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x170d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      Process Memory Space: ungziped_file.exe PID: 5364JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        10.2.ungziped_file.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          10.2.ungziped_file.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ef43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x170d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          10.2.ungziped_file.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            10.2.ungziped_file.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e143:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x162d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: ungziped_file.exeReversingLabs: Detection: 31%
            Source: ungziped_file.exeVirustotal: Detection: 33%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 10.2.ungziped_file.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.ungziped_file.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.1639030776.0000000001940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: ungziped_file.exeJoe Sandbox ML: detected
            Source: ungziped_file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: ungziped_file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: Ydzd.pdb source: ungziped_file.exe
            Source: Binary string: wntdll.pdbUGP source: ungziped_file.exe, 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: ungziped_file.exe, ungziped_file.exe, 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: Ydzd.pdbSHA256I source: ungziped_file.exe

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 10.2.ungziped_file.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.ungziped_file.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.1639030776.0000000001940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 10.2.ungziped_file.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 10.2.ungziped_file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.1639030776.0000000001940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0042C233 NtClose,10_2_0042C233
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_01662DF0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_01662C70
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016635C0 NtCreateMutant,LdrInitializeThunk,10_2_016635C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01664340 NtSetContextThread,10_2_01664340
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01664650 NtSuspendThread,10_2_01664650
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662B60 NtClose,10_2_01662B60
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662BE0 NtQueryValueKey,10_2_01662BE0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662BF0 NtAllocateVirtualMemory,10_2_01662BF0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662BA0 NtEnumerateValueKey,10_2_01662BA0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662B80 NtQueryInformationFile,10_2_01662B80
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662AF0 NtWriteFile,10_2_01662AF0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662AD0 NtReadFile,10_2_01662AD0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662AB0 NtWaitForSingleObject,10_2_01662AB0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662D30 NtUnmapViewOfSection,10_2_01662D30
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662D00 NtSetInformationFile,10_2_01662D00
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662D10 NtMapViewOfSection,10_2_01662D10
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662DD0 NtDelayExecution,10_2_01662DD0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662DB0 NtEnumerateKey,10_2_01662DB0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662C60 NtCreateKey,10_2_01662C60
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662C00 NtQueryInformationProcess,10_2_01662C00
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662CF0 NtOpenProcess,10_2_01662CF0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662CC0 NtQueryVirtualMemory,10_2_01662CC0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662CA0 NtQueryInformationToken,10_2_01662CA0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662F60 NtCreateProcessEx,10_2_01662F60
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662F30 NtCreateSection,10_2_01662F30
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662FE0 NtCreateFile,10_2_01662FE0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662FA0 NtQuerySection,10_2_01662FA0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662FB0 NtResumeThread,10_2_01662FB0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662F90 NtProtectVirtualMemory,10_2_01662F90
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662E30 NtWriteVirtualMemory,10_2_01662E30
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662EE0 NtQueueApcThread,10_2_01662EE0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662EA0 NtAdjustPrivilegesToken,10_2_01662EA0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662E80 NtReadVirtualMemory,10_2_01662E80
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01663010 NtOpenDirectoryObject,10_2_01663010
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01663090 NtSetValueKey,10_2_01663090
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016639B0 NtGetContextThread,10_2_016639B0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01663D70 NtOpenThread,10_2_01663D70
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01663D10 NtOpenProcessToken,10_2_01663D10
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_01B0D55C0_2_01B0D55C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_05916A480_2_05916A48
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_059100060_2_05910006
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_059100400_2_05910040
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_05916A380_2_05916A38
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_05A098380_2_05A09838
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_05A098480_2_05A09848
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_07DB87180_2_07DB8718
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_07DB6E390_2_07DB6E39
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_07DB47B00_2_07DB47B0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_07DB55980_2_07DB5598
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_07DB2CC00_2_07DB2CC0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_07DB514F0_2_07DB514F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_07DB51600_2_07DB5160
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_07DB31080_2_07DB3108
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_07DB00070_2_07DB0007
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0042E83310_2_0042E833
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0040315010_2_00403150
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0040122010_2_00401220
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0040FB6310_2_0040FB63
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0041644310_2_00416443
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_004024C510_2_004024C5
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_004024D010_2_004024D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_00401D7610_2_00401D76
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_00401D8010_2_00401D80
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0040FD8310_2_0040FD83
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0040DE0310_2_0040DE03
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0040268010_2_00402680
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B815810_2_016B8158
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162010010_2_01620100
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CA11810_2_016CA118
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E81CC10_2_016E81CC
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F01AA10_2_016F01AA
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E41A210_2_016E41A2
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C200010_2_016C2000
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EA35210_2_016EA352
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F03E610_2_016F03E6
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163E3F010_2_0163E3F0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D027410_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B02C010_2_016B02C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163053510_2_01630535
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F059110_2_016F0591
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E244610_2_016E2446
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D442010_2_016D4420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016DE4F610_2_016DE4F6
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163077010_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165475010_2_01654750
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162C7C010_2_0162C7C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164C6E010_2_0164C6E0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164696210_2_01646962
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A010_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016FA9A610_2_016FA9A6
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163A84010_2_0163A840
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163284010_2_01632840
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E8F010_2_0165E8F0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016168B810_2_016168B8
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EAB4010_2_016EAB40
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E6BD710_2_016E6BD7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162EA8010_2_0162EA80
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163AD0010_2_0163AD00
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CCD1F10_2_016CCD1F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162ADE010_2_0162ADE0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01648DBF10_2_01648DBF
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630C0010_2_01630C00
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01620CF210_2_01620CF2
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0CB510_2_016D0CB5
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A4F4010_2_016A4F40
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01672F2810_2_01672F28
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01650F3010_2_01650F30
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D2F3010_2_016D2F30
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163CFE010_2_0163CFE0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01622FC810_2_01622FC8
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AEFA010_2_016AEFA0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630E5910_2_01630E59
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EEE2610_2_016EEE26
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EEEDB10_2_016EEEDB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01642E9010_2_01642E90
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016ECE9310_2_016ECE93
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016FB16B10_2_016FB16B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0166516C10_2_0166516C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161F17210_2_0161F172
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163B1B010_2_0163B1B0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E70E910_2_016E70E9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EF0E010_2_016EF0E0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016DF0CC10_2_016DF0CC
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016370C010_2_016370C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161D34C10_2_0161D34C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E132D10_2_016E132D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0167739A10_2_0167739A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D12ED10_2_016D12ED
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164B2C010_2_0164B2C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016352A010_2_016352A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E757110_2_016E7571
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CD5B010_2_016CD5B0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162146010_2_01621460
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EF43F10_2_016EF43F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EF7B010_2_016EF7B0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0167563010_2_01675630
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E16CC10_2_016E16CC
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163995010_2_01639950
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164B95010_2_0164B950
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C591010_2_016C5910
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169D80010_2_0169D800
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016338E010_2_016338E0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EFB7610_2_016EFB76
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A5BF010_2_016A5BF0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0166DBF910_2_0166DBF9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164FB8010_2_0164FB80
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A3A6C10_2_016A3A6C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EFA4910_2_016EFA49
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E7A4610_2_016E7A46
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016DDAC610_2_016DDAC6
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CDAAC10_2_016CDAAC
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01675AA010_2_01675AA0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D1AA310_2_016D1AA3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E7D7310_2_016E7D73
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01633D4010_2_01633D40
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E1D5A10_2_016E1D5A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164FDC010_2_0164FDC0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A9C3210_2_016A9C32
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EFCF210_2_016EFCF2
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EFF0910_2_016EFF09
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EFFB110_2_016EFFB1
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01631F9210_2_01631F92
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01639EB010_2_01639EB0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: String function: 01677E54 appears 111 times
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: String function: 016AF290 appears 105 times
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: String function: 01665130 appears 58 times
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: String function: 0161B970 appears 277 times
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: String function: 0169EA12 appears 86 times
            Source: ungziped_file.exe, 00000000.00000002.1278217632.000000000171E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ungziped_file.exe
            Source: ungziped_file.exe, 00000000.00000002.1282796656.0000000004429000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs ungziped_file.exe
            Source: ungziped_file.exe, 00000000.00000002.1286006499.0000000007CE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs ungziped_file.exe
            Source: ungziped_file.exe, 00000000.00000002.1282796656.000000000464D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs ungziped_file.exe
            Source: ungziped_file.exe, 0000000A.00000002.1638245421.000000000171D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ungziped_file.exe
            Source: ungziped_file.exeBinary or memory string: OriginalFilenameYdzd.exe8 vs ungziped_file.exe
            Source: ungziped_file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 10.2.ungziped_file.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 10.2.ungziped_file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.1639030776.0000000001940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: ungziped_file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, vS9xfwLlbD2jjgGjAp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, vS9xfwLlbD2jjgGjAp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, vS9xfwLlbD2jjgGjAp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, iTwxhOGrV12vliSbja.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, iTwxhOGrV12vliSbja.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, iTwxhOGrV12vliSbja.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, iTwxhOGrV12vliSbja.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, iTwxhOGrV12vliSbja.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, iTwxhOGrV12vliSbja.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, iTwxhOGrV12vliSbja.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, iTwxhOGrV12vliSbja.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, iTwxhOGrV12vliSbja.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal88.troj.evad.winEXE@3/1@0/0
            Source: C:\Users\user\Desktop\ungziped_file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ungziped_file.exe.logJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeMutant created: NULL
            Source: ungziped_file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: ungziped_file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\ungziped_file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: ungziped_file.exeReversingLabs: Detection: 31%
            Source: ungziped_file.exeVirustotal: Detection: 33%
            Source: unknownProcess created: C:\Users\user\Desktop\ungziped_file.exe "C:\Users\user\Desktop\ungziped_file.exe"
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess created: C:\Users\user\Desktop\ungziped_file.exe "C:\Users\user\Desktop\ungziped_file.exe"
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess created: C:\Users\user\Desktop\ungziped_file.exe "C:\Users\user\Desktop\ungziped_file.exe"Jump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: ungziped_file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: ungziped_file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: ungziped_file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: Ydzd.pdb source: ungziped_file.exe
            Source: Binary string: wntdll.pdbUGP source: ungziped_file.exe, 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: ungziped_file.exe, ungziped_file.exe, 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: Ydzd.pdbSHA256I source: ungziped_file.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: ungziped_file.exe, Form1.cs.Net Code: InitializeComponent contains xor as well as GetObject
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, iTwxhOGrV12vliSbja.cs.Net Code: C3KEgfy1Ry System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, iTwxhOGrV12vliSbja.cs.Net Code: C3KEgfy1Ry System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, iTwxhOGrV12vliSbja.cs.Net Code: C3KEgfy1Ry System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ungziped_file.exe.5fc0000.3.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ungziped_file.exe.345490c.0.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_01B0F533 push esp; iretd 0_2_01B0F539
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_01B0F508 pushfd ; iretd 0_2_01B0F531
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_05919FB3 push eax; mov dword ptr [esp], edx0_2_05919F54
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_05919F40 push eax; mov dword ptr [esp], edx0_2_05919F54
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 0_2_07DB4F20 pushfd ; retf 0_2_07DB4F2D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0041184E push 5C489864h; ret 10_2_00411868
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_004020E5 push esi; iretd 10_2_00402113
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_00416A58 push edi; retf 10_2_00416A5B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0040D2BC push ebp; iretd 10_2_0040D2D7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_00401B3D push ebp; ret 10_2_00401B3E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_004033D0 push eax; ret 10_2_004033D2
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0041E38B push ss; ret 10_2_0041E392
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_004144F3 push ecx; retf 10_2_004144F4
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0041E64F push edi; ret 10_2_0041E650
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_00411743 push ebx; retf 10_2_00411758
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0041E70B push esp; retf 10_2_0041E70C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_00422FD9 push edx; iretd 10_2_00422FE0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016209AD push ecx; mov dword ptr [esp], ecx10_2_016209B6
            Source: ungziped_file.exeStatic PE information: section name: .text entropy: 7.986334045340147
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, a9jkVSSADUTFaXjN3p.csHigh entropy of concatenated method names: 'm1Y6IbKrQm', 'URp64o6RNP', 'VsK6oy2AUw', 'iU261DQGxQ', 'nw46GLA0bF', 'fgdoUwyC2A', 'BqHoB8UWeG', 'g3foJshkbg', 'HuRokQUI4F', 'GJAotgdHbf'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, oaBqeZ4YcuaGJvxvDM.csHigh entropy of concatenated method names: 'Dispose', 'l5XatLR88N', 'dMXmXCIN6a', 'CLcPPivIfK', 'kK8aDtHMgi', 'N6WaznF4Fd', 'ProcessDialogKey', 'yt3m5jIYZl', 'CA4mahhQ8G', 'iJqmmYxvMc'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, NlPP4AaOy0Lv7FhAIjp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sLCxNly3uL', 'dK9xWw43tk', 'fKtxr8x5cj', 'vdpxFSbIrM', 'uK2xULTvSH', 'dtYxBu1OF9', 'rAaxJyGemM'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, vS9xfwLlbD2jjgGjAp.csHigh entropy of concatenated method names: 'LxA4NIiiXO', 'qO94WZodkJ', 'XcL4rhbhjU', 'e2m4FIv37g', 'NnZ4Ug5xo7', 'rHx4BLBR6L', 'oLm4JiYgRr', 'IWa4kX0nwo', 'rBM4t2O8Jq', 'UAo4DfgHbg'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, IjIYZltTA4hhQ8G6Jq.csHigh entropy of concatenated method names: 'IA7nSJAdon', 'NffnXemu11', 'xgjnCSlICT', 'xYUn3AI9BA', 'VStnN1Ycms', 'IY7nRJZNbZ', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, VNyRXcHmATYaTdIJS8.csHigh entropy of concatenated method names: 'HiRAL24OuW', 'IOBAVUUuYC', 'ic6ASwy2so', 'HxIAX6CVlY', 'jehA3bOg5i', 'suHARZODYI', 'XhJA7dl19M', 'auiAyIaOCt', 'T8NAd5InnI', 'eGjA2lof1B'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, rvLRV9uoqPItNf4Bq6.csHigh entropy of concatenated method names: 'GLS1QJYRda', 'YNY1ljwgqq', 'gYJ1gYQK35', 'asI1ZCG5If', 'RrH1PKie3Y', 'd501sakhAt', 'ycS1TGf0fv', 'BCc1Ln0Ok5', 'rBN1VRBqjr', 'UlZ1jHsOEO'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, u2HNfo7CRPPmHC5IS1.csHigh entropy of concatenated method names: 'wPQ1cFU5tY', 'KBr1qSdNDl', 'fDs16WcNnG', 'rJu6DDKXKp', 'XQ76zMJ5w4', 'Sxm15qrl8R', 'yna1aQXtXs', 'JFy1mkQaA9', 'SA41OlmHqx', 'HBX1E855A5'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, NmDeEEa5QUS3Ll4S9vV.csHigh entropy of concatenated method names: 'WVTwQs8f06', 'xJRwlGOkPQ', 'qXmwgVjNWs', 'ykfwZaqr6A', 'UWKwPDXqC2', 'sVFwswfs3l', 'U07wToSFG3', 'yUGwLgH0LF', 'qHAwVvihNu', 'qmLwjhoZdF'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, iTwxhOGrV12vliSbja.csHigh entropy of concatenated method names: 'EnIOI6icoM', 'WThOcdYVrl', 'mBrO4yvbIl', 'GPXOqpWpE6', 'T57OojZIVZ', 'Y55O61KG2G', 'hgsO1jH45B', 'TGCOGtOtkS', 'BVfO9ols4J', 'uYsOYphNgv'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, LkHSWTFSlOv9G4IsSy.csHigh entropy of concatenated method names: 'nYSbYiCCm6', 'b3Ube5DR4C', 'ToString', 'RYDbcsbpHl', 'FI3b4ZRyug', 'ItFbqihV7Z', 'u7QboCKVLK', 'YHob6td0k4', 'QRvb1sCNHO', 'MtwbGA3kBk'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, Rwnfb4z06w9bFlhF4U.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'x4dwAp29Gg', 'dVPwiHOYkQ', 'sGxwfkUnQs', 'UxiwbPZuGn', 'Vndwn2Hl0q', 'Sb8wwUyK5V', 'zqYwxv6oPD'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, MXqOyyj9sSU5L62TT2.csHigh entropy of concatenated method names: 'z1MoP0C2CY', 'iQqoTdStO6', 'PZUqC07v1E', 'z0Zq3N0AgG', 'iLqqRIvdEt', 'MuFqMomfjy', 'sNBq7tVCyN', 'GYlqyWHjoU', 'm8lqusMsvE', 'I9Vqd1xDcj'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, mxvMchDw0pf1PhHkRj.csHigh entropy of concatenated method names: 'NVawaArrnd', 'EVGwOb762v', 'qMOwESfhYa', 'VUZwcGeHp4', 'P99w4MEmgC', 'Qs9wo3YfHy', 'oAlw6Wpy8K', 'lZ4nJhhFnS', 'Opfnkkybiu', 'loBntqkWK3'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, el7VsZmLgZw5wascoJ.csHigh entropy of concatenated method names: 'aVsgw14OF', 'V0SZuMwaN', 'h1Msy1xsy', 'zE1TwppDf', 'iQpVKYvX9', 'QKfj4SW3w', 'lL96n7Hgb6y1C1K3sp', 'gIKmpqliBLwq2eRrL7', 'Q9YnncRNL', 'D8ixKjy8h'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, P8tHMgkiu6WnF4Fdlt.csHigh entropy of concatenated method names: 'Ff1ncs56uR', 'gRTn4TJpqu', 'qRanqhhEXk', 'IfOnoEugKL', 'dVJn6E2jE7', 'JuRn11CEiO', 'VetnG7cO3c', 'B0jn966Eci', 'lyknYcO2A3', 'QCineYmDrB'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, OnFYhxVZZ3W3Kf7UNf.csHigh entropy of concatenated method names: 'aVAqZLiTSB', 'YcgqsInPRE', 'hudqLYpfRj', 'MlqqViSahx', 'SKRqiQH4HI', 'cmyqfaguHO', 'Ai6qbB4ApB', 'c2Oqnf5R17', 'kFBqwYvqpU', 'JWsqxWFw8u'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, fYcq1WEa9EkpaYhIcX.csHigh entropy of concatenated method names: 'v40a1S9xfw', 'ybDaG2jjgG', 'sZZaY3W3Kf', 'KUNaefuXqO', 'j2TaiT259j', 'XVSafADUTF', 'B4rRNhrkdM57X0dkwp', 'qj4GaAtl1AUjmbrbln', 'D7WaaU7bIm', 'QZ7aOTjR7q'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, XvtBylrffYkBwSxAA9.csHigh entropy of concatenated method names: 'ToString', 'WtEf2Xsjsk', 'dlKfX0iN9h', 'DfKfCUSZ4u', 'kbyf3DjHaI', 'ICUfRP0evn', 'Eu7fM1I5Sf', 'qGDf7t18cP', 'fhLfyTLmbx', 'D61fubfCVe'
            Source: 0.2.ungziped_file.exe.7ce0000.4.raw.unpack, VkrSMFNK0AxJ33BeE1.csHigh entropy of concatenated method names: 'B0Lid4M3xc', 'L4viKGNefu', 'vMjiNnPEWd', 'EcEiWl9PBS', 'vWSiXLNS9n', 'uM7iCNY5CZ', 's4ri38LOiE', 'hm8iRbKE5v', 'PgiiMODYyv', 'KDhi7em0xF'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, a9jkVSSADUTFaXjN3p.csHigh entropy of concatenated method names: 'm1Y6IbKrQm', 'URp64o6RNP', 'VsK6oy2AUw', 'iU261DQGxQ', 'nw46GLA0bF', 'fgdoUwyC2A', 'BqHoB8UWeG', 'g3foJshkbg', 'HuRokQUI4F', 'GJAotgdHbf'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, oaBqeZ4YcuaGJvxvDM.csHigh entropy of concatenated method names: 'Dispose', 'l5XatLR88N', 'dMXmXCIN6a', 'CLcPPivIfK', 'kK8aDtHMgi', 'N6WaznF4Fd', 'ProcessDialogKey', 'yt3m5jIYZl', 'CA4mahhQ8G', 'iJqmmYxvMc'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, NlPP4AaOy0Lv7FhAIjp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sLCxNly3uL', 'dK9xWw43tk', 'fKtxr8x5cj', 'vdpxFSbIrM', 'uK2xULTvSH', 'dtYxBu1OF9', 'rAaxJyGemM'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, vS9xfwLlbD2jjgGjAp.csHigh entropy of concatenated method names: 'LxA4NIiiXO', 'qO94WZodkJ', 'XcL4rhbhjU', 'e2m4FIv37g', 'NnZ4Ug5xo7', 'rHx4BLBR6L', 'oLm4JiYgRr', 'IWa4kX0nwo', 'rBM4t2O8Jq', 'UAo4DfgHbg'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, IjIYZltTA4hhQ8G6Jq.csHigh entropy of concatenated method names: 'IA7nSJAdon', 'NffnXemu11', 'xgjnCSlICT', 'xYUn3AI9BA', 'VStnN1Ycms', 'IY7nRJZNbZ', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, VNyRXcHmATYaTdIJS8.csHigh entropy of concatenated method names: 'HiRAL24OuW', 'IOBAVUUuYC', 'ic6ASwy2so', 'HxIAX6CVlY', 'jehA3bOg5i', 'suHARZODYI', 'XhJA7dl19M', 'auiAyIaOCt', 'T8NAd5InnI', 'eGjA2lof1B'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, rvLRV9uoqPItNf4Bq6.csHigh entropy of concatenated method names: 'GLS1QJYRda', 'YNY1ljwgqq', 'gYJ1gYQK35', 'asI1ZCG5If', 'RrH1PKie3Y', 'd501sakhAt', 'ycS1TGf0fv', 'BCc1Ln0Ok5', 'rBN1VRBqjr', 'UlZ1jHsOEO'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, u2HNfo7CRPPmHC5IS1.csHigh entropy of concatenated method names: 'wPQ1cFU5tY', 'KBr1qSdNDl', 'fDs16WcNnG', 'rJu6DDKXKp', 'XQ76zMJ5w4', 'Sxm15qrl8R', 'yna1aQXtXs', 'JFy1mkQaA9', 'SA41OlmHqx', 'HBX1E855A5'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, NmDeEEa5QUS3Ll4S9vV.csHigh entropy of concatenated method names: 'WVTwQs8f06', 'xJRwlGOkPQ', 'qXmwgVjNWs', 'ykfwZaqr6A', 'UWKwPDXqC2', 'sVFwswfs3l', 'U07wToSFG3', 'yUGwLgH0LF', 'qHAwVvihNu', 'qmLwjhoZdF'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, iTwxhOGrV12vliSbja.csHigh entropy of concatenated method names: 'EnIOI6icoM', 'WThOcdYVrl', 'mBrO4yvbIl', 'GPXOqpWpE6', 'T57OojZIVZ', 'Y55O61KG2G', 'hgsO1jH45B', 'TGCOGtOtkS', 'BVfO9ols4J', 'uYsOYphNgv'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, LkHSWTFSlOv9G4IsSy.csHigh entropy of concatenated method names: 'nYSbYiCCm6', 'b3Ube5DR4C', 'ToString', 'RYDbcsbpHl', 'FI3b4ZRyug', 'ItFbqihV7Z', 'u7QboCKVLK', 'YHob6td0k4', 'QRvb1sCNHO', 'MtwbGA3kBk'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, Rwnfb4z06w9bFlhF4U.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'x4dwAp29Gg', 'dVPwiHOYkQ', 'sGxwfkUnQs', 'UxiwbPZuGn', 'Vndwn2Hl0q', 'Sb8wwUyK5V', 'zqYwxv6oPD'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, MXqOyyj9sSU5L62TT2.csHigh entropy of concatenated method names: 'z1MoP0C2CY', 'iQqoTdStO6', 'PZUqC07v1E', 'z0Zq3N0AgG', 'iLqqRIvdEt', 'MuFqMomfjy', 'sNBq7tVCyN', 'GYlqyWHjoU', 'm8lqusMsvE', 'I9Vqd1xDcj'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, mxvMchDw0pf1PhHkRj.csHigh entropy of concatenated method names: 'NVawaArrnd', 'EVGwOb762v', 'qMOwESfhYa', 'VUZwcGeHp4', 'P99w4MEmgC', 'Qs9wo3YfHy', 'oAlw6Wpy8K', 'lZ4nJhhFnS', 'Opfnkkybiu', 'loBntqkWK3'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, el7VsZmLgZw5wascoJ.csHigh entropy of concatenated method names: 'aVsgw14OF', 'V0SZuMwaN', 'h1Msy1xsy', 'zE1TwppDf', 'iQpVKYvX9', 'QKfj4SW3w', 'lL96n7Hgb6y1C1K3sp', 'gIKmpqliBLwq2eRrL7', 'Q9YnncRNL', 'D8ixKjy8h'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, P8tHMgkiu6WnF4Fdlt.csHigh entropy of concatenated method names: 'Ff1ncs56uR', 'gRTn4TJpqu', 'qRanqhhEXk', 'IfOnoEugKL', 'dVJn6E2jE7', 'JuRn11CEiO', 'VetnG7cO3c', 'B0jn966Eci', 'lyknYcO2A3', 'QCineYmDrB'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, OnFYhxVZZ3W3Kf7UNf.csHigh entropy of concatenated method names: 'aVAqZLiTSB', 'YcgqsInPRE', 'hudqLYpfRj', 'MlqqViSahx', 'SKRqiQH4HI', 'cmyqfaguHO', 'Ai6qbB4ApB', 'c2Oqnf5R17', 'kFBqwYvqpU', 'JWsqxWFw8u'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, fYcq1WEa9EkpaYhIcX.csHigh entropy of concatenated method names: 'v40a1S9xfw', 'ybDaG2jjgG', 'sZZaY3W3Kf', 'KUNaefuXqO', 'j2TaiT259j', 'XVSafADUTF', 'B4rRNhrkdM57X0dkwp', 'qj4GaAtl1AUjmbrbln', 'D7WaaU7bIm', 'QZ7aOTjR7q'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, XvtBylrffYkBwSxAA9.csHigh entropy of concatenated method names: 'ToString', 'WtEf2Xsjsk', 'dlKfX0iN9h', 'DfKfCUSZ4u', 'kbyf3DjHaI', 'ICUfRP0evn', 'Eu7fM1I5Sf', 'qGDf7t18cP', 'fhLfyTLmbx', 'D61fubfCVe'
            Source: 0.2.ungziped_file.exe.46e0228.2.raw.unpack, VkrSMFNK0AxJ33BeE1.csHigh entropy of concatenated method names: 'B0Lid4M3xc', 'L4viKGNefu', 'vMjiNnPEWd', 'EcEiWl9PBS', 'vWSiXLNS9n', 'uM7iCNY5CZ', 's4ri38LOiE', 'hm8iRbKE5v', 'PgiiMODYyv', 'KDhi7em0xF'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, a9jkVSSADUTFaXjN3p.csHigh entropy of concatenated method names: 'm1Y6IbKrQm', 'URp64o6RNP', 'VsK6oy2AUw', 'iU261DQGxQ', 'nw46GLA0bF', 'fgdoUwyC2A', 'BqHoB8UWeG', 'g3foJshkbg', 'HuRokQUI4F', 'GJAotgdHbf'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, oaBqeZ4YcuaGJvxvDM.csHigh entropy of concatenated method names: 'Dispose', 'l5XatLR88N', 'dMXmXCIN6a', 'CLcPPivIfK', 'kK8aDtHMgi', 'N6WaznF4Fd', 'ProcessDialogKey', 'yt3m5jIYZl', 'CA4mahhQ8G', 'iJqmmYxvMc'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, NlPP4AaOy0Lv7FhAIjp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'sLCxNly3uL', 'dK9xWw43tk', 'fKtxr8x5cj', 'vdpxFSbIrM', 'uK2xULTvSH', 'dtYxBu1OF9', 'rAaxJyGemM'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, vS9xfwLlbD2jjgGjAp.csHigh entropy of concatenated method names: 'LxA4NIiiXO', 'qO94WZodkJ', 'XcL4rhbhjU', 'e2m4FIv37g', 'NnZ4Ug5xo7', 'rHx4BLBR6L', 'oLm4JiYgRr', 'IWa4kX0nwo', 'rBM4t2O8Jq', 'UAo4DfgHbg'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, IjIYZltTA4hhQ8G6Jq.csHigh entropy of concatenated method names: 'IA7nSJAdon', 'NffnXemu11', 'xgjnCSlICT', 'xYUn3AI9BA', 'VStnN1Ycms', 'IY7nRJZNbZ', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, VNyRXcHmATYaTdIJS8.csHigh entropy of concatenated method names: 'HiRAL24OuW', 'IOBAVUUuYC', 'ic6ASwy2so', 'HxIAX6CVlY', 'jehA3bOg5i', 'suHARZODYI', 'XhJA7dl19M', 'auiAyIaOCt', 'T8NAd5InnI', 'eGjA2lof1B'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, rvLRV9uoqPItNf4Bq6.csHigh entropy of concatenated method names: 'GLS1QJYRda', 'YNY1ljwgqq', 'gYJ1gYQK35', 'asI1ZCG5If', 'RrH1PKie3Y', 'd501sakhAt', 'ycS1TGf0fv', 'BCc1Ln0Ok5', 'rBN1VRBqjr', 'UlZ1jHsOEO'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, u2HNfo7CRPPmHC5IS1.csHigh entropy of concatenated method names: 'wPQ1cFU5tY', 'KBr1qSdNDl', 'fDs16WcNnG', 'rJu6DDKXKp', 'XQ76zMJ5w4', 'Sxm15qrl8R', 'yna1aQXtXs', 'JFy1mkQaA9', 'SA41OlmHqx', 'HBX1E855A5'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, NmDeEEa5QUS3Ll4S9vV.csHigh entropy of concatenated method names: 'WVTwQs8f06', 'xJRwlGOkPQ', 'qXmwgVjNWs', 'ykfwZaqr6A', 'UWKwPDXqC2', 'sVFwswfs3l', 'U07wToSFG3', 'yUGwLgH0LF', 'qHAwVvihNu', 'qmLwjhoZdF'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, iTwxhOGrV12vliSbja.csHigh entropy of concatenated method names: 'EnIOI6icoM', 'WThOcdYVrl', 'mBrO4yvbIl', 'GPXOqpWpE6', 'T57OojZIVZ', 'Y55O61KG2G', 'hgsO1jH45B', 'TGCOGtOtkS', 'BVfO9ols4J', 'uYsOYphNgv'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, LkHSWTFSlOv9G4IsSy.csHigh entropy of concatenated method names: 'nYSbYiCCm6', 'b3Ube5DR4C', 'ToString', 'RYDbcsbpHl', 'FI3b4ZRyug', 'ItFbqihV7Z', 'u7QboCKVLK', 'YHob6td0k4', 'QRvb1sCNHO', 'MtwbGA3kBk'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, Rwnfb4z06w9bFlhF4U.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'x4dwAp29Gg', 'dVPwiHOYkQ', 'sGxwfkUnQs', 'UxiwbPZuGn', 'Vndwn2Hl0q', 'Sb8wwUyK5V', 'zqYwxv6oPD'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, MXqOyyj9sSU5L62TT2.csHigh entropy of concatenated method names: 'z1MoP0C2CY', 'iQqoTdStO6', 'PZUqC07v1E', 'z0Zq3N0AgG', 'iLqqRIvdEt', 'MuFqMomfjy', 'sNBq7tVCyN', 'GYlqyWHjoU', 'm8lqusMsvE', 'I9Vqd1xDcj'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, mxvMchDw0pf1PhHkRj.csHigh entropy of concatenated method names: 'NVawaArrnd', 'EVGwOb762v', 'qMOwESfhYa', 'VUZwcGeHp4', 'P99w4MEmgC', 'Qs9wo3YfHy', 'oAlw6Wpy8K', 'lZ4nJhhFnS', 'Opfnkkybiu', 'loBntqkWK3'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, el7VsZmLgZw5wascoJ.csHigh entropy of concatenated method names: 'aVsgw14OF', 'V0SZuMwaN', 'h1Msy1xsy', 'zE1TwppDf', 'iQpVKYvX9', 'QKfj4SW3w', 'lL96n7Hgb6y1C1K3sp', 'gIKmpqliBLwq2eRrL7', 'Q9YnncRNL', 'D8ixKjy8h'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, P8tHMgkiu6WnF4Fdlt.csHigh entropy of concatenated method names: 'Ff1ncs56uR', 'gRTn4TJpqu', 'qRanqhhEXk', 'IfOnoEugKL', 'dVJn6E2jE7', 'JuRn11CEiO', 'VetnG7cO3c', 'B0jn966Eci', 'lyknYcO2A3', 'QCineYmDrB'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, OnFYhxVZZ3W3Kf7UNf.csHigh entropy of concatenated method names: 'aVAqZLiTSB', 'YcgqsInPRE', 'hudqLYpfRj', 'MlqqViSahx', 'SKRqiQH4HI', 'cmyqfaguHO', 'Ai6qbB4ApB', 'c2Oqnf5R17', 'kFBqwYvqpU', 'JWsqxWFw8u'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, fYcq1WEa9EkpaYhIcX.csHigh entropy of concatenated method names: 'v40a1S9xfw', 'ybDaG2jjgG', 'sZZaY3W3Kf', 'KUNaefuXqO', 'j2TaiT259j', 'XVSafADUTF', 'B4rRNhrkdM57X0dkwp', 'qj4GaAtl1AUjmbrbln', 'D7WaaU7bIm', 'QZ7aOTjR7q'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, XvtBylrffYkBwSxAA9.csHigh entropy of concatenated method names: 'ToString', 'WtEf2Xsjsk', 'dlKfX0iN9h', 'DfKfCUSZ4u', 'kbyf3DjHaI', 'ICUfRP0evn', 'Eu7fM1I5Sf', 'qGDf7t18cP', 'fhLfyTLmbx', 'D61fubfCVe'
            Source: 0.2.ungziped_file.exe.4539f40.1.raw.unpack, VkrSMFNK0AxJ33BeE1.csHigh entropy of concatenated method names: 'B0Lid4M3xc', 'L4viKGNefu', 'vMjiNnPEWd', 'EcEiWl9PBS', 'vWSiXLNS9n', 'uM7iCNY5CZ', 's4ri38LOiE', 'hm8iRbKE5v', 'PgiiMODYyv', 'KDhi7em0xF'
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: ungziped_file.exe PID: 5364, type: MEMORYSTR
            Source: C:\Users\user\Desktop\ungziped_file.exeMemory allocated: 1A10000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeMemory allocated: 3420000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeMemory allocated: 1A10000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeMemory allocated: 8030000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeMemory allocated: 9030000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeMemory allocated: 91D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeMemory allocated: A1D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0166096E rdtsc 10_2_0166096E
            Source: C:\Users\user\Desktop\ungziped_file.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeAPI coverage: 0.6 %
            Source: C:\Users\user\Desktop\ungziped_file.exe TID: 4300Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exe TID: 7224Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0166096E rdtsc 10_2_0166096E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_004173F3 LdrLoadDll,10_2_004173F3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4164 mov eax, dword ptr fs:[00000030h]10_2_016F4164
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4164 mov eax, dword ptr fs:[00000030h]10_2_016F4164
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B4144 mov eax, dword ptr fs:[00000030h]10_2_016B4144
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B4144 mov eax, dword ptr fs:[00000030h]10_2_016B4144
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B4144 mov ecx, dword ptr fs:[00000030h]10_2_016B4144
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B4144 mov eax, dword ptr fs:[00000030h]10_2_016B4144
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B4144 mov eax, dword ptr fs:[00000030h]10_2_016B4144
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B8158 mov eax, dword ptr fs:[00000030h]10_2_016B8158
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01626154 mov eax, dword ptr fs:[00000030h]10_2_01626154
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01626154 mov eax, dword ptr fs:[00000030h]10_2_01626154
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161C156 mov eax, dword ptr fs:[00000030h]10_2_0161C156
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01650124 mov eax, dword ptr fs:[00000030h]10_2_01650124
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE10E mov eax, dword ptr fs:[00000030h]10_2_016CE10E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE10E mov ecx, dword ptr fs:[00000030h]10_2_016CE10E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE10E mov eax, dword ptr fs:[00000030h]10_2_016CE10E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE10E mov eax, dword ptr fs:[00000030h]10_2_016CE10E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE10E mov ecx, dword ptr fs:[00000030h]10_2_016CE10E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE10E mov eax, dword ptr fs:[00000030h]10_2_016CE10E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE10E mov eax, dword ptr fs:[00000030h]10_2_016CE10E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE10E mov ecx, dword ptr fs:[00000030h]10_2_016CE10E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE10E mov eax, dword ptr fs:[00000030h]10_2_016CE10E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE10E mov ecx, dword ptr fs:[00000030h]10_2_016CE10E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CA118 mov ecx, dword ptr fs:[00000030h]10_2_016CA118
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CA118 mov eax, dword ptr fs:[00000030h]10_2_016CA118
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CA118 mov eax, dword ptr fs:[00000030h]10_2_016CA118
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CA118 mov eax, dword ptr fs:[00000030h]10_2_016CA118
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E0115 mov eax, dword ptr fs:[00000030h]10_2_016E0115
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F61E5 mov eax, dword ptr fs:[00000030h]10_2_016F61E5
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016501F8 mov eax, dword ptr fs:[00000030h]10_2_016501F8
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E61C3 mov eax, dword ptr fs:[00000030h]10_2_016E61C3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E61C3 mov eax, dword ptr fs:[00000030h]10_2_016E61C3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E1D0 mov eax, dword ptr fs:[00000030h]10_2_0169E1D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E1D0 mov eax, dword ptr fs:[00000030h]10_2_0169E1D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E1D0 mov ecx, dword ptr fs:[00000030h]10_2_0169E1D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E1D0 mov eax, dword ptr fs:[00000030h]10_2_0169E1D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E1D0 mov eax, dword ptr fs:[00000030h]10_2_0169E1D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01660185 mov eax, dword ptr fs:[00000030h]10_2_01660185
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016DC188 mov eax, dword ptr fs:[00000030h]10_2_016DC188
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016DC188 mov eax, dword ptr fs:[00000030h]10_2_016DC188
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C4180 mov eax, dword ptr fs:[00000030h]10_2_016C4180
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C4180 mov eax, dword ptr fs:[00000030h]10_2_016C4180
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A019F mov eax, dword ptr fs:[00000030h]10_2_016A019F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A019F mov eax, dword ptr fs:[00000030h]10_2_016A019F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A019F mov eax, dword ptr fs:[00000030h]10_2_016A019F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A019F mov eax, dword ptr fs:[00000030h]10_2_016A019F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161A197 mov eax, dword ptr fs:[00000030h]10_2_0161A197
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161A197 mov eax, dword ptr fs:[00000030h]10_2_0161A197
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161A197 mov eax, dword ptr fs:[00000030h]10_2_0161A197
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164C073 mov eax, dword ptr fs:[00000030h]10_2_0164C073
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01622050 mov eax, dword ptr fs:[00000030h]10_2_01622050
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A6050 mov eax, dword ptr fs:[00000030h]10_2_016A6050
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161A020 mov eax, dword ptr fs:[00000030h]10_2_0161A020
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161C020 mov eax, dword ptr fs:[00000030h]10_2_0161C020
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B6030 mov eax, dword ptr fs:[00000030h]10_2_016B6030
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A4000 mov ecx, dword ptr fs:[00000030h]10_2_016A4000
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C2000 mov eax, dword ptr fs:[00000030h]10_2_016C2000
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C2000 mov eax, dword ptr fs:[00000030h]10_2_016C2000
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C2000 mov eax, dword ptr fs:[00000030h]10_2_016C2000
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C2000 mov eax, dword ptr fs:[00000030h]10_2_016C2000
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C2000 mov eax, dword ptr fs:[00000030h]10_2_016C2000
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C2000 mov eax, dword ptr fs:[00000030h]10_2_016C2000
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C2000 mov eax, dword ptr fs:[00000030h]10_2_016C2000
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C2000 mov eax, dword ptr fs:[00000030h]10_2_016C2000
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163E016 mov eax, dword ptr fs:[00000030h]10_2_0163E016
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163E016 mov eax, dword ptr fs:[00000030h]10_2_0163E016
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163E016 mov eax, dword ptr fs:[00000030h]10_2_0163E016
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163E016 mov eax, dword ptr fs:[00000030h]10_2_0163E016
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161A0E3 mov ecx, dword ptr fs:[00000030h]10_2_0161A0E3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A60E0 mov eax, dword ptr fs:[00000030h]10_2_016A60E0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016280E9 mov eax, dword ptr fs:[00000030h]10_2_016280E9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161C0F0 mov eax, dword ptr fs:[00000030h]10_2_0161C0F0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016620F0 mov ecx, dword ptr fs:[00000030h]10_2_016620F0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A20DE mov eax, dword ptr fs:[00000030h]10_2_016A20DE
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016180A0 mov eax, dword ptr fs:[00000030h]10_2_016180A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B80A8 mov eax, dword ptr fs:[00000030h]10_2_016B80A8
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E60B8 mov eax, dword ptr fs:[00000030h]10_2_016E60B8
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E60B8 mov ecx, dword ptr fs:[00000030h]10_2_016E60B8
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162208A mov eax, dword ptr fs:[00000030h]10_2_0162208A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C437C mov eax, dword ptr fs:[00000030h]10_2_016C437C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F634F mov eax, dword ptr fs:[00000030h]10_2_016F634F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A2349 mov eax, dword ptr fs:[00000030h]10_2_016A2349
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A035C mov eax, dword ptr fs:[00000030h]10_2_016A035C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A035C mov eax, dword ptr fs:[00000030h]10_2_016A035C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A035C mov eax, dword ptr fs:[00000030h]10_2_016A035C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A035C mov ecx, dword ptr fs:[00000030h]10_2_016A035C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A035C mov eax, dword ptr fs:[00000030h]10_2_016A035C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A035C mov eax, dword ptr fs:[00000030h]10_2_016A035C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EA352 mov eax, dword ptr fs:[00000030h]10_2_016EA352
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C8350 mov ecx, dword ptr fs:[00000030h]10_2_016C8350
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A30B mov eax, dword ptr fs:[00000030h]10_2_0165A30B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A30B mov eax, dword ptr fs:[00000030h]10_2_0165A30B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A30B mov eax, dword ptr fs:[00000030h]10_2_0165A30B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161C310 mov ecx, dword ptr fs:[00000030h]10_2_0161C310
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01640310 mov ecx, dword ptr fs:[00000030h]10_2_01640310
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016303E9 mov eax, dword ptr fs:[00000030h]10_2_016303E9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016303E9 mov eax, dword ptr fs:[00000030h]10_2_016303E9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016303E9 mov eax, dword ptr fs:[00000030h]10_2_016303E9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016303E9 mov eax, dword ptr fs:[00000030h]10_2_016303E9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016303E9 mov eax, dword ptr fs:[00000030h]10_2_016303E9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016303E9 mov eax, dword ptr fs:[00000030h]10_2_016303E9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016303E9 mov eax, dword ptr fs:[00000030h]10_2_016303E9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016303E9 mov eax, dword ptr fs:[00000030h]10_2_016303E9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163E3F0 mov eax, dword ptr fs:[00000030h]10_2_0163E3F0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163E3F0 mov eax, dword ptr fs:[00000030h]10_2_0163E3F0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163E3F0 mov eax, dword ptr fs:[00000030h]10_2_0163E3F0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016563FF mov eax, dword ptr fs:[00000030h]10_2_016563FF
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016DC3CD mov eax, dword ptr fs:[00000030h]10_2_016DC3CD
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A3C0 mov eax, dword ptr fs:[00000030h]10_2_0162A3C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A3C0 mov eax, dword ptr fs:[00000030h]10_2_0162A3C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A3C0 mov eax, dword ptr fs:[00000030h]10_2_0162A3C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A3C0 mov eax, dword ptr fs:[00000030h]10_2_0162A3C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A3C0 mov eax, dword ptr fs:[00000030h]10_2_0162A3C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A3C0 mov eax, dword ptr fs:[00000030h]10_2_0162A3C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016283C0 mov eax, dword ptr fs:[00000030h]10_2_016283C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016283C0 mov eax, dword ptr fs:[00000030h]10_2_016283C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016283C0 mov eax, dword ptr fs:[00000030h]10_2_016283C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016283C0 mov eax, dword ptr fs:[00000030h]10_2_016283C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A63C0 mov eax, dword ptr fs:[00000030h]10_2_016A63C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE3DB mov eax, dword ptr fs:[00000030h]10_2_016CE3DB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE3DB mov eax, dword ptr fs:[00000030h]10_2_016CE3DB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE3DB mov ecx, dword ptr fs:[00000030h]10_2_016CE3DB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CE3DB mov eax, dword ptr fs:[00000030h]10_2_016CE3DB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C43D4 mov eax, dword ptr fs:[00000030h]10_2_016C43D4
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C43D4 mov eax, dword ptr fs:[00000030h]10_2_016C43D4
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161E388 mov eax, dword ptr fs:[00000030h]10_2_0161E388
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161E388 mov eax, dword ptr fs:[00000030h]10_2_0161E388
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161E388 mov eax, dword ptr fs:[00000030h]10_2_0161E388
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164438F mov eax, dword ptr fs:[00000030h]10_2_0164438F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164438F mov eax, dword ptr fs:[00000030h]10_2_0164438F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01618397 mov eax, dword ptr fs:[00000030h]10_2_01618397
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01618397 mov eax, dword ptr fs:[00000030h]10_2_01618397
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01618397 mov eax, dword ptr fs:[00000030h]10_2_01618397
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01624260 mov eax, dword ptr fs:[00000030h]10_2_01624260
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01624260 mov eax, dword ptr fs:[00000030h]10_2_01624260
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01624260 mov eax, dword ptr fs:[00000030h]10_2_01624260
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161826B mov eax, dword ptr fs:[00000030h]10_2_0161826B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D0274 mov eax, dword ptr fs:[00000030h]10_2_016D0274
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A8243 mov eax, dword ptr fs:[00000030h]10_2_016A8243
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A8243 mov ecx, dword ptr fs:[00000030h]10_2_016A8243
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161A250 mov eax, dword ptr fs:[00000030h]10_2_0161A250
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F625D mov eax, dword ptr fs:[00000030h]10_2_016F625D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01626259 mov eax, dword ptr fs:[00000030h]10_2_01626259
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016DA250 mov eax, dword ptr fs:[00000030h]10_2_016DA250
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016DA250 mov eax, dword ptr fs:[00000030h]10_2_016DA250
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161823B mov eax, dword ptr fs:[00000030h]10_2_0161823B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016302E1 mov eax, dword ptr fs:[00000030h]10_2_016302E1
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016302E1 mov eax, dword ptr fs:[00000030h]10_2_016302E1
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016302E1 mov eax, dword ptr fs:[00000030h]10_2_016302E1
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A2C3 mov eax, dword ptr fs:[00000030h]10_2_0162A2C3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A2C3 mov eax, dword ptr fs:[00000030h]10_2_0162A2C3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A2C3 mov eax, dword ptr fs:[00000030h]10_2_0162A2C3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A2C3 mov eax, dword ptr fs:[00000030h]10_2_0162A2C3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A2C3 mov eax, dword ptr fs:[00000030h]10_2_0162A2C3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F62D6 mov eax, dword ptr fs:[00000030h]10_2_016F62D6
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016302A0 mov eax, dword ptr fs:[00000030h]10_2_016302A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016302A0 mov eax, dword ptr fs:[00000030h]10_2_016302A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B62A0 mov eax, dword ptr fs:[00000030h]10_2_016B62A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B62A0 mov ecx, dword ptr fs:[00000030h]10_2_016B62A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B62A0 mov eax, dword ptr fs:[00000030h]10_2_016B62A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B62A0 mov eax, dword ptr fs:[00000030h]10_2_016B62A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B62A0 mov eax, dword ptr fs:[00000030h]10_2_016B62A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B62A0 mov eax, dword ptr fs:[00000030h]10_2_016B62A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E284 mov eax, dword ptr fs:[00000030h]10_2_0165E284
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E284 mov eax, dword ptr fs:[00000030h]10_2_0165E284
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A0283 mov eax, dword ptr fs:[00000030h]10_2_016A0283
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A0283 mov eax, dword ptr fs:[00000030h]10_2_016A0283
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A0283 mov eax, dword ptr fs:[00000030h]10_2_016A0283
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165656A mov eax, dword ptr fs:[00000030h]10_2_0165656A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165656A mov eax, dword ptr fs:[00000030h]10_2_0165656A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165656A mov eax, dword ptr fs:[00000030h]10_2_0165656A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01628550 mov eax, dword ptr fs:[00000030h]10_2_01628550
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01628550 mov eax, dword ptr fs:[00000030h]10_2_01628550
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630535 mov eax, dword ptr fs:[00000030h]10_2_01630535
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630535 mov eax, dword ptr fs:[00000030h]10_2_01630535
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630535 mov eax, dword ptr fs:[00000030h]10_2_01630535
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630535 mov eax, dword ptr fs:[00000030h]10_2_01630535
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630535 mov eax, dword ptr fs:[00000030h]10_2_01630535
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630535 mov eax, dword ptr fs:[00000030h]10_2_01630535
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E53E mov eax, dword ptr fs:[00000030h]10_2_0164E53E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E53E mov eax, dword ptr fs:[00000030h]10_2_0164E53E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E53E mov eax, dword ptr fs:[00000030h]10_2_0164E53E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E53E mov eax, dword ptr fs:[00000030h]10_2_0164E53E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E53E mov eax, dword ptr fs:[00000030h]10_2_0164E53E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B6500 mov eax, dword ptr fs:[00000030h]10_2_016B6500
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4500 mov eax, dword ptr fs:[00000030h]10_2_016F4500
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4500 mov eax, dword ptr fs:[00000030h]10_2_016F4500
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4500 mov eax, dword ptr fs:[00000030h]10_2_016F4500
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4500 mov eax, dword ptr fs:[00000030h]10_2_016F4500
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4500 mov eax, dword ptr fs:[00000030h]10_2_016F4500
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4500 mov eax, dword ptr fs:[00000030h]10_2_016F4500
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4500 mov eax, dword ptr fs:[00000030h]10_2_016F4500
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016225E0 mov eax, dword ptr fs:[00000030h]10_2_016225E0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E5E7 mov eax, dword ptr fs:[00000030h]10_2_0164E5E7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E5E7 mov eax, dword ptr fs:[00000030h]10_2_0164E5E7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E5E7 mov eax, dword ptr fs:[00000030h]10_2_0164E5E7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E5E7 mov eax, dword ptr fs:[00000030h]10_2_0164E5E7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E5E7 mov eax, dword ptr fs:[00000030h]10_2_0164E5E7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E5E7 mov eax, dword ptr fs:[00000030h]10_2_0164E5E7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E5E7 mov eax, dword ptr fs:[00000030h]10_2_0164E5E7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E5E7 mov eax, dword ptr fs:[00000030h]10_2_0164E5E7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165C5ED mov eax, dword ptr fs:[00000030h]10_2_0165C5ED
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165C5ED mov eax, dword ptr fs:[00000030h]10_2_0165C5ED
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E5CF mov eax, dword ptr fs:[00000030h]10_2_0165E5CF
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E5CF mov eax, dword ptr fs:[00000030h]10_2_0165E5CF
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016265D0 mov eax, dword ptr fs:[00000030h]10_2_016265D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A5D0 mov eax, dword ptr fs:[00000030h]10_2_0165A5D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A5D0 mov eax, dword ptr fs:[00000030h]10_2_0165A5D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A05A7 mov eax, dword ptr fs:[00000030h]10_2_016A05A7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A05A7 mov eax, dword ptr fs:[00000030h]10_2_016A05A7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A05A7 mov eax, dword ptr fs:[00000030h]10_2_016A05A7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016445B1 mov eax, dword ptr fs:[00000030h]10_2_016445B1
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016445B1 mov eax, dword ptr fs:[00000030h]10_2_016445B1
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01622582 mov eax, dword ptr fs:[00000030h]10_2_01622582
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01622582 mov ecx, dword ptr fs:[00000030h]10_2_01622582
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01654588 mov eax, dword ptr fs:[00000030h]10_2_01654588
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E59C mov eax, dword ptr fs:[00000030h]10_2_0165E59C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AC460 mov ecx, dword ptr fs:[00000030h]10_2_016AC460
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164A470 mov eax, dword ptr fs:[00000030h]10_2_0164A470
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164A470 mov eax, dword ptr fs:[00000030h]10_2_0164A470
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164A470 mov eax, dword ptr fs:[00000030h]10_2_0164A470
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E443 mov eax, dword ptr fs:[00000030h]10_2_0165E443
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E443 mov eax, dword ptr fs:[00000030h]10_2_0165E443
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E443 mov eax, dword ptr fs:[00000030h]10_2_0165E443
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E443 mov eax, dword ptr fs:[00000030h]10_2_0165E443
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E443 mov eax, dword ptr fs:[00000030h]10_2_0165E443
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E443 mov eax, dword ptr fs:[00000030h]10_2_0165E443
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E443 mov eax, dword ptr fs:[00000030h]10_2_0165E443
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165E443 mov eax, dword ptr fs:[00000030h]10_2_0165E443
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016DA456 mov eax, dword ptr fs:[00000030h]10_2_016DA456
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161645D mov eax, dword ptr fs:[00000030h]10_2_0161645D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164245A mov eax, dword ptr fs:[00000030h]10_2_0164245A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161E420 mov eax, dword ptr fs:[00000030h]10_2_0161E420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161E420 mov eax, dword ptr fs:[00000030h]10_2_0161E420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161E420 mov eax, dword ptr fs:[00000030h]10_2_0161E420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161C427 mov eax, dword ptr fs:[00000030h]10_2_0161C427
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A6420 mov eax, dword ptr fs:[00000030h]10_2_016A6420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A6420 mov eax, dword ptr fs:[00000030h]10_2_016A6420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A6420 mov eax, dword ptr fs:[00000030h]10_2_016A6420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A6420 mov eax, dword ptr fs:[00000030h]10_2_016A6420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A6420 mov eax, dword ptr fs:[00000030h]10_2_016A6420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A6420 mov eax, dword ptr fs:[00000030h]10_2_016A6420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A6420 mov eax, dword ptr fs:[00000030h]10_2_016A6420
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A430 mov eax, dword ptr fs:[00000030h]10_2_0165A430
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01658402 mov eax, dword ptr fs:[00000030h]10_2_01658402
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01658402 mov eax, dword ptr fs:[00000030h]10_2_01658402
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01658402 mov eax, dword ptr fs:[00000030h]10_2_01658402
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016204E5 mov ecx, dword ptr fs:[00000030h]10_2_016204E5
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016264AB mov eax, dword ptr fs:[00000030h]10_2_016264AB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016544B0 mov ecx, dword ptr fs:[00000030h]10_2_016544B0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AA4B0 mov eax, dword ptr fs:[00000030h]10_2_016AA4B0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016DA49A mov eax, dword ptr fs:[00000030h]10_2_016DA49A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01628770 mov eax, dword ptr fs:[00000030h]10_2_01628770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630770 mov eax, dword ptr fs:[00000030h]10_2_01630770
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165674D mov esi, dword ptr fs:[00000030h]10_2_0165674D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165674D mov eax, dword ptr fs:[00000030h]10_2_0165674D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165674D mov eax, dword ptr fs:[00000030h]10_2_0165674D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01620750 mov eax, dword ptr fs:[00000030h]10_2_01620750
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662750 mov eax, dword ptr fs:[00000030h]10_2_01662750
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662750 mov eax, dword ptr fs:[00000030h]10_2_01662750
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AE75D mov eax, dword ptr fs:[00000030h]10_2_016AE75D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A4755 mov eax, dword ptr fs:[00000030h]10_2_016A4755
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165C720 mov eax, dword ptr fs:[00000030h]10_2_0165C720
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165C720 mov eax, dword ptr fs:[00000030h]10_2_0165C720
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165273C mov eax, dword ptr fs:[00000030h]10_2_0165273C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165273C mov ecx, dword ptr fs:[00000030h]10_2_0165273C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165273C mov eax, dword ptr fs:[00000030h]10_2_0165273C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169C730 mov eax, dword ptr fs:[00000030h]10_2_0169C730
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165C700 mov eax, dword ptr fs:[00000030h]10_2_0165C700
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01620710 mov eax, dword ptr fs:[00000030h]10_2_01620710
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01650710 mov eax, dword ptr fs:[00000030h]10_2_01650710
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016427ED mov eax, dword ptr fs:[00000030h]10_2_016427ED
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016427ED mov eax, dword ptr fs:[00000030h]10_2_016427ED
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016427ED mov eax, dword ptr fs:[00000030h]10_2_016427ED
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AE7E1 mov eax, dword ptr fs:[00000030h]10_2_016AE7E1
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016247FB mov eax, dword ptr fs:[00000030h]10_2_016247FB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016247FB mov eax, dword ptr fs:[00000030h]10_2_016247FB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162C7C0 mov eax, dword ptr fs:[00000030h]10_2_0162C7C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A07C3 mov eax, dword ptr fs:[00000030h]10_2_016A07C3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016207AF mov eax, dword ptr fs:[00000030h]10_2_016207AF
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D47A0 mov eax, dword ptr fs:[00000030h]10_2_016D47A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C678E mov eax, dword ptr fs:[00000030h]10_2_016C678E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E866E mov eax, dword ptr fs:[00000030h]10_2_016E866E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E866E mov eax, dword ptr fs:[00000030h]10_2_016E866E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A660 mov eax, dword ptr fs:[00000030h]10_2_0165A660
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A660 mov eax, dword ptr fs:[00000030h]10_2_0165A660
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01652674 mov eax, dword ptr fs:[00000030h]10_2_01652674
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163C640 mov eax, dword ptr fs:[00000030h]10_2_0163C640
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163E627 mov eax, dword ptr fs:[00000030h]10_2_0163E627
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01656620 mov eax, dword ptr fs:[00000030h]10_2_01656620
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01658620 mov eax, dword ptr fs:[00000030h]10_2_01658620
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162262C mov eax, dword ptr fs:[00000030h]10_2_0162262C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E609 mov eax, dword ptr fs:[00000030h]10_2_0169E609
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163260B mov eax, dword ptr fs:[00000030h]10_2_0163260B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163260B mov eax, dword ptr fs:[00000030h]10_2_0163260B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163260B mov eax, dword ptr fs:[00000030h]10_2_0163260B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163260B mov eax, dword ptr fs:[00000030h]10_2_0163260B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163260B mov eax, dword ptr fs:[00000030h]10_2_0163260B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163260B mov eax, dword ptr fs:[00000030h]10_2_0163260B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0163260B mov eax, dword ptr fs:[00000030h]10_2_0163260B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01662619 mov eax, dword ptr fs:[00000030h]10_2_01662619
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E6F2 mov eax, dword ptr fs:[00000030h]10_2_0169E6F2
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E6F2 mov eax, dword ptr fs:[00000030h]10_2_0169E6F2
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E6F2 mov eax, dword ptr fs:[00000030h]10_2_0169E6F2
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E6F2 mov eax, dword ptr fs:[00000030h]10_2_0169E6F2
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A06F1 mov eax, dword ptr fs:[00000030h]10_2_016A06F1
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A06F1 mov eax, dword ptr fs:[00000030h]10_2_016A06F1
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A6C7 mov ebx, dword ptr fs:[00000030h]10_2_0165A6C7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A6C7 mov eax, dword ptr fs:[00000030h]10_2_0165A6C7
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165C6A6 mov eax, dword ptr fs:[00000030h]10_2_0165C6A6
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016566B0 mov eax, dword ptr fs:[00000030h]10_2_016566B0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01624690 mov eax, dword ptr fs:[00000030h]10_2_01624690
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01624690 mov eax, dword ptr fs:[00000030h]10_2_01624690
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01646962 mov eax, dword ptr fs:[00000030h]10_2_01646962
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01646962 mov eax, dword ptr fs:[00000030h]10_2_01646962
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01646962 mov eax, dword ptr fs:[00000030h]10_2_01646962
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0166096E mov eax, dword ptr fs:[00000030h]10_2_0166096E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0166096E mov edx, dword ptr fs:[00000030h]10_2_0166096E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0166096E mov eax, dword ptr fs:[00000030h]10_2_0166096E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C4978 mov eax, dword ptr fs:[00000030h]10_2_016C4978
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C4978 mov eax, dword ptr fs:[00000030h]10_2_016C4978
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AC97C mov eax, dword ptr fs:[00000030h]10_2_016AC97C
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A0946 mov eax, dword ptr fs:[00000030h]10_2_016A0946
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4940 mov eax, dword ptr fs:[00000030h]10_2_016F4940
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A892A mov eax, dword ptr fs:[00000030h]10_2_016A892A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B892B mov eax, dword ptr fs:[00000030h]10_2_016B892B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E908 mov eax, dword ptr fs:[00000030h]10_2_0169E908
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169E908 mov eax, dword ptr fs:[00000030h]10_2_0169E908
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AC912 mov eax, dword ptr fs:[00000030h]10_2_016AC912
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01618918 mov eax, dword ptr fs:[00000030h]10_2_01618918
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01618918 mov eax, dword ptr fs:[00000030h]10_2_01618918
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AE9E0 mov eax, dword ptr fs:[00000030h]10_2_016AE9E0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016529F9 mov eax, dword ptr fs:[00000030h]10_2_016529F9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016529F9 mov eax, dword ptr fs:[00000030h]10_2_016529F9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B69C0 mov eax, dword ptr fs:[00000030h]10_2_016B69C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A9D0 mov eax, dword ptr fs:[00000030h]10_2_0162A9D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A9D0 mov eax, dword ptr fs:[00000030h]10_2_0162A9D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A9D0 mov eax, dword ptr fs:[00000030h]10_2_0162A9D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A9D0 mov eax, dword ptr fs:[00000030h]10_2_0162A9D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A9D0 mov eax, dword ptr fs:[00000030h]10_2_0162A9D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162A9D0 mov eax, dword ptr fs:[00000030h]10_2_0162A9D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016549D0 mov eax, dword ptr fs:[00000030h]10_2_016549D0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EA9D3 mov eax, dword ptr fs:[00000030h]10_2_016EA9D3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016329A0 mov eax, dword ptr fs:[00000030h]10_2_016329A0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016209AD mov eax, dword ptr fs:[00000030h]10_2_016209AD
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016209AD mov eax, dword ptr fs:[00000030h]10_2_016209AD
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A89B3 mov esi, dword ptr fs:[00000030h]10_2_016A89B3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A89B3 mov eax, dword ptr fs:[00000030h]10_2_016A89B3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016A89B3 mov eax, dword ptr fs:[00000030h]10_2_016A89B3
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AE872 mov eax, dword ptr fs:[00000030h]10_2_016AE872
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AE872 mov eax, dword ptr fs:[00000030h]10_2_016AE872
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B6870 mov eax, dword ptr fs:[00000030h]10_2_016B6870
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B6870 mov eax, dword ptr fs:[00000030h]10_2_016B6870
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01632840 mov ecx, dword ptr fs:[00000030h]10_2_01632840
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01650854 mov eax, dword ptr fs:[00000030h]10_2_01650854
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01624859 mov eax, dword ptr fs:[00000030h]10_2_01624859
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01624859 mov eax, dword ptr fs:[00000030h]10_2_01624859
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01642835 mov eax, dword ptr fs:[00000030h]10_2_01642835
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01642835 mov eax, dword ptr fs:[00000030h]10_2_01642835
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01642835 mov eax, dword ptr fs:[00000030h]10_2_01642835
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01642835 mov ecx, dword ptr fs:[00000030h]10_2_01642835
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01642835 mov eax, dword ptr fs:[00000030h]10_2_01642835
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01642835 mov eax, dword ptr fs:[00000030h]10_2_01642835
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165A830 mov eax, dword ptr fs:[00000030h]10_2_0165A830
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C483A mov eax, dword ptr fs:[00000030h]10_2_016C483A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C483A mov eax, dword ptr fs:[00000030h]10_2_016C483A
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AC810 mov eax, dword ptr fs:[00000030h]10_2_016AC810
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EA8E4 mov eax, dword ptr fs:[00000030h]10_2_016EA8E4
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165C8F9 mov eax, dword ptr fs:[00000030h]10_2_0165C8F9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165C8F9 mov eax, dword ptr fs:[00000030h]10_2_0165C8F9
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164E8C0 mov eax, dword ptr fs:[00000030h]10_2_0164E8C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F08C0 mov eax, dword ptr fs:[00000030h]10_2_016F08C0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01620887 mov eax, dword ptr fs:[00000030h]10_2_01620887
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016AC89D mov eax, dword ptr fs:[00000030h]10_2_016AC89D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0161CB7E mov eax, dword ptr fs:[00000030h]10_2_0161CB7E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D4B4B mov eax, dword ptr fs:[00000030h]10_2_016D4B4B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D4B4B mov eax, dword ptr fs:[00000030h]10_2_016D4B4B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B6B40 mov eax, dword ptr fs:[00000030h]10_2_016B6B40
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016B6B40 mov eax, dword ptr fs:[00000030h]10_2_016B6B40
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016EAB40 mov eax, dword ptr fs:[00000030h]10_2_016EAB40
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016C8B42 mov eax, dword ptr fs:[00000030h]10_2_016C8B42
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01618B50 mov eax, dword ptr fs:[00000030h]10_2_01618B50
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F2B57 mov eax, dword ptr fs:[00000030h]10_2_016F2B57
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F2B57 mov eax, dword ptr fs:[00000030h]10_2_016F2B57
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F2B57 mov eax, dword ptr fs:[00000030h]10_2_016F2B57
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F2B57 mov eax, dword ptr fs:[00000030h]10_2_016F2B57
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CEB50 mov eax, dword ptr fs:[00000030h]10_2_016CEB50
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164EB20 mov eax, dword ptr fs:[00000030h]10_2_0164EB20
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164EB20 mov eax, dword ptr fs:[00000030h]10_2_0164EB20
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E8B28 mov eax, dword ptr fs:[00000030h]10_2_016E8B28
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016E8B28 mov eax, dword ptr fs:[00000030h]10_2_016E8B28
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016F4B00 mov eax, dword ptr fs:[00000030h]10_2_016F4B00
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169EB1D mov eax, dword ptr fs:[00000030h]10_2_0169EB1D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169EB1D mov eax, dword ptr fs:[00000030h]10_2_0169EB1D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169EB1D mov eax, dword ptr fs:[00000030h]10_2_0169EB1D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169EB1D mov eax, dword ptr fs:[00000030h]10_2_0169EB1D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169EB1D mov eax, dword ptr fs:[00000030h]10_2_0169EB1D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169EB1D mov eax, dword ptr fs:[00000030h]10_2_0169EB1D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169EB1D mov eax, dword ptr fs:[00000030h]10_2_0169EB1D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169EB1D mov eax, dword ptr fs:[00000030h]10_2_0169EB1D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169EB1D mov eax, dword ptr fs:[00000030h]10_2_0169EB1D
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01628BF0 mov eax, dword ptr fs:[00000030h]10_2_01628BF0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01628BF0 mov eax, dword ptr fs:[00000030h]10_2_01628BF0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01628BF0 mov eax, dword ptr fs:[00000030h]10_2_01628BF0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164EBFC mov eax, dword ptr fs:[00000030h]10_2_0164EBFC
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016ACBF0 mov eax, dword ptr fs:[00000030h]10_2_016ACBF0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01640BCB mov eax, dword ptr fs:[00000030h]10_2_01640BCB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01640BCB mov eax, dword ptr fs:[00000030h]10_2_01640BCB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01640BCB mov eax, dword ptr fs:[00000030h]10_2_01640BCB
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01620BCD mov eax, dword ptr fs:[00000030h]10_2_01620BCD
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01620BCD mov eax, dword ptr fs:[00000030h]10_2_01620BCD
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01620BCD mov eax, dword ptr fs:[00000030h]10_2_01620BCD
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CEBD0 mov eax, dword ptr fs:[00000030h]10_2_016CEBD0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630BBE mov eax, dword ptr fs:[00000030h]10_2_01630BBE
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630BBE mov eax, dword ptr fs:[00000030h]10_2_01630BBE
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D4BB0 mov eax, dword ptr fs:[00000030h]10_2_016D4BB0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016D4BB0 mov eax, dword ptr fs:[00000030h]10_2_016D4BB0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165CA6F mov eax, dword ptr fs:[00000030h]10_2_0165CA6F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165CA6F mov eax, dword ptr fs:[00000030h]10_2_0165CA6F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165CA6F mov eax, dword ptr fs:[00000030h]10_2_0165CA6F
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016CEA60 mov eax, dword ptr fs:[00000030h]10_2_016CEA60
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169CA72 mov eax, dword ptr fs:[00000030h]10_2_0169CA72
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0169CA72 mov eax, dword ptr fs:[00000030h]10_2_0169CA72
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01626A50 mov eax, dword ptr fs:[00000030h]10_2_01626A50
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01626A50 mov eax, dword ptr fs:[00000030h]10_2_01626A50
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01626A50 mov eax, dword ptr fs:[00000030h]10_2_01626A50
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01626A50 mov eax, dword ptr fs:[00000030h]10_2_01626A50
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01626A50 mov eax, dword ptr fs:[00000030h]10_2_01626A50
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01626A50 mov eax, dword ptr fs:[00000030h]10_2_01626A50
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01626A50 mov eax, dword ptr fs:[00000030h]10_2_01626A50
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630A5B mov eax, dword ptr fs:[00000030h]10_2_01630A5B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01630A5B mov eax, dword ptr fs:[00000030h]10_2_01630A5B
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165CA24 mov eax, dword ptr fs:[00000030h]10_2_0165CA24
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0164EA2E mov eax, dword ptr fs:[00000030h]10_2_0164EA2E
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01644A35 mov eax, dword ptr fs:[00000030h]10_2_01644A35
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01644A35 mov eax, dword ptr fs:[00000030h]10_2_01644A35
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165CA38 mov eax, dword ptr fs:[00000030h]10_2_0165CA38
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_016ACA11 mov eax, dword ptr fs:[00000030h]10_2_016ACA11
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165AAEE mov eax, dword ptr fs:[00000030h]10_2_0165AAEE
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0165AAEE mov eax, dword ptr fs:[00000030h]10_2_0165AAEE
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01676ACC mov eax, dword ptr fs:[00000030h]10_2_01676ACC
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01676ACC mov eax, dword ptr fs:[00000030h]10_2_01676ACC
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01676ACC mov eax, dword ptr fs:[00000030h]10_2_01676ACC
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01620AD0 mov eax, dword ptr fs:[00000030h]10_2_01620AD0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01654AD0 mov eax, dword ptr fs:[00000030h]10_2_01654AD0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01654AD0 mov eax, dword ptr fs:[00000030h]10_2_01654AD0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01628AA0 mov eax, dword ptr fs:[00000030h]10_2_01628AA0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01628AA0 mov eax, dword ptr fs:[00000030h]10_2_01628AA0
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_01676AA4 mov eax, dword ptr fs:[00000030h]10_2_01676AA4
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162EA80 mov eax, dword ptr fs:[00000030h]10_2_0162EA80
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162EA80 mov eax, dword ptr fs:[00000030h]10_2_0162EA80
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162EA80 mov eax, dword ptr fs:[00000030h]10_2_0162EA80
            Source: C:\Users\user\Desktop\ungziped_file.exeCode function: 10_2_0162EA80 mov eax, dword ptr fs:[00000030h]10_2_0162EA80
            Source: C:\Users\user\Desktop\ungziped_file.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\ungziped_file.exeMemory written: C:\Users\user\Desktop\ungziped_file.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeProcess created: C:\Users\user\Desktop\ungziped_file.exe "C:\Users\user\Desktop\ungziped_file.exe"Jump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeQueries volume information: C:\Users\user\Desktop\ungziped_file.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ungziped_file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 10.2.ungziped_file.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.ungziped_file.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.1639030776.0000000001940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 10.2.ungziped_file.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.ungziped_file.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.1639030776.0000000001940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            ungziped_file.exe32%ReversingLabsByteCode-MSIL.Trojan.CrypterX
            ungziped_file.exe33%VirustotalBrowse
            ungziped_file.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            No contacted domains info

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1527841
            Start date and time:2024-10-07 10:38:08 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 30s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:17
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:ungziped_file.exe
            Detection:MAL
            Classification:mal88.troj.evad.winEXE@3/1@0/0
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 98%
            • Number of executed functions: 145
            • Number of non-executed functions: 274
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information

            Simulations

            Behavior and APIs

            TimeTypeDescription
            04:39:03API Interceptor4x Sleep call for process: ungziped_file.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ungziped_file.exe.log

            Download File
            Process:C:\Users\user\Desktop\ungziped_file.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1216
            Entropy (8bit):5.34331486778365
            Encrypted:false
            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
            MD5:1330C80CAAC9A0FB172F202485E9B1E8
            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
            Malicious:true
            Reputation:high, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.98212496391384
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            • Win32 Executable (generic) a (10002005/4) 49.78%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Generic Win/DOS Executable (2004/3) 0.01%
            • DOS Executable Generic (2002/1) 0.01%
            File name:ungziped_file.exe
            File size:698'368 bytes
            MD5:8a0c4eed07d28836f39cf33bc6640940
            SHA1:281603fb0f6c50b97db2b6835762c7f5c4c6a94f
            SHA256:f7a37ab3f4c3f7e67fc347335869a9616f6658f3a45465697a58585ddb7e7caf
            SHA512:8fb0a40af99d51f1e20ef08f58d97b967480f258019d9d61de79a2f9bac59ed2042f2471348b5b530d3bb1ef71f6e755745f137faccb3259251c84beded47197
            SSDEEP:12288:Y1f0wVVYUhiFHya93Yp6jpxKtah8BrGgZreGYpYwv0WGTA4OM0G:Y1rVV/63YsKthGgZa+WYAQ0G
            TLSH:A8E42359B7EAEB73E03E0F785157340653F14B543843EEB205385ABA1F71E284296F2A
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...uz.g..............0.................. ........@.. ....................................@................................

            File Icon

            Icon Hash:00928e8e8686b000

            Static PE Info

            General

            Entrypoint:0x4abd0a
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x67037A75 [Mon Oct 7 06:06:45 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xabcb80x4f.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0xac0000x5a4.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0xae0000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0xaa6bc0x54.text
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000xa9d100xa9e007419cb530f92c70c3f438102dd77d218False0.9855419885945548data7.986334045340147IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0xac0000x5a40x60097cd4d3b11e7327589428cdf09e756ccFalse0.419921875data4.069245685241839IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0xae0000xc0x2000041bb7f527e5127b08d56b63e694655False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_VERSION0xac0900x314data0.434010152284264
            RT_MANIFEST0xac3b40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:04:39:02
            Start date:07/10/2024
            Path:C:\Users\user\Desktop\ungziped_file.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\ungziped_file.exe"
            Imagebase:0xfe0000
            File size:698'368 bytes
            MD5 hash:8A0C4EED07D28836F39CF33BC6640940
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:10
            Start time:04:39:03
            Start date:07/10/2024
            Path:C:\Users\user\Desktop\ungziped_file.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\ungziped_file.exe"
            Imagebase:0xb60000
            File size:698'368 bytes
            MD5 hash:8A0C4EED07D28836F39CF33BC6640940
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1639030776.0000000001940000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1639030776.0000000001940000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            Reputation:low
            Has exited:true

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:8.9%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:1.5%
              Total number of Nodes:268
              Total number of Limit Nodes:9
              execution_graph 46910 1b0cfe0 46911 1b0d026 46910->46911 46915 1b0d5c8 46911->46915 46918 1b0d5b9 46911->46918 46912 1b0d113 46916 1b0d5f6 46915->46916 46921 1b0d21c 46915->46921 46916->46912 46919 1b0d21c DuplicateHandle 46918->46919 46920 1b0d5f6 46919->46920 46920->46912 46922 1b0d630 DuplicateHandle 46921->46922 46923 1b0d6c6 46922->46923 46923->46916 46951 1b0ac50 46954 1b0ad48 46951->46954 46952 1b0ac5f 46955 1b0ad7c 46954->46955 46956 1b0ad59 46954->46956 46955->46952 46956->46955 46957 1b0af80 GetModuleHandleW 46956->46957 46958 1b0afad 46957->46958 46958->46952 46959 7db62ea 46960 7db62f0 46959->46960 46965 7db6af0 46960->46965 46984 7db6b56 46960->46984 47004 7db6ae0 46960->47004 46961 7db6301 46966 7db6b0a 46965->46966 47023 7db710a 46966->47023 47027 7db7634 46966->47027 47032 7db7177 46966->47032 47038 7db76d1 46966->47038 47048 7db745d 46966->47048 47053 7db709e 46966->47053 47063 7db719e 46966->47063 47068 7db6e39 46966->47068 47075 7db74fa 46966->47075 47080 7db70e4 46966->47080 47085 7db7325 46966->47085 47089 7db71c6 46966->47089 47099 7db7043 46966->47099 47105 7db73ee 46966->47105 47110 7db72e9 46966->47110 47115 7db7589 46966->47115 46967 7db6b12 46967->46961 46985 7db6ae4 46984->46985 46987 7db6b59 46984->46987 46988 7db74fa 2 API calls 46985->46988 46989 7db6e39 2 API calls 46985->46989 46990 7db719e 2 API calls 46985->46990 46991 7db709e 4 API calls 46985->46991 46992 7db745d 2 API calls 46985->46992 46993 7db76d1 4 API calls 46985->46993 46994 7db7177 2 API calls 46985->46994 46995 7db7634 2 API calls 46985->46995 46996 7db710a 2 API calls 46985->46996 46997 7db7589 2 API calls 46985->46997 46998 7db72e9 2 API calls 46985->46998 46999 7db73ee 2 API calls 46985->46999 47000 7db7043 2 API calls 46985->47000 47001 7db71c6 4 API calls 46985->47001 47002 7db7325 2 API calls 46985->47002 47003 7db70e4 2 API calls 46985->47003 46986 7db6b12 46986->46961 46987->46961 46988->46986 46989->46986 46990->46986 46991->46986 46992->46986 46993->46986 46994->46986 46995->46986 46996->46986 46997->46986 46998->46986 46999->46986 47000->46986 47001->46986 47002->46986 47003->46986 47005 7db6ae4 47004->47005 47007 7db74fa 2 API calls 47005->47007 47008 7db6e39 2 API calls 47005->47008 47009 7db719e 2 API calls 47005->47009 47010 7db709e 4 API calls 47005->47010 47011 7db745d 2 API calls 47005->47011 47012 7db76d1 4 API calls 47005->47012 47013 7db7177 2 API calls 47005->47013 47014 7db7634 2 API calls 47005->47014 47015 7db710a 2 API calls 47005->47015 47016 7db7589 2 API calls 47005->47016 47017 7db72e9 2 API calls 47005->47017 47018 7db73ee 2 API calls 47005->47018 47019 7db7043 2 API calls 47005->47019 47020 7db71c6 4 API calls 47005->47020 47021 7db7325 2 API calls 47005->47021 47022 7db70e4 2 API calls 47005->47022 47006 7db6b12 47006->46961 47007->47006 47008->47006 47009->47006 47010->47006 47011->47006 47012->47006 47013->47006 47014->47006 47015->47006 47016->47006 47017->47006 47018->47006 47019->47006 47020->47006 47021->47006 47022->47006 47120 7db5088 47023->47120 47124 7db5080 47023->47124 47024 7db7124 47024->46967 47028 7db763c 47027->47028 47030 7db5088 Wow64SetThreadContext 47028->47030 47031 7db5080 Wow64SetThreadContext 47028->47031 47029 7db7657 47030->47029 47031->47029 47034 7db717f 47032->47034 47033 7db777e 47033->46967 47034->47033 47035 7db773f 47034->47035 47128 7db4fd8 47034->47128 47132 7db4fd0 47034->47132 47039 7db773f 47038->47039 47040 7db70aa 47038->47040 47040->47038 47041 7db770d 47040->47041 47042 7db70bc 47040->47042 47044 7db4fd8 ResumeThread 47041->47044 47045 7db4fd0 ResumeThread 47041->47045 47046 7db5088 Wow64SetThreadContext 47042->47046 47047 7db5080 Wow64SetThreadContext 47042->47047 47043 7db7657 47044->47039 47045->47039 47046->47043 47047->47043 47049 7db7452 47048->47049 47049->47048 47051 7db5088 Wow64SetThreadContext 47049->47051 47052 7db5080 Wow64SetThreadContext 47049->47052 47050 7db7657 47051->47050 47052->47050 47056 7db70aa 47053->47056 47054 7db70bc 47061 7db5088 Wow64SetThreadContext 47054->47061 47062 7db5080 Wow64SetThreadContext 47054->47062 47055 7db773f 47056->47054 47056->47055 47058 7db770d 47056->47058 47057 7db7657 47059 7db4fd8 ResumeThread 47058->47059 47060 7db4fd0 ResumeThread 47058->47060 47059->47055 47060->47055 47061->47057 47062->47057 47064 7db71b0 47063->47064 47065 7db7529 47064->47065 47136 7db7b70 47064->47136 47141 7db7b60 47064->47141 47065->46967 47069 7db6e46 47068->47069 47070 7db6e0b 47068->47070 47071 7db6f2a 47069->47071 47154 7db5d18 47069->47154 47158 7db5d0d 47069->47158 47070->46967 47071->46967 47076 7db750f 47075->47076 47078 7db7b70 2 API calls 47076->47078 47079 7db7b60 2 API calls 47076->47079 47077 7db7529 47077->46967 47078->47077 47079->47077 47081 7db70f1 47080->47081 47162 7db5a89 47081->47162 47166 7db5a90 47081->47166 47082 7db75f5 47087 7db5a89 WriteProcessMemory 47085->47087 47088 7db5a90 WriteProcessMemory 47085->47088 47086 7db735d 47087->47086 47088->47086 47091 7db70aa 47089->47091 47090 7db70bc 47095 7db5088 Wow64SetThreadContext 47090->47095 47096 7db5080 Wow64SetThreadContext 47090->47096 47091->47090 47092 7db773f 47091->47092 47094 7db770d 47091->47094 47093 7db7657 47097 7db4fd8 ResumeThread 47094->47097 47098 7db4fd0 ResumeThread 47094->47098 47095->47093 47096->47093 47097->47092 47098->47092 47101 7db6f40 47099->47101 47100 7db6f2a 47100->46967 47101->47100 47103 7db5d18 CreateProcessA 47101->47103 47104 7db5d0d CreateProcessA 47101->47104 47102 7db707f 47102->46967 47103->47102 47104->47102 47106 7db73fb 47105->47106 47108 7db5a89 WriteProcessMemory 47106->47108 47109 7db5a90 WriteProcessMemory 47106->47109 47107 7db79cd 47108->47107 47109->47107 47111 7db7590 47110->47111 47112 7db75b2 47111->47112 47170 7db5b79 47111->47170 47174 7db5b80 47111->47174 47116 7db758f 47115->47116 47118 7db5b79 ReadProcessMemory 47116->47118 47119 7db5b80 ReadProcessMemory 47116->47119 47117 7db75b2 47118->47117 47119->47117 47121 7db50cd Wow64SetThreadContext 47120->47121 47123 7db5115 47121->47123 47123->47024 47125 7db5088 Wow64SetThreadContext 47124->47125 47127 7db5115 47125->47127 47127->47024 47129 7db5018 ResumeThread 47128->47129 47131 7db5049 47129->47131 47131->47035 47133 7db4fd8 ResumeThread 47132->47133 47135 7db5049 47133->47135 47135->47035 47137 7db7b85 47136->47137 47146 7db59c9 47137->47146 47150 7db59d0 47137->47150 47138 7db7ba4 47138->47065 47142 7db7b70 47141->47142 47144 7db59c9 VirtualAllocEx 47142->47144 47145 7db59d0 VirtualAllocEx 47142->47145 47143 7db7ba4 47143->47065 47144->47143 47145->47143 47147 7db59d0 VirtualAllocEx 47146->47147 47149 7db5a4d 47147->47149 47149->47138 47151 7db5a10 VirtualAllocEx 47150->47151 47153 7db5a4d 47151->47153 47153->47138 47155 7db5da1 47154->47155 47155->47155 47156 7db5f06 CreateProcessA 47155->47156 47157 7db5f63 47156->47157 47159 7db5da1 47158->47159 47159->47159 47160 7db5f06 CreateProcessA 47159->47160 47161 7db5f63 47160->47161 47163 7db5a90 WriteProcessMemory 47162->47163 47165 7db5b2f 47163->47165 47165->47082 47167 7db5ad8 WriteProcessMemory 47166->47167 47169 7db5b2f 47167->47169 47169->47082 47171 7db5b80 ReadProcessMemory 47170->47171 47173 7db5c0f 47171->47173 47173->47112 47175 7db5bcb ReadProcessMemory 47174->47175 47177 7db5c0f 47175->47177 47177->47112 47178 7db94e8 47179 7db9506 47178->47179 47180 7db9510 47178->47180 47183 7db953b 47179->47183 47188 7db9550 47179->47188 47184 7db955e 47183->47184 47187 7db957d 47183->47187 47193 7db8d98 47184->47193 47187->47180 47189 7db955e 47188->47189 47192 7db957d 47188->47192 47190 7db8d98 CloseHandle 47189->47190 47191 7db9579 47190->47191 47191->47180 47192->47180 47194 7db96c8 CloseHandle 47193->47194 47195 7db9579 47194->47195 47195->47180 46924 1b04668 46925 1b0467a 46924->46925 46929 1b04778 46925->46929 46934 1b046b8 46925->46934 46926 1b04686 46930 1b0479d 46929->46930 46939 1b04888 46930->46939 46943 1b04878 46930->46943 46935 1b046c2 46934->46935 46937 1b04888 CreateActCtxA 46935->46937 46938 1b04878 CreateActCtxA 46935->46938 46936 1b047a7 46936->46926 46937->46936 46938->46936 46940 1b048af 46939->46940 46942 1b0498c 46940->46942 46947 1b044b0 46940->46947 46945 1b048af 46943->46945 46944 1b0498c 46944->46944 46945->46944 46946 1b044b0 CreateActCtxA 46945->46946 46946->46944 46948 1b05918 CreateActCtxA 46947->46948 46950 1b059db 46948->46950 46859 7db7c90 46860 7db7e1b 46859->46860 46861 7db7cb6 46859->46861 46861->46860 46863 7db3a00 46861->46863 46864 7db7f10 PostMessageW 46863->46864 46865 7db7f7c 46864->46865 46865->46861 46866 197d01c 46867 197d034 46866->46867 46868 197d08e 46867->46868 46871 5912818 46867->46871 46876 5912808 46867->46876 46872 5912845 46871->46872 46873 5912877 46872->46873 46881 5912990 46872->46881 46886 59129a0 46872->46886 46877 5912818 46876->46877 46878 5912877 46877->46878 46879 5912990 2 API calls 46877->46879 46880 59129a0 2 API calls 46877->46880 46879->46878 46880->46878 46883 59129a0 46881->46883 46882 5912a40 46882->46873 46891 5912a47 46883->46891 46895 5912a58 46883->46895 46888 59129b4 46886->46888 46887 5912a40 46887->46873 46889 5912a47 2 API calls 46888->46889 46890 5912a58 2 API calls 46888->46890 46889->46887 46890->46887 46892 5912a58 46891->46892 46893 5912a69 46892->46893 46898 5914013 46892->46898 46893->46882 46896 5912a69 46895->46896 46897 5914013 2 API calls 46895->46897 46896->46882 46897->46896 46902 5914030 46898->46902 46906 5914040 46898->46906 46899 591402a 46899->46893 46903 5914040 46902->46903 46904 59140da CallWindowProcW 46903->46904 46905 5914089 46903->46905 46904->46905 46905->46899 46907 5914082 46906->46907 46909 5914089 46906->46909 46908 59140da CallWindowProcW 46907->46908 46907->46909 46908->46909 46909->46899

              Executed Functions

              Function 05916A48 Relevance: 4.9, Strings: 3, Instructions: 1159COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 333 5916a48-5916a73 334 5916a75 333->334 335 5916a7a-59171c1 call 5916654 * 4 call 5916664 call 5916674 call 5916684 call 5916694 call 59166a4 call 59166b4 call 59166c4 call 59166d4 call 59166e4 call 5916674 call 5916684 call 5916694 call 59166a4 call 59166b4 call 59166c4 call 59166d4 call 59166e4 call 5916674 call 5916684 call 5916694 call 59166a4 333->335 334->335 433 59171ce-59171df 335->433 434 59171e1-59171e2 433->434 435 59171c3-59171cb 433->435 436 5917203-5917215 434->436 435->433 437 59171e4-59171f1 436->437 438 5917217-591725c 436->438 439 59171f3 437->439 440 59171f8-5917202 437->440 443 5917313-5917325 438->443 439->440 440->436 444 5917261-591727c 443->444 445 591732b-591733b 443->445 453 5917289-591728c 444->453 454 591727e-5917280 444->454 446 591749e-59174b3 445->446 447 59174b5 446->447 448 59174bb-59174bd 446->448 450 59174b7-59174b9 447->450 451 59174bf 447->451 452 59174c4-59174cb 448->452 450->448 450->451 451->452 457 59174d1-5917831 call 59166b4 call 59166c4 call 59166d4 call 59166e4 call 5916674 call 5916684 call 5916694 call 59166a4 call 59166b4 call 59166c4 call 59166d4 call 59166e4 call 5916704 452->457 458 5917340-591735e 452->458 455 5917293-5917299 453->455 456 591728e 453->456 459 5917282 454->459 460 5917287 454->460 461 59172a0-59172b3 455->461 462 591729b 455->462 456->455 601 5917834 call 5a011c0 457->601 602 5917834 call 5a011af 457->602 463 5917360 458->463 464 5917365-591737f 458->464 459->460 460->455 465 59172b5 461->465 466 59172ba-59172d4 461->466 462->461 463->464 467 5917381 464->467 468 5917386-591739c 464->468 465->466 470 59172d6 466->470 471 59172db-59172f1 466->471 467->468 472 59173a3-59173c6 call 59166f4 468->472 473 591739e 468->473 470->471 476 59172f3 471->476 477 59172f8-5917312 call 59166f4 471->477 483 59173c8 472->483 484 59173cd-59173dd 472->484 473->472 476->477 477->443 483->484 486 59173e4-591740d 484->486 487 59173df 484->487 489 591740f-5917416 486->489 490 591742e-591744c 486->490 487->486 495 591741e-591742d 489->495 492 5917453-5917464 490->492 493 591744e 490->493 496 5917466 492->496 497 591746b-5917489 492->497 493->492 495->490 496->497 500 5917490-591749d 497->500 501 591748b 497->501 500->446 501->500 535 5917837-59179c3 call 5916694 call 59166a4 call 59166b4 551 59179c5 535->551 552 59179ca-5917b1a 535->552 551->552 565 5917b25-5917d29 call 59166c4 call 5916714 call 5916724 call 5916734 * 5 call 5916704 call 59166a4 call 5916744 call 5916754 552->565 601->535 602->535
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284081517.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5910000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: 90$Ppq$$Aq
              • API String ID: 0-3084762470
              • Opcode ID: 318aa59db06dc67a67ff1d0bd9869070f03be952430a1d57d2bb88aacc658f11
              • Instruction ID: ab301ded383b676eab197bfe524662f4e055ab956a857701f999930d76073553
              • Opcode Fuzzy Hash: 318aa59db06dc67a67ff1d0bd9869070f03be952430a1d57d2bb88aacc658f11
              • Instruction Fuzzy Hash: C2C2FA34A01229CFDB24DF64C994AD9B7B2FF89305F1581E9D909AB361DB31AE81CF44
              Function 05916A38 Relevance: 4.7, Strings: 3, Instructions: 997COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 603 5916a38-5916a73 605 5916a75 603->605 606 5916a7a-5916ae0 603->606 605->606 611 5916aea-5916af6 call 5916654 606->611 613 5916afb-5916ba8 call 5916654 * 3 611->613 627 5916bb2-5916bbe call 5916664 613->627 629 5916bc3-5916bda 627->629 631 5916be5-5916c11 629->631 633 5916c17-5916c26 call 5916674 631->633 635 5916c2b-5916c33 633->635 636 5916c3b-5916cb1 call 5916684 635->636 641 5916cbc-5916cd6 call 5916694 636->641 643 5916cdb-5916d1d call 59166a4 641->643 646 5916d27-5916d41 call 59166b4 643->646 648 5916d46-59171c1 call 59166c4 call 59166d4 call 59166e4 call 5916674 call 5916684 call 5916694 call 59166a4 call 59166b4 call 59166c4 call 59166d4 call 59166e4 call 5916674 call 5916684 call 5916694 call 59166a4 646->648 704 59171ce-59171df 648->704 705 59171e1-59171e2 704->705 706 59171c3-59171cb 704->706 707 5917203-5917215 705->707 706->704 708 59171e4-59171f1 707->708 709 5917217-591725c 707->709 710 59171f3 708->710 711 59171f8-5917202 708->711 714 5917313-5917325 709->714 710->711 711->707 715 5917261-591727c 714->715 716 591732b-591733b 714->716 724 5917289-591728c 715->724 725 591727e-5917280 715->725 717 591749e-59174b3 716->717 718 59174b5 717->718 719 59174bb-59174bd 717->719 721 59174b7-59174b9 718->721 722 59174bf 718->722 723 59174c4-59174cb 719->723 721->719 721->722 722->723 728 59174d1-59177de call 59166b4 call 59166c4 call 59166d4 call 59166e4 call 5916674 call 5916684 call 5916694 call 59166a4 call 59166b4 call 59166c4 call 59166d4 call 59166e4 723->728 729 5917340-591735e 723->729 726 5917293-5917299 724->726 727 591728e 724->727 730 5917282 725->730 731 5917287 725->731 732 59172a0-59172b3 726->732 733 591729b 726->733 727->726 803 59177e8-5917831 call 5916704 728->803 734 5917360 729->734 735 5917365-591737f 729->735 730->731 731->726 736 59172b5 732->736 737 59172ba-59172d4 732->737 733->732 734->735 738 5917381 735->738 739 5917386-591739c 735->739 736->737 741 59172d6 737->741 742 59172db-59172f1 737->742 738->739 743 59173a3-59173c6 call 59166f4 739->743 744 591739e 739->744 741->742 747 59172f3 742->747 748 59172f8-5917312 call 59166f4 742->748 754 59173c8 743->754 755 59173cd-59173dd 743->755 744->743 747->748 748->714 754->755 757 59173e4-591740d 755->757 758 59173df 755->758 760 591740f-5917416 757->760 761 591742e-591744c 757->761 758->757 766 591741e-591742d 760->766 763 5917453-5917464 761->763 764 591744e 761->764 767 5917466 763->767 768 591746b-5917489 763->768 764->763 766->761 767->768 771 5917490-591749d 768->771 772 591748b 768->772 771->717 772->771 872 5917834 call 5a011c0 803->872 873 5917834 call 5a011af 803->873 806 5917837-591795f call 5916694 call 59166a4 call 59166b4 818 5917966-5917984 806->818 819 591798f-591799b 818->819 820 59179a5-59179ad 819->820 821 59179b3-59179c3 820->821 822 59179c5 821->822 823 59179ca-5917af1 821->823 822->823 835 5917afc-5917b1a 823->835 836 5917b25-5917d29 call 59166c4 call 5916714 call 5916724 call 5916734 * 5 call 5916704 call 59166a4 call 5916744 call 5916754 835->836 872->806 873->806
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284081517.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5910000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: 90$Ppq$$Aq
              • API String ID: 0-3084762470
              • Opcode ID: 3caf0aaea63c6c4655e3929e4ed930a82fe28774026ee96f85abeaf6d40349fe
              • Instruction ID: 88a68cfc5c5c96c9ad42bf2f44f56b9a0bea12975e9a689e3fc42bbbb0e3f1f3
              • Opcode Fuzzy Hash: 3caf0aaea63c6c4655e3929e4ed930a82fe28774026ee96f85abeaf6d40349fe
              • Instruction Fuzzy Hash: 25B2C734A01229CFDB24DF64C998AD9B7B2FF89305F1581E9D509AB361DB31AE85CF40
              Function 07DB8718 Relevance: .3, Instructions: 332COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3d940aa6a81b3c05a8cb9611e06bed4e9f481329de4b477bb914e8124609c19c
              • Instruction ID: 8cf6ba56b27a9cc910f25e114b00f0210dcda291e81d4fdcfdb2fe6493d6badc
              • Opcode Fuzzy Hash: 3d940aa6a81b3c05a8cb9611e06bed4e9f481329de4b477bb914e8124609c19c
              • Instruction Fuzzy Hash: EBC16DB1700705CFDB2AEB75C450BAEBBFAAF89600F1488A9D147DB690CB35E901D791
              Function 07DB6E39 Relevance: .2, Instructions: 200COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4637fd1650d556f4ea286cb88e74645a4348b83f36c97a10c4d3d3b6dddb4586
              • Instruction ID: 9b6009106a328a8ce0135961ef24dbb25005a4633fa0a71bb29c22c5c6c4c6bc
              • Opcode Fuzzy Hash: 4637fd1650d556f4ea286cb88e74645a4348b83f36c97a10c4d3d3b6dddb4586
              • Instruction Fuzzy Hash: E78138B1E05219CFEB24CF66CC007E9FBB6AF8A300F04D1EAD549A6251DB749A85CF41
              Function 07DB0007 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55f741126f5f7f7c956b4ba3f4759adb27699232ab658cac05e5c4762fbee850
              • Instruction ID: b3c9809634106ad61450848281ce17eb98a4d7bf280cb13006760c9257e24cef
              • Opcode Fuzzy Hash: 55f741126f5f7f7c956b4ba3f4759adb27699232ab658cac05e5c4762fbee850
              • Instruction Fuzzy Hash: 2F313CB1D053589FDB1ACF66C8553DEBFF2AF86300F09C0AAD445A6261D7780945CF90
              Function 05A07800 Relevance: 7.6, Strings: 6, Instructions: 109COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 294 5a07800-5a07814 295 5a0781b-5a07821 294->295 296 5a07823 295->296 297 5a0782a-5a07873 295->297 296->297 298 5a078e0-5a078f1 296->298 299 5a07964 296->299 300 5a078d4-5a078db 296->300 301 5a07926-5a07937 296->301 302 5a07876-5a07887 296->302 303 5a0789a-5a078ab 296->303 304 5a079af-5a079b2 296->304 297->302 311 5a079b3-5a079c5 298->311 317 5a078f7-5a0790e 298->317 306 5a07967-5a07975 299->306 300->295 301->311 313 5a07939-5a07950 301->313 302->311 312 5a0788d-5a07898 302->312 303->311 314 5a078b1-5a078c8 303->314 306->311 318 5a07977-5a079a4 306->318 311->306 326 5a079c7 311->326 312->295 313->311 324 5a07952-5a0795f 313->324 314->311 325 5a078ce 314->325 317->311 328 5a07914-5a07921 317->328 318->304 324->295 325->300 328->295
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: LRq$LRq$$q$$q$$q$$q
              • API String ID: 0-1198634162
              • Opcode ID: 93d780a242f8e90fa459caf27f5ba7931a54e52fc50eea0fc21171ec0558501d
              • Instruction ID: 8524578f096da3d6b25d01daad73e454e34ac813ab2e24bce9323dd842b345d5
              • Opcode Fuzzy Hash: 93d780a242f8e90fa459caf27f5ba7931a54e52fc50eea0fc21171ec0558501d
              • Instruction Fuzzy Hash: 3141C570E25208DFDF10CFA0D915A5DBBB2FF80300F14E59AC0695B351DB30AA49CB92
              Function 05A00D68 Relevance: 4.0, Strings: 3, Instructions: 291COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 874 5a00d68-5a00d7a 875 5a00d83-5a00d93 874->875 876 5a00d7c-5a00e57 874->876 878 5a00d99-5a00da9 875->878 879 5a00e5e-5a00f30 875->879 876->879 878->879 880 5a00daf-5a00db3 878->880 898 5a00f37-5a00f82 call 5a00634 call 5a00670 879->898 881 5a00db5 880->881 882 5a00dbb-5a00dda 880->882 881->879 881->882 885 5a00e01-5a00e06 882->885 886 5a00ddc-5a00dfa call 5a00634 call 5a00644 882->886 888 5a00e08-5a00e0a call 5a00654 885->888 889 5a00e0f-5a00e22 call 5a00664 885->889 886->885 888->889 889->898 899 5a00e28-5a00e2f 889->899 915 5a00f90-5a0100d call 5a0067c 898->915 916 5a00f84-5a00f86 898->916 917 5a01014-5a010c7 915->917 916->917 918 5a00f8c-5a00f8f 916->918 930 5a010cd-5a010d8 917->930 933 5a010e1-5a010fe 930->933 934 5a010da-5a010e0 930->934 934->933
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: (q$Hq$Hq
              • API String ID: 0-3730031680
              • Opcode ID: bb46f3eeb39783e51c14cc7b1b4afe6b1e1d3699709d73a599e99c878b411670
              • Instruction ID: 27c9fc9f231780c188bccc04d970fcf028eae79c497a7dd500ae3f8e445f4c20
              • Opcode Fuzzy Hash: bb46f3eeb39783e51c14cc7b1b4afe6b1e1d3699709d73a599e99c878b411670
              • Instruction Fuzzy Hash: 95A1B170B002059FDB14EFA9D459BAE7BF6FBC8310F548429E50AE7390CA349D46CBA5
              Function 05A026C0 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1017 5a026c0-5a02722 call 5a01700 1023 5a02724-5a02726 1017->1023 1024 5a02788-5a027b4 1017->1024 1025 5a027bb-5a027c3 1023->1025 1026 5a0272c-5a02738 1023->1026 1024->1025 1030 5a027ca-5a02905 1025->1030 1026->1030 1031 5a0273e-5a02740 1026->1031 1049 5a0290b-5a02919 1030->1049 1034 5a0274a-5a02787 call 5a0170c 1031->1034 1050 5a02922-5a02968 1049->1050 1051 5a0291b-5a02921 1049->1051 1056 5a02975-5a02a0b call 5a0172c 1050->1056 1057 5a0296a-5a0296d 1050->1057 1051->1050 1063 5a02a88-5a02a90 1056->1063 1064 5a02a0d-5a02a1d call 5a00664 1056->1064 1057->1056 1068 5a02a97-5a02a9f 1063->1068 1064->1068 1069 5a02a1f-5a02a2f call 5a01738 1064->1069 1074 5a02aa6-5a02aae 1068->1074 1073 5a02a31-5a02a41 call 5a01744 1069->1073 1069->1074 1078 5a02a43-5a02a85 call 5a00644 1073->1078 1079 5a02ab5-5a02b46 1073->1079 1074->1079 1089 5a02b48-5a02b4e 1079->1089 1090 5a02b4f-5a02b6c 1079->1090 1089->1090
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: Hq$Hq
              • API String ID: 0-925789375
              • Opcode ID: c90c5d87423c846bcb55adca47ac40897a9f8e7682628b7136c5c6d94f9f678e
              • Instruction ID: a8387aa1e4d9196e1f170e8801bf6f829d785f54faf767b92c766998e438a3d9
              • Opcode Fuzzy Hash: c90c5d87423c846bcb55adca47ac40897a9f8e7682628b7136c5c6d94f9f678e
              • Instruction Fuzzy Hash: CF814B74E103198FDB14DFA9D894AEEBBF6FF88300F54852AE409AB350DB749905CB91
              Function 05A00D58 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1094 5a00d58-5a00d60 1095 5a00d62-5a00d7a 1094->1095 1096 5a00cfa-5a00d57 1094->1096 1099 5a00d83-5a00d93 1095->1099 1100 5a00d7c-5a00e57 1095->1100 1103 5a00d99-5a00da9 1099->1103 1104 5a00e5e-5a00f30 1099->1104 1100->1104 1103->1104 1105 5a00daf-5a00db3 1103->1105 1126 5a00f37-5a00f64 call 5a00634 1104->1126 1106 5a00db5 1105->1106 1107 5a00dbb-5a00dda 1105->1107 1106->1104 1106->1107 1111 5a00e01-5a00e06 1107->1111 1112 5a00ddc-5a00dfa call 5a00634 call 5a00644 1107->1112 1115 5a00e08-5a00e0a call 5a00654 1111->1115 1116 5a00e0f-5a00e22 call 5a00664 1111->1116 1112->1111 1115->1116 1116->1126 1127 5a00e28-5a00e2f 1116->1127 1141 5a00f69-5a00f7a call 5a00670 1126->1141 1143 5a00f7f-5a00f82 1141->1143 1145 5a00f90-5a0100d call 5a0067c 1143->1145 1146 5a00f84-5a00f86 1143->1146 1147 5a01014-5a01037 1145->1147 1146->1147 1148 5a00f8c-5a00f8f 1146->1148 1159 5a01042-5a010c7 1147->1159 1160 5a010cd-5a010d8 1159->1160 1163 5a010e1-5a010fe 1160->1163 1164 5a010da-5a010e0 1160->1164 1164->1163
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: (q$Hq
              • API String ID: 0-1154169777
              • Opcode ID: fb383a3c09705df941fe18eca6ab3a5c0005f0c728fbfcc572d711abdafd6b63
              • Instruction ID: d3f9a698a5ac65f8b4a4ca4e6f408c902e7b68019dfe0e12e9f6b47312b62ace
              • Opcode Fuzzy Hash: fb383a3c09705df941fe18eca6ab3a5c0005f0c728fbfcc572d711abdafd6b63
              • Instruction Fuzzy Hash: 22411671B002069FD718ABB9D859B6F7EABFBC8240F548429E50AD7380DE349C0683E5
              Function 05A00848 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1174 5a00848-5a00863 1175 5a00865-5a00868 1174->1175 1176 5a0086a 1174->1176 1177 5a0086c-5a0087a call 5a005e0 1175->1177 1176->1177 1180 5a0088b-5a00897 1177->1180 1181 5a0087c-5a00880 1177->1181 1182 5a00882-5a00888 1181->1182 1183 5a0089a-5a0089d 1181->1183 1182->1180 1184 5a008f1-5a008f4 1183->1184 1185 5a0089f-5a008ea 1183->1185 1187 5a008f6-5a00941 1184->1187 1188 5a00948-5a009ab 1184->1188 1185->1184 1187->1188 1195 5a009b3-5a009d5 1188->1195 1196 5a009ad-5a009b0 1188->1196 1200 5a009db-5a009e6 1195->1200 1196->1195 1201 5a009e8-5a009ee 1200->1201 1202 5a009ef-5a00a0c 1200->1202 1201->1202
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: Hq$Hq
              • API String ID: 0-925789375
              • Opcode ID: ce1b63c55fa8ef64f15d840fc8bda5276c38aa3808c4e2c1f2075ddef39f3065
              • Instruction ID: f41aaec50ceec7b46bc49571127ef77d2c3aba1c6faa87ab67f53c7baff207d0
              • Opcode Fuzzy Hash: ce1b63c55fa8ef64f15d840fc8bda5276c38aa3808c4e2c1f2075ddef39f3065
              • Instruction Fuzzy Hash: E6517C74E103088FDB14DFA9D455AAEBBF6FF88310F54842AD45AE7380DB3899058BA1
              Function 05A08260 Relevance: 2.6, Strings: 2, Instructions: 71COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1210 5a08260-5a08273 1211 5a08292-5a08299 1210->1211 1212 5a082a1-5a082e5 1211->1212 1217 5a08275-5a08278 1212->1217 1218 5a08281-5a08290 1217->1218 1219 5a0827a 1217->1219 1218->1217 1219->1211 1219->1218 1220 5a082e7-5a082ed 1219->1220 1221 5a082f1-5a082fd 1220->1221 1222 5a082ef 1220->1222 1224 5a082ff-5a0830e 1221->1224 1222->1224 1227 5a08310-5a08316 1224->1227 1228 5a08326-5a08339 1224->1228 1229 5a08318 1227->1229 1230 5a0831a-5a0831c 1227->1230 1229->1228 1230->1228
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: 8q$8q
              • API String ID: 0-4291441500
              • Opcode ID: 57080453b4a5cd805b402b2520b841aeb2df6f8b4d36ab9601f9a02974fa1651
              • Instruction ID: 463c7064c83c61d2ebbb9c72930e8c070468a5d4fea95ce03e943aa8b1feb06f
              • Opcode Fuzzy Hash: 57080453b4a5cd805b402b2520b841aeb2df6f8b4d36ab9601f9a02974fa1651
              • Instruction Fuzzy Hash: BA210270B14206DFDB94DB79A849E6A77E7EBC8700B145439D616E72C0EF388D01879A
              Function 07DB5D0D Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1232 7db5d0d-7db5dad 1234 7db5daf-7db5db9 1232->1234 1235 7db5de6-7db5e06 1232->1235 1234->1235 1236 7db5dbb-7db5dbd 1234->1236 1240 7db5e08-7db5e12 1235->1240 1241 7db5e3f-7db5e6e 1235->1241 1238 7db5dbf-7db5dc9 1236->1238 1239 7db5de0-7db5de3 1236->1239 1242 7db5dcb 1238->1242 1243 7db5dcd-7db5ddc 1238->1243 1239->1235 1240->1241 1244 7db5e14-7db5e16 1240->1244 1251 7db5e70-7db5e7a 1241->1251 1252 7db5ea7-7db5f61 CreateProcessA 1241->1252 1242->1243 1243->1243 1245 7db5dde 1243->1245 1246 7db5e39-7db5e3c 1244->1246 1247 7db5e18-7db5e22 1244->1247 1245->1239 1246->1241 1249 7db5e26-7db5e35 1247->1249 1250 7db5e24 1247->1250 1249->1249 1253 7db5e37 1249->1253 1250->1249 1251->1252 1254 7db5e7c-7db5e7e 1251->1254 1263 7db5f6a-7db5ff0 1252->1263 1264 7db5f63-7db5f69 1252->1264 1253->1246 1255 7db5ea1-7db5ea4 1254->1255 1256 7db5e80-7db5e8a 1254->1256 1255->1252 1258 7db5e8e-7db5e9d 1256->1258 1259 7db5e8c 1256->1259 1258->1258 1260 7db5e9f 1258->1260 1259->1258 1260->1255 1274 7db5ff2-7db5ff6 1263->1274 1275 7db6000-7db6004 1263->1275 1264->1263 1274->1275 1276 7db5ff8 1274->1276 1277 7db6006-7db600a 1275->1277 1278 7db6014-7db6018 1275->1278 1276->1275 1277->1278 1279 7db600c 1277->1279 1280 7db601a-7db601e 1278->1280 1281 7db6028-7db602c 1278->1281 1279->1278 1280->1281 1284 7db6020 1280->1284 1282 7db603e-7db6045 1281->1282 1283 7db602e-7db6034 1281->1283 1285 7db605c 1282->1285 1286 7db6047-7db6056 1282->1286 1283->1282 1284->1281 1288 7db605d 1285->1288 1286->1285 1288->1288
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07DB5F4E
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: a6c76f47243e89e359e31e2086cedb9546f0f080cf67ce073592d718641d1330
              • Instruction ID: a64e88ff5def844f7482bbc5b30a737754856b66853f031d57ffbee361c1011d
              • Opcode Fuzzy Hash: a6c76f47243e89e359e31e2086cedb9546f0f080cf67ce073592d718641d1330
              • Instruction Fuzzy Hash: 9D914CB1D0061ACFDB24DF69D841BEDFBB2AF48310F0481A9E81AA7240DB759995CF91
              Function 07DB5D18 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1289 7db5d18-7db5dad 1291 7db5daf-7db5db9 1289->1291 1292 7db5de6-7db5e06 1289->1292 1291->1292 1293 7db5dbb-7db5dbd 1291->1293 1297 7db5e08-7db5e12 1292->1297 1298 7db5e3f-7db5e6e 1292->1298 1295 7db5dbf-7db5dc9 1293->1295 1296 7db5de0-7db5de3 1293->1296 1299 7db5dcb 1295->1299 1300 7db5dcd-7db5ddc 1295->1300 1296->1292 1297->1298 1301 7db5e14-7db5e16 1297->1301 1308 7db5e70-7db5e7a 1298->1308 1309 7db5ea7-7db5f61 CreateProcessA 1298->1309 1299->1300 1300->1300 1302 7db5dde 1300->1302 1303 7db5e39-7db5e3c 1301->1303 1304 7db5e18-7db5e22 1301->1304 1302->1296 1303->1298 1306 7db5e26-7db5e35 1304->1306 1307 7db5e24 1304->1307 1306->1306 1310 7db5e37 1306->1310 1307->1306 1308->1309 1311 7db5e7c-7db5e7e 1308->1311 1320 7db5f6a-7db5ff0 1309->1320 1321 7db5f63-7db5f69 1309->1321 1310->1303 1312 7db5ea1-7db5ea4 1311->1312 1313 7db5e80-7db5e8a 1311->1313 1312->1309 1315 7db5e8e-7db5e9d 1313->1315 1316 7db5e8c 1313->1316 1315->1315 1317 7db5e9f 1315->1317 1316->1315 1317->1312 1331 7db5ff2-7db5ff6 1320->1331 1332 7db6000-7db6004 1320->1332 1321->1320 1331->1332 1333 7db5ff8 1331->1333 1334 7db6006-7db600a 1332->1334 1335 7db6014-7db6018 1332->1335 1333->1332 1334->1335 1336 7db600c 1334->1336 1337 7db601a-7db601e 1335->1337 1338 7db6028-7db602c 1335->1338 1336->1335 1337->1338 1341 7db6020 1337->1341 1339 7db603e-7db6045 1338->1339 1340 7db602e-7db6034 1338->1340 1342 7db605c 1339->1342 1343 7db6047-7db6056 1339->1343 1340->1339 1341->1338 1345 7db605d 1342->1345 1343->1342 1345->1345
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07DB5F4E
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 57e4a070ce7227042bd2d3909cb6166a914cab5bb70f9ef121d9f2fdfa0f0351
              • Instruction ID: 3d8c21db0f266a9723a1b24bf9cfdfdf4d04e0cef5a3593d6891640d63c60bb2
              • Opcode Fuzzy Hash: 57e4a070ce7227042bd2d3909cb6166a914cab5bb70f9ef121d9f2fdfa0f0351
              • Instruction Fuzzy Hash: BE915DB1D0061ACFDB24DF69D841BEDFBB2BF48310F0481A9D81AA7240DB759995CF91
              Function 01B0AD48 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1346 1b0ad48-1b0ad57 1347 1b0ad83-1b0ad87 1346->1347 1348 1b0ad59-1b0ad66 call 1b0a06c 1346->1348 1350 1b0ad89-1b0ad93 1347->1350 1351 1b0ad9b-1b0addc 1347->1351 1353 1b0ad68 1348->1353 1354 1b0ad7c 1348->1354 1350->1351 1357 1b0ade9-1b0adf7 1351->1357 1358 1b0adde-1b0ade6 1351->1358 1401 1b0ad6e call 1b0afe0 1353->1401 1402 1b0ad6e call 1b0afd1 1353->1402 1354->1347 1359 1b0adf9-1b0adfe 1357->1359 1360 1b0ae1b-1b0ae1d 1357->1360 1358->1357 1362 1b0ae00-1b0ae07 call 1b0a078 1359->1362 1363 1b0ae09 1359->1363 1365 1b0ae20-1b0ae27 1360->1365 1361 1b0ad74-1b0ad76 1361->1354 1364 1b0aeb8-1b0af78 1361->1364 1367 1b0ae0b-1b0ae19 1362->1367 1363->1367 1396 1b0af80-1b0afab GetModuleHandleW 1364->1396 1397 1b0af7a-1b0af7d 1364->1397 1368 1b0ae34-1b0ae3b 1365->1368 1369 1b0ae29-1b0ae31 1365->1369 1367->1365 1371 1b0ae48-1b0ae51 call 1b0a088 1368->1371 1372 1b0ae3d-1b0ae45 1368->1372 1369->1368 1377 1b0ae53-1b0ae5b 1371->1377 1378 1b0ae5e-1b0ae63 1371->1378 1372->1371 1377->1378 1379 1b0ae81-1b0ae85 1378->1379 1380 1b0ae65-1b0ae6c 1378->1380 1385 1b0ae8b-1b0ae8e 1379->1385 1380->1379 1382 1b0ae6e-1b0ae7e call 1b0a098 call 1b0a0a8 1380->1382 1382->1379 1387 1b0ae90-1b0aeae 1385->1387 1388 1b0aeb1-1b0aeb7 1385->1388 1387->1388 1398 1b0afb4-1b0afc8 1396->1398 1399 1b0afad-1b0afb3 1396->1399 1397->1396 1399->1398 1401->1361 1402->1361
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 01B0AF9E
              Memory Dump Source
              • Source File: 00000000.00000002.1279350504.0000000001B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1b00000_ungziped_file.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 616ba3316f523536303ab02d94009cd3f1b00b923dca89ca26e4d4f38b8f502c
              • Instruction ID: b4b890902d008f81f1c4d2b656c90c86cb5a03c1510caa0f8fa17936e281d80b
              • Opcode Fuzzy Hash: 616ba3316f523536303ab02d94009cd3f1b00b923dca89ca26e4d4f38b8f502c
              • Instruction Fuzzy Hash: 8D715770A00B058FE729DF39D04575ABBF1FF88204F148A6DD48AD7A90DB75E849CB91
              Function 01B044B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
              Download Yara Rule
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 01B059C9
              Memory Dump Source
              • Source File: 00000000.00000002.1279350504.0000000001B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1b00000_ungziped_file.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: f60e9ae81a7c3ec84cf8fbe2f9541ecbb263697fbb231f3c75d5fcc5719d65a9
              • Instruction ID: fc3806d2321a7bb4b7018cb17000c3f3d27ba0671e446ac48b1183764caf5eb7
              • Opcode Fuzzy Hash: f60e9ae81a7c3ec84cf8fbe2f9541ecbb263697fbb231f3c75d5fcc5719d65a9
              • Instruction Fuzzy Hash: EE41E271C0071DCBDB28DFAAC88479DBBF5BF48304F20816AD408AB251DB75694ACF90
              Function 01B0590C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
              Download Yara Rule
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 01B059C9
              Memory Dump Source
              • Source File: 00000000.00000002.1279350504.0000000001B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1b00000_ungziped_file.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: c88497959548ff721438580bf0c84080ea5d540766e1f4c8ac298b90c520f5f0
              • Instruction ID: 4384610656fae77fe38c585efc7e4cba38689ac4c6997423f100842b0d8004c9
              • Opcode Fuzzy Hash: c88497959548ff721438580bf0c84080ea5d540766e1f4c8ac298b90c520f5f0
              • Instruction Fuzzy Hash: 4241E0B1C01719CFEB28DFA9C88479DBBF1BF48304F2081AAD418AB250DB75694ACF50
              Function 05914040 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
              Download Yara Rule
              APIs
              • CallWindowProcW.USER32(?,?,?,?,?), ref: 05914101
              Memory Dump Source
              • Source File: 00000000.00000002.1284081517.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5910000_ungziped_file.jbxd
              Similarity
              • API ID: CallProcWindow
              • String ID:
              • API String ID: 2714655100-0
              • Opcode ID: b92915ea4d1207b10ee056326f2d02bccebe333bcc08fa15edba6d1f7050637a
              • Instruction ID: 3fcd1a4f18940459296264ef25e838b3ccec381be1d78d746dcb27373db47ef1
              • Opcode Fuzzy Hash: b92915ea4d1207b10ee056326f2d02bccebe333bcc08fa15edba6d1f7050637a
              • Instruction Fuzzy Hash: 9C4117B89003198FCB14DF99C849AAABBF5FF98314F24C459D919A7321D775A841CFA0
              Function 07DB5A89 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
              Download Yara Rule
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07DB5B20
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: a63ea31193bcc2f96a1a93d37058817fcf28208a26472234c580eb396c7239f8
              • Instruction ID: 07476c647b84819e361d3d10b85b0a477759bcd496693808a433d61765b43ca9
              • Opcode Fuzzy Hash: a63ea31193bcc2f96a1a93d37058817fcf28208a26472234c580eb396c7239f8
              • Instruction Fuzzy Hash: 2F2146B5C003099FDB20CFA9D881BDEBBF1FF48310F10842AE919A3240C7789954CBA4
              Function 07DB5A90 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
              Download Yara Rule
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07DB5B20
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 435d9957f8e0bf5364dea103a2ab317360be31eaace0e6982523cd107a0bf403
              • Instruction ID: 72b94b6f6a0b129af72ec0c38948664194fac5a698d9e8cd8942fe60bfb74872
              • Opcode Fuzzy Hash: 435d9957f8e0bf5364dea103a2ab317360be31eaace0e6982523cd107a0bf403
              • Instruction Fuzzy Hash: 472125B5D003099FDB20DFAAC885BDEBBF5FF48310F50842AE919A7240C7799955CBA4
              Function 07DB5B79 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
              Download Yara Rule
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07DB5C00
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: 4fee3566b50082cced54a113b6545120b22c6f5b1878c9bbb643518845d3b690
              • Instruction ID: e9ab2ddf320852c64c45be6840ac768201fdd0b8db1f436d4d3ff2eb5f9a29fb
              • Opcode Fuzzy Hash: 4fee3566b50082cced54a113b6545120b22c6f5b1878c9bbb643518845d3b690
              • Instruction Fuzzy Hash: F72126B1C003599FDB10DF9AC881AEEFBF5FF48310F50842AE919A3240C7359941CBA0
              Function 07DB5080 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07DB5106
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: d0cfd22aca2b9abeb058689fa82f5532f9fb19858965259f8613b3aafdb22e26
              • Instruction ID: 1c04008948ed5837d6c62b04b5ce33d4602accbc1255104e796331e1a0ef8b67
              • Opcode Fuzzy Hash: d0cfd22aca2b9abeb058689fa82f5532f9fb19858965259f8613b3aafdb22e26
              • Instruction Fuzzy Hash: 7F2148B5D003098FDB20DFAAC4857EEBBF4EF48364F548429D419A7240CB789945CBA0
              Function 01B0D21C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,01B0D5F6,?,?,?,?,?), ref: 01B0D6B7
              Memory Dump Source
              • Source File: 00000000.00000002.1279350504.0000000001B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1b00000_ungziped_file.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: ca238aed4cba6210a6c958575db15eb5de0f00f135acb17217707d4d17902125
              • Instruction ID: 24ee39e22976257d4aac293598a0c2330f0c9b65313ae790f34f7092e68d1c79
              • Opcode Fuzzy Hash: ca238aed4cba6210a6c958575db15eb5de0f00f135acb17217707d4d17902125
              • Instruction Fuzzy Hash: 0D21E3B5D002089FDB10DF9AD984AEEBFF5EB48320F14845AE918A3350D374A944CFA5
              Function 07DB5B80 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
              Download Yara Rule
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07DB5C00
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: f591c42c6cb335664cc99630506a5ab4e914850536b2c2af8a60a83ad10cad14
              • Instruction ID: 2ed8fdf8ed17a8a1d9f02c56a94baadbc0bac307d10ea28dbf9979d9d5fa6d27
              • Opcode Fuzzy Hash: f591c42c6cb335664cc99630506a5ab4e914850536b2c2af8a60a83ad10cad14
              • Instruction Fuzzy Hash: 202105B5C003499FDB10DFAAC841BDEBBF5FF48310F508429E919A7240C7799941CBA4
              Function 07DB5088 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07DB5106
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: 7c5023b507a00e9bb6981b6b96db6cb87743acac234ddd6f023fefaa0424a8f6
              • Instruction ID: 84f9b9b45ba50f50f851bc6286a4730dc195042385a66de6bac950a980ae90b7
              • Opcode Fuzzy Hash: 7c5023b507a00e9bb6981b6b96db6cb87743acac234ddd6f023fefaa0424a8f6
              • Instruction Fuzzy Hash: 962137B5D003098FDB20DFAAC4857EEBBF4EF88214F548429D419A7240CB789945CFA4
              Function 01B0D629 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,01B0D5F6,?,?,?,?,?), ref: 01B0D6B7
              Memory Dump Source
              • Source File: 00000000.00000002.1279350504.0000000001B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1b00000_ungziped_file.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 62378ebdb4963d0d066df1b67df8e44dfe6d7d9b125d14e538ef85f56fca4651
              • Instruction ID: a46049443c800eb54d19f1be6f8140f2d5117154bd5364c69fe3b7ae5dfd526f
              • Opcode Fuzzy Hash: 62378ebdb4963d0d066df1b67df8e44dfe6d7d9b125d14e538ef85f56fca4651
              • Instruction Fuzzy Hash: A621C4B5D002099FDB10CF9AD985ADEBFF5FB48314F14841AE918A7350C378A945CF65
              Function 07DB59C9 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07DB5A3E
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: a698988f666788c04a0e0e93ad3f6279d6e8b1b8c87813c5cf375fa776db3d93
              • Instruction ID: b38df53608c9ee94a3a378b7a12aaf986a38a6bc8cb251a03cce1e22b3d9c56d
              • Opcode Fuzzy Hash: a698988f666788c04a0e0e93ad3f6279d6e8b1b8c87813c5cf375fa776db3d93
              • Instruction Fuzzy Hash: 65114476C003499FDB20DFAAD845BDEFFF5AF48320F14841AE51AA7250CB75A944CBA1
              Function 07DB4FD0 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 85d1057dc1d77dd1452f958d0ca40c567488882735311b3efe6579d0e9e7c26e
              • Instruction ID: 04abe406d1b71c6803084c8b8c69499fda30a527c3465e8697a9891e89ef7033
              • Opcode Fuzzy Hash: 85d1057dc1d77dd1452f958d0ca40c567488882735311b3efe6579d0e9e7c26e
              • Instruction Fuzzy Hash: 471137B5C003098FDB20DFAAD4457DEFBF5EF88224F20841AD516A7240DB75A945CB94
              Function 07DB59D0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07DB5A3E
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 03cb70912ace1626bd9ac0b81920201eaf012973a96c3e3932bbca2cf8baf818
              • Instruction ID: 1445f4f69d6f5a1abb74bd6636fed49c8d57d9023bf1f27f36cc1f25170e3e8f
              • Opcode Fuzzy Hash: 03cb70912ace1626bd9ac0b81920201eaf012973a96c3e3932bbca2cf8baf818
              • Instruction Fuzzy Hash: 93115675C003499FDB20DFAAC845BDEBBF5EF48320F108419E516A7250CB75A900CFA0
              Function 07DB4FD8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 361695064e604edfe402a94aa5b741674245db487696e2ab9f2efd4e081d093a
              • Instruction ID: a0168af32df86d914924d1ad88fed31cf0f91bc214ca154666bb48a8d1021be5
              • Opcode Fuzzy Hash: 361695064e604edfe402a94aa5b741674245db487696e2ab9f2efd4e081d093a
              • Instruction Fuzzy Hash: BD1158B5C003098FDB20DFAAC4457DEFBF5AF88224F108419D51AA7240CB75A901CB94
              Function 01B0AF38 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 01B0AF9E
              Memory Dump Source
              • Source File: 00000000.00000002.1279350504.0000000001B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1b00000_ungziped_file.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 57e1e699747ee36a7ae21ee3fe18a7dfeb7811f107118c4ba7ca69cdde947990
              • Instruction ID: b1b78b844dfcb37dc20aa1e08c6de04714db2ff6edcd291def33e4d23da71b0e
              • Opcode Fuzzy Hash: 57e1e699747ee36a7ae21ee3fe18a7dfeb7811f107118c4ba7ca69cdde947990
              • Instruction Fuzzy Hash: DF1102B5C003498FDB14DF9AC444ADEFBF4EB88214F10846AD419A7240C379A545CFA1
              Function 07DB7F08 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,00000010,00000000,?), ref: 07DB7F6D
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 89358cd7637cd2891703307313ddf410525948e69fbcfd5b261075391e03f353
              • Instruction ID: fadcfe32b757117da93856d58e363f717356678818d59bbd224222c7c04c6200
              • Opcode Fuzzy Hash: 89358cd7637cd2891703307313ddf410525948e69fbcfd5b261075391e03f353
              • Instruction Fuzzy Hash: 5111E0B9800249DFDB20DF9AD485BDEBBF4EB48320F10841AE519A7210C375A944CFA5
              Function 07DB3A00 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,00000010,00000000,?), ref: 07DB7F6D
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 98d06ee55696216d75714663cd838923dcf996842a4ee6da32d637c411bbdf3e
              • Instruction ID: b750651ac4c8f9e65f82f3e3d3c9000111865657484f78d8632b59582d891013
              • Opcode Fuzzy Hash: 98d06ee55696216d75714663cd838923dcf996842a4ee6da32d637c411bbdf3e
              • Instruction Fuzzy Hash: ED11F2B5800349DFDB20DF9AC885BDEFBF8EB48324F10841AE919A7200C375A944CFA5
              Function 05A01864 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: (q
              • API String ID: 0-2414175341
              • Opcode ID: c1aebe1a25daa8cc4bee4758a16e2b00a484d0cde3d77ab43e43fbc026d17206
              • Instruction ID: d87532995b0e9a4ab8f4056d88d66087ccf533eed8cb5ffb5d7ddf9892404e61
              • Opcode Fuzzy Hash: c1aebe1a25daa8cc4bee4758a16e2b00a484d0cde3d77ab43e43fbc026d17206
              • Instruction Fuzzy Hash: 8E512671B187419FDB15CB39D894AAABFF5FF85300715889BD05ACB292DB30AC06C7A1
              Function 05A07443 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: 0,Aq
              • API String ID: 0-777562071
              • Opcode ID: ecc1628cdbedad0e2191c79b90cfa31ff5178f27e960c5606562501b2190ea82
              • Instruction ID: 1910d2b4ca9307c2a6b6b974cd52bb968b4c7c03d034a5247a9040cf775c5c08
              • Opcode Fuzzy Hash: ecc1628cdbedad0e2191c79b90cfa31ff5178f27e960c5606562501b2190ea82
              • Instruction Fuzzy Hash: AA51A131F106049BD704AB78D445B9DBBB2FF89300F14C5A9E8456B385DF74AD4ACB81
              Function 05A06F9C Relevance: 1.4, Strings: 1, Instructions: 154COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: Teq
              • API String ID: 0-1098410595
              • Opcode ID: cf2703922313e10cafb89edc134e96e4a2067ed9fc5cecde309a2f81ab2d585a
              • Instruction ID: a7f545c7918fee89e9b54ada973eb4cfdc504151d58ef44c81c54502fccf49cb
              • Opcode Fuzzy Hash: cf2703922313e10cafb89edc134e96e4a2067ed9fc5cecde309a2f81ab2d585a
              • Instruction Fuzzy Hash: A7519171B106069FCB14DB79D8489BEBBF6FFC5320B148929E41AD7390DB349D0687A0
              Function 05A07450 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: 0,Aq
              • API String ID: 0-777562071
              • Opcode ID: 1d23597fd57f76f10424dfd5418f666900a0333913ca4ffc1c90ac13b7ef436a
              • Instruction ID: aeaa97f16e9bd4378c511109b3244149d965dd6d3deb6be01ee0e4ad3e231687
              • Opcode Fuzzy Hash: 1d23597fd57f76f10424dfd5418f666900a0333913ca4ffc1c90ac13b7ef436a
              • Instruction Fuzzy Hash: 55519F31F106049BD704AB78D445BADBBB2FF89300F14C9A9E8456B385DF75AD4ACB81
              Function 05A08250 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: 8q
              • API String ID: 0-4083045702
              • Opcode ID: 749cdc4701ca0d9ee4e069bcb56416b1db7e0f072cc40b3f25ca5cf8b1b56f10
              • Instruction ID: 62d833b6b6a8afff84a266203dafa31386a85b901f660acd1b580e99f1cb3432
              • Opcode Fuzzy Hash: 749cdc4701ca0d9ee4e069bcb56416b1db7e0f072cc40b3f25ca5cf8b1b56f10
              • Instruction Fuzzy Hash: 93216771B28205DFCB40CB28B849EAA77F6EBC8310B50103AD616E72C1DB398D05875A
              Function 05A08BE0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: Teq
              • API String ID: 0-1098410595
              • Opcode ID: c4b4489d21ec97a062093afeadc1e53164585eb0a805119b6ecede2c47ce7288
              • Instruction ID: 986f06025d0ba2b41df34aec8c9d8a6780fbf766094791f6a457d0e43b0559a1
              • Opcode Fuzzy Hash: c4b4489d21ec97a062093afeadc1e53164585eb0a805119b6ecede2c47ce7288
              • Instruction Fuzzy Hash: 4C115431F112098FCB64EBB89810AEE7BF2AF88310B104079C555E7384EB398D01C794
              Function 07DB96C1 Relevance: 1.3, APIs: 1, Instructions: 51COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07DB9579,?,?), ref: 07DB9720
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: f4c56fd8de539c8e59c46cc488463dd4c737c44af2cefc63ba0dd72b1b8fda53
              • Instruction ID: 65581779956d50a323e7efc369567bb51b11dc5f10aa759f674f89b3d758815b
              • Opcode Fuzzy Hash: f4c56fd8de539c8e59c46cc488463dd4c737c44af2cefc63ba0dd72b1b8fda53
              • Instruction Fuzzy Hash: 8A1113B9800349DFCB20DF9AD585BDEBBF4EB48320F20841AD959A7240D738A945CFA5
              Function 07DB8D98 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07DB9579,?,?), ref: 07DB9720
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: 95c5385b9a3d2eaf7e8750ea16feebc5652d4e8fd0098bdcbe1640e9c0a0c8b8
              • Instruction ID: ff74f0c8add44681b3f3f9a0b083b57c5423e929d73173f5d1a6ef0456ca7b7a
              • Opcode Fuzzy Hash: 95c5385b9a3d2eaf7e8750ea16feebc5652d4e8fd0098bdcbe1640e9c0a0c8b8
              • Instruction Fuzzy Hash: 6C1113B5800349DFCB20DF9AC445BDEBBF4EB48324F108419EA99A7340D778A945CFA5
              Function 05A0EC50 Relevance: .3, Instructions: 256COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55a6177d406fe238bbab9f7d8383d85978182e8fbdab857bb689d61b0cea5f22
              • Instruction ID: f96d2894e10ce650e952683f1f546a05fb96034a58c0e2f3b271197c61a075df
              • Opcode Fuzzy Hash: 55a6177d406fe238bbab9f7d8383d85978182e8fbdab857bb689d61b0cea5f22
              • Instruction Fuzzy Hash: 57A12A74E1421ADFDB14DFA8D580ADDBBBAFF88300F109A19D419AB395DB30A946CF50
              Function 05A01750 Relevance: .2, Instructions: 211COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d86d2ad593c51e4f22065772b3126acfee430b86650f0afe33b24db485250d4
              • Instruction ID: 2b8f2b2dca5764b91832cb9ca971baff8324707af137b3dea2a08e655e4c9d96
              • Opcode Fuzzy Hash: 6d86d2ad593c51e4f22065772b3126acfee430b86650f0afe33b24db485250d4
              • Instruction Fuzzy Hash: B67158B5E103589FDB11DFA9D858BEEBFB5FF88300F14811AE418AB251DB709905CB91
              Function 05A0AF70 Relevance: .2, Instructions: 175COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d734ce482cda49c22f4351cfaf81e2276534b821351be0bd84a71c312e5255c
              • Instruction ID: 32e5a2dbcb89c1cc12e6d6d68e4cc304ce6c24043fe1f9551a0913c6233a6033
              • Opcode Fuzzy Hash: 6d734ce482cda49c22f4351cfaf81e2276534b821351be0bd84a71c312e5255c
              • Instruction Fuzzy Hash: 0451D470F102099FEB14DBA5D851BBEBBB3BB84701F148126E566AB3C4DB349D02CB91
              Function 05A017A4 Relevance: .2, Instructions: 171COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6fef04bd7d4e03a49bd7518a88873ac0f1505622ec6fb32fac5ecb44e313112a
              • Instruction ID: 8b4ee5e098dbca21097d2f5abad6c51d7545c4aa7675b1df9c6b001c93d772a2
              • Opcode Fuzzy Hash: 6fef04bd7d4e03a49bd7518a88873ac0f1505622ec6fb32fac5ecb44e313112a
              • Instruction Fuzzy Hash: E041AF71E11204EFCB14DFB0E948AEEBFB2FF85301F15886AE452A7291DB319915CB50
              Function 05A011C0 Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18d727205d8b25c1efe30cc0c11691957b737dcc18876edb492fb47981994843
              • Instruction ID: df390f23d0879cc3bfc2e07553705b144dd8185a2914fe8a6524a1c90b280b4a
              • Opcode Fuzzy Hash: 18d727205d8b25c1efe30cc0c11691957b737dcc18876edb492fb47981994843
              • Instruction Fuzzy Hash: A9517830B202058FDB25DB69D984FAEBBBABF89700F504169D51ADB3A0DB71EC05CB51
              Function 05A0AF60 Relevance: .2, Instructions: 163COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d8ea280d55d85d7fc86a1a207da1aceddc74b79908e94cb64f40df65323a4e9
              • Instruction ID: 6958cf07b6a772d4e64eca25752a4170f1e66dd1cd9cac051812471a9e5e65a1
              • Opcode Fuzzy Hash: 0d8ea280d55d85d7fc86a1a207da1aceddc74b79908e94cb64f40df65323a4e9
              • Instruction Fuzzy Hash: 7651C470F103099FEB04DBA5E851BBEBBB3BB84701F148529E556AB3C4DB349902CB91
              Function 05A011AF Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1599a239463fb9c45ea8536d5bc5b563da2614e2ea7829d5fde38f4decdfeee9
              • Instruction ID: 66131c2b27e377836ff66b6e152e75f2978661dcddf36fb5612c8f35ed78c34d
              • Opcode Fuzzy Hash: 1599a239463fb9c45ea8536d5bc5b563da2614e2ea7829d5fde38f4decdfeee9
              • Instruction Fuzzy Hash: E0417830B102059FCB15DBA8D984BADBBF6BF89300F144569D51AEB3A1DB71EC05CB51
              Function 05A0F200 Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5e79ab3ce8c14f918c333ca06cbf71629e546327c8e81a34678acc0cdb15f06
              • Instruction ID: a351252489093641959c8199f471e22dba8824387b35bc360fff9514e06d87d9
              • Opcode Fuzzy Hash: d5e79ab3ce8c14f918c333ca06cbf71629e546327c8e81a34678acc0cdb15f06
              • Instruction Fuzzy Hash: 3E41D474E182088FDB18CFAAE944AAEBBF6AB8D300F14E06AD419B6291D7345941CB54
              Function 05A01900 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa8b787d018a6c1fdc6c646ac9143f80bf5b4b5839b10f2f3cced50d29c8e9d4
              • Instruction ID: e390aa389ec7a14c8bbb928732503bc03b413089f920407fe691ce00312e6ba4
              • Opcode Fuzzy Hash: fa8b787d018a6c1fdc6c646ac9143f80bf5b4b5839b10f2f3cced50d29c8e9d4
              • Instruction Fuzzy Hash: C6418F35E102158FEF24EB74E994BED7AB2EF88350F546429D402BB380DB359C85CB95
              Function 05A03800 Relevance: .1, Instructions: 108COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3bade220f1661af71430a488a2359b4136a8adf76e83622653b6ef7e309f106
              • Instruction ID: 45f041d1954f342ce827395ff404e6afae9f34c9fef1dcfea2eedd1c5d540f0d
              • Opcode Fuzzy Hash: a3bade220f1661af71430a488a2359b4136a8adf76e83622653b6ef7e309f106
              • Instruction Fuzzy Hash: 60412670A097419FDB15CF2AD494A9ABFF1FF89300709899AD059CB2A2D730EC02CB91
              Function 05A07676 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 185ec036a9c4b92b737e72b54b6e77d468d2178a437a356ebaba3d275a29e053
              • Instruction ID: a12d8ae65adac2f3900fe88411d444c9379669cdc6d10cf632c26918adb8241a
              • Opcode Fuzzy Hash: 185ec036a9c4b92b737e72b54b6e77d468d2178a437a356ebaba3d275a29e053
              • Instruction Fuzzy Hash: 2031C17072C3844FD7128778A8297293FF2EB86351F1940ABE582CB2D2CE389C05C762
              Function 05A0061C Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53bc82aa34f0e6f11014b51dcbeeff9642760f00ed42b093f881f46c7bd67a65
              • Instruction ID: 9b1b7b2294dc5dc7f7d53d30254c04721709ca4c976029a7c3199e9a39c7692a
              • Opcode Fuzzy Hash: 53bc82aa34f0e6f11014b51dcbeeff9642760f00ed42b093f881f46c7bd67a65
              • Instruction Fuzzy Hash: 3641E0B1D00309CBDB20DFAAC588ACEBBF5BF48314F648029D409AB254D7756A4ACF90
              Function 05A09E74 Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99ef752fa8579ce907bdb7d557b1288f95795b0c44978a89dcc924ff83631f82
              • Instruction ID: f69e843c115a3cae9c8f7d2c2e26ecaeee315dbb1d22f1ea148385543b40a1c9
              • Opcode Fuzzy Hash: 99ef752fa8579ce907bdb7d557b1288f95795b0c44978a89dcc924ff83631f82
              • Instruction Fuzzy Hash: 823159B5910309AFCF10DFA9E944A9EBFF5EB48310F10842AE919E7250D735A940CFA5
              Function 05A00B75 Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b31e89f6b1b5285f2927fed54978df83e0b033cb5ed1992d8de3532cbb25d41
              • Instruction ID: 5d82facce7c5a891a2d3f96c762570ad261ecbed8b4b8f8a628beaa168aae03a
              • Opcode Fuzzy Hash: 0b31e89f6b1b5285f2927fed54978df83e0b033cb5ed1992d8de3532cbb25d41
              • Instruction Fuzzy Hash: 0E41E0B1D01309CBDB20DFA9C988ACDFBF5BF48314F64842AD409AB254D7756A4ACF90
              Function 05A0C080 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 02967c3e5738a2564d0ca120d52a39f288f366f2fce31f8038d13a1c3e9d76b3
              • Instruction ID: 9d20a3a3b4c27c11e12b8ba800c4eff8a7229750f437f0ca778238049aff7dc7
              • Opcode Fuzzy Hash: 02967c3e5738a2564d0ca120d52a39f288f366f2fce31f8038d13a1c3e9d76b3
              • Instruction Fuzzy Hash: 5931AE70A24215CFDB24CB69E860ABEFBF2BB85721F14926AD466D72C1D3349C41CB61
              Function 05A01700 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b3eba7760d93e76acaa4303533249e36971df2fb31963edd65fbaeb5f06a3a5
              • Instruction ID: 30d47e1ca0f60f14c05d35fea8d76769bf1d4ed5bb4f77d7c77c449780fa4318
              • Opcode Fuzzy Hash: 3b3eba7760d93e76acaa4303533249e36971df2fb31963edd65fbaeb5f06a3a5
              • Instruction Fuzzy Hash: 8941BFB4D103589FDB24CF9AD888ADEFBB5FF88314F60812AE419AB254D7745845CF90
              Function 05A018F1 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: efac0ca0bab28d1eaa0a469dda94788671a8f0863069dc575f02b92e14f4c5f2
              • Instruction ID: 14ad21388f112f4972f9767aaa0c06f93dbc9f9f47db5ea7586832687ed685ae
              • Opcode Fuzzy Hash: efac0ca0bab28d1eaa0a469dda94788671a8f0863069dc575f02b92e14f4c5f2
              • Instruction Fuzzy Hash: 3931D175E103048FEF28EB74D994BEDBAB2AF89340F546429D412AB381DA358984CBD1
              Function 05A076B8 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57115169b8f53e66a955f5496de61385fd8e58dbf056ae3981ed269115b6df16
              • Instruction ID: c73fa402aa44e92aef205568f35f72959882f07447a916e7471dd802e314ae53
              • Opcode Fuzzy Hash: 57115169b8f53e66a955f5496de61385fd8e58dbf056ae3981ed269115b6df16
              • Instruction Fuzzy Hash: 9A218030B282048FDB149B79A819B3A3FE6EB89351F549466E557C73C1DE359C0287A1
              Function 05A03850 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8bd5165b04126861e89e713abbde4a63b2bc2b1a2e936f526a95550478f4b8da
              • Instruction ID: 6e381e3b1d2814d0e3ef015fe61147b5b9419a335d024eaaec4e7ba189d8cac8
              • Opcode Fuzzy Hash: 8bd5165b04126861e89e713abbde4a63b2bc2b1a2e936f526a95550478f4b8da
              • Instruction Fuzzy Hash: 44313070A14A069FDB24DF2AD584E6ABBF6BF88700B14C95DD41ADB760D730F841CB90
              Function 05A00A78 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91e908c11ea802faaa1d1375334dc9693807f3fa78ed2270df420cc781d84870
              • Instruction ID: 7cd7d32494f0bc7a0a309b141f2f152db0f94867a0d48121d50e8070fb65edec
              • Opcode Fuzzy Hash: 91e908c11ea802faaa1d1375334dc9693807f3fa78ed2270df420cc781d84870
              • Instruction Fuzzy Hash: F021D6356042058FC710EF79D44899BBBF6FF85204B5488A9E50ACB351EF71E8098B90
              Function 05A03E48 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 594473a35bb50a96ddfc940885008018b45ed171b395c51eebb77ca8910d0211
              • Instruction ID: 72e7ba3aff3224c7a5727c0c859caaf23b0356decbcde8e17b4ef7a6f684eae8
              • Opcode Fuzzy Hash: 594473a35bb50a96ddfc940885008018b45ed171b395c51eebb77ca8910d0211
              • Instruction Fuzzy Hash: FE314470A146029FDB24CF2AD585E6EBBF2BF88700B14D95DD42ADB761D730E842CB90
              Function 05A026AC Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab92f08d182464370c30229c4dc0112817cd2d4e112608e816fed0f0d9f7e967
              • Instruction ID: 171d30d4c62f299e927007942e2506d156fdba1a54aa133e5c672499f18bff32
              • Opcode Fuzzy Hash: ab92f08d182464370c30229c4dc0112817cd2d4e112608e816fed0f0d9f7e967
              • Instruction Fuzzy Hash: 00219275E1030A8BDF15DBB8D840AFEBBB6EF98340F544529D505E7381EB349E018BA1
              Function 05A01DB8 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 366259ac25c5c2e94b348f189702655cb1f029171362648a27c22781b7088804
              • Instruction ID: 00f772c0068eeb3474fa71261a15247bb85d26b530f35fc0008c90744a77b717
              • Opcode Fuzzy Hash: 366259ac25c5c2e94b348f189702655cb1f029171362648a27c22781b7088804
              • Instruction Fuzzy Hash: 1F21A335A102099FDB059FA4D984A9EBFBAFFC9300F418519F502AB254DF71A845CF91
              Function 0196D110 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1278758046.000000000196D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_196d000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2baf3d1f1f1e22cdcacc88cc412bebe3053e778944fce3c02683bd113747fb13
              • Instruction ID: bd386e423cd695afea3be168d351fc7ed79201efbb4c4da0b7cccafbfc5bc065
              • Opcode Fuzzy Hash: 2baf3d1f1f1e22cdcacc88cc412bebe3053e778944fce3c02683bd113747fb13
              • Instruction Fuzzy Hash: 47213371604200DFDB19DF44D9C0F16BFAAFB84321F208569E8490B246C376D846CBB2
              Function 0196D3D8 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1278758046.000000000196D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_196d000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7137cc52191bf3a487ee2d79707df47214901e6f100ff7dc33419f05d2ace2f6
              • Instruction ID: 450bcba53944fd20a6a072bb7f2cb79927fba2cd8efeb81480e304540ab87441
              • Opcode Fuzzy Hash: 7137cc52191bf3a487ee2d79707df47214901e6f100ff7dc33419f05d2ace2f6
              • Instruction Fuzzy Hash: 4D213371604244DFDB15DF44D9C0F66BBA9FB88725F20C569E84D0F286C336E846CAB2
              Function 05A01DB6 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b4b48f0eb3a5db7a7caaf9132923a84b9d686b832db6f4e42b81b4dea5593ed6
              • Instruction ID: c680229a372ad75c6e494bd47e6903e34bf7bdf5e071b7ad95465ec342cb55c6
              • Opcode Fuzzy Hash: b4b48f0eb3a5db7a7caaf9132923a84b9d686b832db6f4e42b81b4dea5593ed6
              • Instruction Fuzzy Hash: EA21B235A10209DFDB059FA4E984ADEBFBAFF88300F418519F502AB254DF35A845CF91
              Function 0197D1D4 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1278813100.000000000197D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0197D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_197d000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 851f86a89e03265f7c1b121be0ef77a5eeda9ae13796184d5f5c2cac6c3cdb15
              • Instruction ID: ae44674f449ad6a538627d6b0cbf56bab2ae0f837a72f94f63477bbaf4baa1bc
              • Opcode Fuzzy Hash: 851f86a89e03265f7c1b121be0ef77a5eeda9ae13796184d5f5c2cac6c3cdb15
              • Instruction Fuzzy Hash: 6521D071A04200EFDB15DF94D9C0B26BBA5FF84325F24CAADE94D4B292C336D847CA61
              Function 0197D01C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1278813100.000000000197D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0197D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_197d000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b5ffcbb5b1007daef8a84fc4766b9face2690bb1a7910f1f975ec105c699f27
              • Instruction ID: f58eb8fa09959aae46fc9fd6153dbb9d54d1c15195eb388fa713e95de14cff68
              • Opcode Fuzzy Hash: 2b5ffcbb5b1007daef8a84fc4766b9face2690bb1a7910f1f975ec105c699f27
              • Instruction Fuzzy Hash: A721D075604200DFDB16DF54D984B26BBA5EF84315F24C96DD84E4B286C336D847CA62
              Function 05A0BEA0 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69a4b826af5ff6b4938feb894f0fbe1e4608f569d2e1f8acc720123a55ce3946
              • Instruction ID: ddecf95ea7ee60a47544090d19fea7ce7def4b0d74010ac95b4ebffb46adc23b
              • Opcode Fuzzy Hash: 69a4b826af5ff6b4938feb894f0fbe1e4608f569d2e1f8acc720123a55ce3946
              • Instruction Fuzzy Hash: 3321AE71A2421DDBC7148BA9AA82EBFBBB1BF45300F001536A629C72C1D330DD55CBA6
              Function 05A02F00 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ecd71e23ffd31a449eff51030b0c4f3e0c7729a57929ca116c5c5e7fd7de497
              • Instruction ID: 90ec1d009b0112b2e2066b7f6649fd27cd82e8a38ef9ddb8c729d21666a158df
              • Opcode Fuzzy Hash: 2ecd71e23ffd31a449eff51030b0c4f3e0c7729a57929ca116c5c5e7fd7de497
              • Instruction Fuzzy Hash: 27119076B002199BCF15ABA9E949BFEBBF5EF84310F245429D506E33C0CA754906CB91
              Function 05A08E64 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 674d218e39c5f5f93b2d38305fe7787dc1ba6cd56e9df873ddf1ee87f90e2f5b
              • Instruction ID: 848adae888346626d34a6de619837f8cc907ba0b0c49aca60bddf816bd0cf57c
              • Opcode Fuzzy Hash: 674d218e39c5f5f93b2d38305fe7787dc1ba6cd56e9df873ddf1ee87f90e2f5b
              • Instruction Fuzzy Hash: A13102B0C11218DFDB20DF99D588B8EBFF5BB08314F14802AE409B7280C7B95845CF54
              Function 05A04D34 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f8f8338745481a30be25ed536da8dc6b819c29843fb933c9075fe4f2320aece2
              • Instruction ID: 2ccf5b7122277eaa9d7c33880c2c3e1f549848dbb621659cca3063b7602cc454
              • Opcode Fuzzy Hash: f8f8338745481a30be25ed536da8dc6b819c29843fb933c9075fe4f2320aece2
              • Instruction Fuzzy Hash: 4631E3B4D11318DFDB20DFA9D588B8EBFF5AB48314F14906AE408BB281C7B95845CB95
              Function 05A0BFA8 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8b06ba61b9c7c99a1b49ab352fd10704a903b8c03ef4257da02b1619c5513a7
              • Instruction ID: 8e75eff347093d7ce87ed991832bfafd08c5fa033eaa032a41c04432e297cc79
              • Opcode Fuzzy Hash: e8b06ba61b9c7c99a1b49ab352fd10704a903b8c03ef4257da02b1619c5513a7
              • Instruction Fuzzy Hash: BD1129307542489FE7148B25A915F2E7B67ABC5710F1594AAE012CF2D1CA70DC02CB61
              Function 05A0A5D0 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b55b015670f3d113219a258274a3f59fad415cdaa2c785754bf2b387f9e2a20
              • Instruction ID: 8b6a25053666f732bdcfea6a611b0f48ad07a841fc7b610ab266758618d9040c
              • Opcode Fuzzy Hash: 7b55b015670f3d113219a258274a3f59fad415cdaa2c785754bf2b387f9e2a20
              • Instruction Fuzzy Hash: 6C11E975B14344AFDF14DB74EA19AAE7FF9EB41600F1044AAE806C7292EE34DD079721
              Function 05A06F93 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2cead84c288acdeb0e15247fa3d2ff5119ccf80533c0aabb5c79f391387a60a2
              • Instruction ID: 13c20d680d7917e1ea185f4b4c930f962341ede030b2d3f4c126ca5ac56c6911
              • Opcode Fuzzy Hash: 2cead84c288acdeb0e15247fa3d2ff5119ccf80533c0aabb5c79f391387a60a2
              • Instruction Fuzzy Hash: 4C11E0B1B006065B8B10DB79AC489BFB7FBFFC53207144929D429D3380EF34990687A4
              Function 05A0BE93 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d310d6188b9abc7e7cba9f20c5d8eaf7614204bb14bc89cb81054039256e4d6
              • Instruction ID: 4e126720a675a526edd9bda5ef2f57320623e6c08218c1d6677ba5f870c529e4
              • Opcode Fuzzy Hash: 4d310d6188b9abc7e7cba9f20c5d8eaf7614204bb14bc89cb81054039256e4d6
              • Instruction Fuzzy Hash: B5118E71A24119DBC714CFA9E682FBEBBB2FF44300F001536E729972C0D37099518BA5
              Function 0197D006 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1278813100.000000000197D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0197D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_197d000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb27bf36a665b53369861f98556d796fee0bcb054443e46d994d101ec7a3d898
              • Instruction ID: 6f98683db9430b0120d814b80a63d4ab55c142647dcb162b0f5e9b95208981c3
              • Opcode Fuzzy Hash: cb27bf36a665b53369861f98556d796fee0bcb054443e46d994d101ec7a3d898
              • Instruction Fuzzy Hash: 4B219F755093808FCB03CF24D990715BFB1EF46214F28C5EAD8498F6A7C33A980ACB62
              Function 05A00A68 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1043022a2570f797b5fa5b0b38cafa249c52cb85f309b7427567f934dd1bca3
              • Instruction ID: 6e5d8694c5580bb9bc691fb682c1ee178f8d3a5fb6c67cc9747ff23314b2e16c
              • Opcode Fuzzy Hash: c1043022a2570f797b5fa5b0b38cafa249c52cb85f309b7427567f934dd1bca3
              • Instruction Fuzzy Hash: 6611AF366102058FCB10EB68D549AABB7F6FF84304F448969E51ADB390EB70E9098B91
              Function 05A08CB1 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: acaeb5e9926f14e8bffc6f8c3bfb1817347f4dcd8071111c0f0d7f64ce452809
              • Instruction ID: 355a44324bb881de1a75c1a5bf7ac46eb5875057f9605099dc2fc3bf8c21c7e2
              • Opcode Fuzzy Hash: acaeb5e9926f14e8bffc6f8c3bfb1817347f4dcd8071111c0f0d7f64ce452809
              • Instruction Fuzzy Hash: 321173B5B006165B8B11DA699C44ABFB7F7FBC5360B144539D829D3380EF34D9068760
              Function 05A005E0 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ae51ac843cb47b58d2e3afdfdc96a72a616645d15bdb9634154a76a874425f22
              • Instruction ID: 618fbce25857c421823fbfd9a5063ab2739f2325f95bad496302ef0493b91b65
              • Opcode Fuzzy Hash: ae51ac843cb47b58d2e3afdfdc96a72a616645d15bdb9634154a76a874425f22
              • Instruction Fuzzy Hash: 2921E3B5D103099FDB20DF9AD988B9EFBF4FB48310F50842EE959A7240C374A904CBA5
              Function 05A09E84 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 059a9baa33001dd314bf2349bc0baaec95c5ea96bb05f6eeffc5e3b3194a5560
              • Instruction ID: 046c3c0d7aee36b910ac019961384a8d2036b0ecb5b54b3a115fbe3d76a21867
              • Opcode Fuzzy Hash: 059a9baa33001dd314bf2349bc0baaec95c5ea96bb05f6eeffc5e3b3194a5560
              • Instruction Fuzzy Hash: 5A2103B5C003499FCB20DF9AD984BDEBBF5FB48310F108419E919A7240C775A955CFA5
              Function 0196D3D3 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1278758046.000000000196D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_196d000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
              • Instruction ID: ac916837dc64654757125fa5992f06a04da599d87c10826b2c2a17645c0b35c0
              • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
              • Instruction Fuzzy Hash: BC112676604240CFDB06CF44D5C0B56BFB6FB84324F24C2A9D8490B297C33AE856CBA1
              Function 0196D10B Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1278758046.000000000196D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_196d000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
              • Instruction ID: 9d2df0683c48142e095d33fdbec6a6ff504d8348bebd5080fdb9f1dba128eb5a
              • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
              • Instruction Fuzzy Hash: 15112676604240CFCB16CF44D9C0B16BFB6FB84324F24C1A9D8494B257C33AD456CBA1
              Function 05A00670 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: efb100872d87c286f70914cc74cfb3f403b745c816bb5f0145e0c56c4b19f1b4
              • Instruction ID: 30ad0b72d2526edf8acea9a8c0fe89469b6c980a69e59ee89f8b0c0af23ea639
              • Opcode Fuzzy Hash: efb100872d87c286f70914cc74cfb3f403b745c816bb5f0145e0c56c4b19f1b4
              • Instruction Fuzzy Hash: DE21D6B5D103499FCB20DF9AD884BDEBBF4EB48310F108429E959A7250C375A945CFA1
              Function 05A0BFA0 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3361b6948655f871e56ab4c22f71278802ed36ab08543c82361b1047d7e716d4
              • Instruction ID: ad209f333281ab9f082c94a57ff8bf96dd4a02e341b834db0c4c2072213962ba
              • Opcode Fuzzy Hash: 3361b6948655f871e56ab4c22f71278802ed36ab08543c82361b1047d7e716d4
              • Instruction Fuzzy Hash: 83110830B54208AFE7208F15A90AF6E77A7EBC5710F559079F5169F2D0CAB1DC42CB51
              Function 0197D1CF Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1278813100.000000000197D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0197D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_197d000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
              • Instruction ID: 5365ac7a5d738387839771bbd39c7db0194d44be0bee30558e663f99ca81ddb3
              • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
              • Instruction Fuzzy Hash: 5011BB75504280DFDB06CF54C5C0B15BFA2FF84324F28C6ADD8494B296C33AD40ACB61
              Function 05A02C21 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf65528d0b25fc2601fcb43598cbb73789d571d2905c0e02767f431f45e8d4a6
              • Instruction ID: fa089a5ba2b7b84a4c3437f9f79b50d88584eee0780cbb03a353c0779e38a976
              • Opcode Fuzzy Hash: bf65528d0b25fc2601fcb43598cbb73789d571d2905c0e02767f431f45e8d4a6
              • Instruction Fuzzy Hash: A511E2B5C107099FCB10DFAAD849B9EFBF4EB88320F14841AD419A3250D774A9058FA1
              Function 05A01744 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9cd44bc3ca9ec58d116f7ac02519c0a7fcb0590b82d506f979aaa4cfcf1c14c6
              • Instruction ID: 4bf48efe953cc5b996d9c9577c5d6810adc4570c017b79a054a984459472c1c8
              • Opcode Fuzzy Hash: 9cd44bc3ca9ec58d116f7ac02519c0a7fcb0590b82d506f979aaa4cfcf1c14c6
              • Instruction Fuzzy Hash: 9211F3B5C107498FCB20DF9AD548B9EFBF5EF48320F10841AD819A7250D778A945CFA1
              Function 05A01894 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 305f2d34a4e0c906adb147633ab763c5220c1c2ebcad2da42dd8d02d976bbdf0
              • Instruction ID: 7e4a30a2471938f684f18a92f08f339291d30d6dd1bdbf519c9ff2b65c56b0f8
              • Opcode Fuzzy Hash: 305f2d34a4e0c906adb147633ab763c5220c1c2ebcad2da42dd8d02d976bbdf0
              • Instruction Fuzzy Hash: F01100B5C107088FCB20DF9AD548B9EFBF4EB48320F10841AD819A3340D774A9058FA1
              Function 05A01884 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5344f2753c95ed777b7c4d1e700d148ee4a5e3501da38e32181639589d7641fb
              • Instruction ID: fa568b23948c4b13710701b7f51c1c2dc7f73dfb671d4973d55c1a69f1acf4f2
              • Opcode Fuzzy Hash: 5344f2753c95ed777b7c4d1e700d148ee4a5e3501da38e32181639589d7641fb
              • Instruction Fuzzy Hash: 6A01D632B143146FDB14D7B9A854AAE7FEEDB85210F0484AAE409C3381EA209C0643A5
              Function 05A0F428 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 054caa191685856a3adcebfcbd6bed3bc9e75998a587d6daeb44831081d1bd9d
              • Instruction ID: bcb5ecc9c52d11ce297b14480d8de12a904df1750a7c004557a5f4828d5775a3
              • Opcode Fuzzy Hash: 054caa191685856a3adcebfcbd6bed3bc9e75998a587d6daeb44831081d1bd9d
              • Instruction Fuzzy Hash: F0112974E08208EFCB54DFA9D5809ADBBFAFF88310F10A195C919A7356D331AA44CF91
              Function 05A0BEBF Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 337a9e3e96deb5e7197355ad87db99de4196463c665a558565ddefc1189e0bf9
              • Instruction ID: 0f12cc975f45fa825f964bf544c9052c2fcb5f449649efd29eb6c7b11e8301d1
              • Opcode Fuzzy Hash: 337a9e3e96deb5e7197355ad87db99de4196463c665a558565ddefc1189e0bf9
              • Instruction Fuzzy Hash: 41018CB1A24419DBC714CB68E682EBEF362BF44305F006532E72AD72C5D370D9528BA5
              Function 05A0198A Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 270b110cb73143f5c577024c6011c5c7637c1b606da9e1c19f7e12d9e82155fe
              • Instruction ID: 5ad713b2ef653f7b44c49c102ba8eebad463f4b34327ca30d7b8a980f772dcb2
              • Opcode Fuzzy Hash: 270b110cb73143f5c577024c6011c5c7637c1b606da9e1c19f7e12d9e82155fe
              • Instruction Fuzzy Hash: B8118E70E102098FEF24DF75E954BED7AB2AF48344F546429D403AA2C0DB794984CBA5
              Function 05A03A34 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7356816d294b96a74771385635b2257b6f0bf2790214dd5f29fc32eb394a9e4d
              • Instruction ID: b3ea0367ddfb9333242c241456eb0b3707cd8356c0fa7cb7292ef7f1c92a98aa
              • Opcode Fuzzy Hash: 7356816d294b96a74771385635b2257b6f0bf2790214dd5f29fc32eb394a9e4d
              • Instruction Fuzzy Hash: 5D1122B58003488FDB20DF9AD445B9EFBF8EB48320F20841AD919A7240C379A944CFA5
              Function 05A03A08 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8af2f546b0de7fb1758f3d351fec2b98d659ebe8062d43404c97048b171dd7a
              • Instruction ID: 4f240577da393413fa6e54c076c05724afeaa176871e06fe8c48daccbba0dea6
              • Opcode Fuzzy Hash: a8af2f546b0de7fb1758f3d351fec2b98d659ebe8062d43404c97048b171dd7a
              • Instruction Fuzzy Hash: E51122B58003488FCB20DF9AD445B9EFBF4EB48320F10841AD919A7340C379A944CFA5
              Function 05A06E08 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef56584ca3efab38ca9d6613ce7c2991b6a943fd78f48cb3ba41dc45ef127cef
              • Instruction ID: 7a8dbd950c8c08799530ba01911a1d2844856dd45bbd04f753e2418a6e0c2aa3
              • Opcode Fuzzy Hash: ef56584ca3efab38ca9d6613ce7c2991b6a943fd78f48cb3ba41dc45ef127cef
              • Instruction Fuzzy Hash: 761139B0D0020DAFDB51EFA8C951A9EBBB1FB88300F1085AAD015EB250EB351A06DB91
              Function 05A03FB0 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 94f43acd96d1990f4eaffaa7ef0a7fa7705fc31246b2fca5d782db26cd9b64b3
              • Instruction ID: fbe9bd481f36f1184346a9a1994d8fdad070917e9e4dd4026182f0562ab53f6d
              • Opcode Fuzzy Hash: 94f43acd96d1990f4eaffaa7ef0a7fa7705fc31246b2fca5d782db26cd9b64b3
              • Instruction Fuzzy Hash: F411FEB9D003088FCB20DF99D585B9EBBF5AB48320F20841AD559A7750C379A945CFA5
              Function 0196D759 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1278758046.000000000196D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_196d000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d37f72d6b05ad80cf084ca97def4069ad1e48cb5fdbdfcc6c48a791e6f8654b9
              • Instruction ID: dd0fbbcad747f7bfec06d909f5dd96c2f523228e4c71bebbf42244e4fac1f236
              • Opcode Fuzzy Hash: d37f72d6b05ad80cf084ca97def4069ad1e48cb5fdbdfcc6c48a791e6f8654b9
              • Instruction Fuzzy Hash: 5F01F7B16043849EE7204A55CC84B66BFDCDF41626F18C85AED6D0A282C27D9840CAB3
              Function 05A0A799 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 296ee99e531e8672564cdbd2d63ffcdf531712e34b43a5f930c9da52c368aca7
              • Instruction ID: bc77937da8420eeed9f58c745b26c785281fae756c4cade46c25c97994e95652
              • Opcode Fuzzy Hash: 296ee99e531e8672564cdbd2d63ffcdf531712e34b43a5f930c9da52c368aca7
              • Instruction Fuzzy Hash: 2001F775C00308CBDF209F9AE808BEABBF6EB84311F14C01EE928A3280C7359415CFA1
              Function 05A06F3A Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5011a734b0b7927543ce04448bcc0b0c297f210aa9c42ff9a10507e73f4e6b39
              • Instruction ID: 2696ea3ae997376064e826e49abb121fa9706be324960e0c9a7a6cf6f18330a6
              • Opcode Fuzzy Hash: 5011a734b0b7927543ce04448bcc0b0c297f210aa9c42ff9a10507e73f4e6b39
              • Instruction Fuzzy Hash: F8F0B72281E3E05FE703A774A9746D67FB09E47654B0A45C3D0C4CF0A3D519895EC3AB
              Function 05A02F10 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba42e2c356c0bf553e68bbb1a620ac818f0dae7bf19b88d978ba367d9c22c299
              • Instruction ID: 1ffc638a75ee2f71627501e808faa6a72396b9406965539376ecd936d2e7e122
              • Opcode Fuzzy Hash: ba42e2c356c0bf553e68bbb1a620ac818f0dae7bf19b88d978ba367d9c22c299
              • Instruction Fuzzy Hash: 02F03675B101155B8F15E6A9AD94DFEBBBAABC8710B101429E506A73C0DA310E12CBD5
              Function 05A06E18 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f598314f62729e4a3154f047cedc56c02fbc2bce21bbeb9dfbf096b15372f70c
              • Instruction ID: d5bbe02f426730e48f3c045422454da2a380c3b27aaa052a0cbead09468030f1
              • Opcode Fuzzy Hash: f598314f62729e4a3154f047cedc56c02fbc2bce21bbeb9dfbf096b15372f70c
              • Instruction Fuzzy Hash: 68011E70D0020DEFDB50EFE8C951A9EBBB5FF88300F1085AAD415AB754EB351A45DB91
              Function 05A06EAF Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7f2e5b2a0f2b66c63a2d01bf62c941bdf357371f90727f61312fdc7ae491d7e
              • Instruction ID: 75506a307ef27988ee21eccabfc39c0c9378b732dc7b417a747d00aadae05669
              • Opcode Fuzzy Hash: c7f2e5b2a0f2b66c63a2d01bf62c941bdf357371f90727f61312fdc7ae491d7e
              • Instruction Fuzzy Hash: A8F0C235D0020E9FDB11EFA8D981EEDBFB2FF88304B0055A6D0019F2A0DA325E06CB91
              Function 05A043D0 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8aa33b7c252f65ad10136a73ccd707f52f23271163ec6cf5a1680390850020bd
              • Instruction ID: 5afcd0a853c64ba9cfed5dfa9671cc004087e309ef5ceed879261d3c680dfde1
              • Opcode Fuzzy Hash: 8aa33b7c252f65ad10136a73ccd707f52f23271163ec6cf5a1680390850020bd
              • Instruction Fuzzy Hash: 2DF0F632B043185FCB28AB75E44876E3FA6EBC4315F04486CE44AC7380DF34A905CB50
              Function 0196D758 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1278758046.000000000196D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0196D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_196d000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f240f40202696edcf850c16946b27028367689845dd82b8823ed8fd3966a710f
              • Instruction ID: 80602a603e209fb9f9db545c1187ac09587eaf373c97b7e381b44893575c48d0
              • Opcode Fuzzy Hash: f240f40202696edcf850c16946b27028367689845dd82b8823ed8fd3966a710f
              • Instruction Fuzzy Hash: 7EF062715043849EE7208E1ADD84B62FFECEF51635F18C55AED5C4A287C279A844CAB1
              Function 05A00837 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad99778ad2860650ed1a72125afcbf67842052d30e0a16c9e07cc65ef69a0700
              • Instruction ID: bc9fbaaa212a0c7abb4203155c339409cbe0f97eed171e7fb744180684416145
              • Opcode Fuzzy Hash: ad99778ad2860650ed1a72125afcbf67842052d30e0a16c9e07cc65ef69a0700
              • Instruction Fuzzy Hash: 3DF0A475E182059FCB15DB69E548B9EBFF5BF88310F09C0BAD86AD3281D73495048F81
              Function 05A09DEC Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f3e389a79acdb1790b9a573cae682c856b777f37e53942a2bd987fe5f556433f
              • Instruction ID: 8e0d399de6db5ae1f7fd7310a52a98587692bf1662039397b9ed4b72052e25b0
              • Opcode Fuzzy Hash: f3e389a79acdb1790b9a573cae682c856b777f37e53942a2bd987fe5f556433f
              • Instruction Fuzzy Hash: C6F0FE5581E3D01FD313673868756D67FB09D43618B1A45D7C0D08F4A3D405991EC3AB
              Function 05A043E0 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 673d7ba59421d53126606a003466891ebd9714b6b436422965c9f15fc36e23e9
              • Instruction ID: bc37edc66ff91ad74a14f1411bbab4df53ec3e84f3746d52ffded712fc95da08
              • Opcode Fuzzy Hash: 673d7ba59421d53126606a003466891ebd9714b6b436422965c9f15fc36e23e9
              • Instruction Fuzzy Hash: 8DF08231B043189FCB18AB75E45866E7FEBEBC4315B00886DE54687380CE35B905CB90
              Function 05A0A679 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2b822744ffbf110e119c6e4bbda328ddf2f083e34d4e7fd00ef346b8a564eb4
              • Instruction ID: c958a8d0224527e803812b887ae769582c3e4d6e80bc132dc55cd70e66206a04
              • Opcode Fuzzy Hash: d2b822744ffbf110e119c6e4bbda328ddf2f083e34d4e7fd00ef346b8a564eb4
              • Instruction Fuzzy Hash: A8F08231614209AFDF44DF94E945D9FBFBAEB88310F14906AE408D72A1EA31DE509B94
              Function 05A0B289 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d120e8fb2672f1387475da2b54ba29a682e321b1f1915f01a075a96f3fb6c09
              • Instruction ID: 64e06e3ba58f05bb96c811771b20e300b2be2481f29164086bb4aebdceca9cc3
              • Opcode Fuzzy Hash: 8d120e8fb2672f1387475da2b54ba29a682e321b1f1915f01a075a96f3fb6c09
              • Instruction Fuzzy Hash: 23F01DB0E14309AFDB14DFA9D542AAEBFF4FB08300F50886AE515E7240DB749500CFA1
              Function 05A00654 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 252f3aafb0d4cca850de4d1842ae5e0970d7e5150d1512b8fed65a7337e89047
              • Instruction ID: 3e5641029c3dd1367c1514732deb93093c0e179aab66087689af66b37a37b963
              • Opcode Fuzzy Hash: 252f3aafb0d4cca850de4d1842ae5e0970d7e5150d1512b8fed65a7337e89047
              • Instruction Fuzzy Hash: 78E09270614701AF9A349A66A88CD63BBAEFB84350740591AE94AC3690DA31FC0AC6A0
              Function 05A0B298 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24b797a67b374b7b6f8a3d9ef79ece1cf3fffd556b2eb0b1e4721ea7a9c18640
              • Instruction ID: 36ad3105e90c600696d36efb79e799a61139e115372b4f8dab433fc34c1750dc
              • Opcode Fuzzy Hash: 24b797a67b374b7b6f8a3d9ef79ece1cf3fffd556b2eb0b1e4721ea7a9c18640
              • Instruction Fuzzy Hash: C0F0DAB0D1420E9FDB54DFA9D941AAEBFF4FF48300F5085A9D918E7340DB7496008BA1
              Function 05A019E5 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b5e1ed74e8e58b27a1698dbf4bc629d230b4c8cb9f9e86ea92ab7cb09a58bf5c
              • Instruction ID: e658b67ed21de6d537b18001a5f9e48b41e79e5aee61ebe8672779ea58f52be0
              • Opcode Fuzzy Hash: b5e1ed74e8e58b27a1698dbf4bc629d230b4c8cb9f9e86ea92ab7cb09a58bf5c
              • Instruction Fuzzy Hash: FCF0B470A1030A8BEB18DF75E914BAE7AB2BF84340F40942DD007AA2C0DF744880CFA1
              Function 05A035B0 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 184fd0564a9d8a40295e4ebc38e5269060b43f5b4a48ce2f174d29905dba9d4b
              • Instruction ID: 5951f0bc8176c4410aa6b270e6c6a9d5e16f7872852cd46700cfe29f003fa6e9
              • Opcode Fuzzy Hash: 184fd0564a9d8a40295e4ebc38e5269060b43f5b4a48ce2f174d29905dba9d4b
              • Instruction Fuzzy Hash: EBE04F72F102142F9B08DABA9C40DEFBEEEDBC4290F50807AA408D3240FA309D018390
              Function 05A0BADB Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0861b433ff6b7675d1ced4dd9d08c3124ecc4010e23c229115e233584d8ccdf2
              • Instruction ID: eb6e26f57da38237768ba30622e86c1ffa690336f4a5d4ef58ed451bfad23ad7
              • Opcode Fuzzy Hash: 0861b433ff6b7675d1ced4dd9d08c3124ecc4010e23c229115e233584d8ccdf2
              • Instruction Fuzzy Hash: C0F0A234E0461C8FDB14EBE5C851A9EBBB2BFC4710B588559D84967358CB309C03CBA1
              Function 05A0B230 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a55d449895c3540b2fb5defe4b8fd88d00724fd746fd5266f603a3bbb1a4438e
              • Instruction ID: 34bec823729d43ef14385802740ba346f1b3e68b90dd8a27f6932fbca2849c04
              • Opcode Fuzzy Hash: a55d449895c3540b2fb5defe4b8fd88d00724fd746fd5266f603a3bbb1a4438e
              • Instruction Fuzzy Hash: 33F039B0D5420AEFDB40DF69E649B9EBFF0BF08204F1085A6D015E7211EB7086058FA5
              Function 05A0355E Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1046d9c9fa7e80f7eae681d1e01d4ee560686c942b4196c17d31da5efc40ac97
              • Instruction ID: 3710dd5a65dd842c5b0365c078daff25bbe91ce3c0513b88b9cf28a489ae9934
              • Opcode Fuzzy Hash: 1046d9c9fa7e80f7eae681d1e01d4ee560686c942b4196c17d31da5efc40ac97
              • Instruction Fuzzy Hash: F9E01A7596011DEECF109B91F504BEDBB71FB45317F205813E213B2990C7311584CAA1
              Function 05A00A0F Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e48efac752ed8ad1729f798f0463555ccab150bfe16357c94a23fff53fd450c
              • Instruction ID: 974499a3d2f177bc3515d208051d7c1343f2d4f6d6d10248bd04776363e4cf63
              • Opcode Fuzzy Hash: 4e48efac752ed8ad1729f798f0463555ccab150bfe16357c94a23fff53fd450c
              • Instruction Fuzzy Hash: EEE06D76B0010ADFFB10DFA0DA42A9C7BB5EB89200F6081B9880DA7241DA376E158B45
              Function 05A0918C Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9bb892db5f2c02cd2b5e3222fb42495e3906f06355c35470e47b03f496f2afd
              • Instruction ID: 54558b32052fcdaf6fecde52da5044f78fd2cf9e0a88c81bf8440f1f222a436e
              • Opcode Fuzzy Hash: e9bb892db5f2c02cd2b5e3222fb42495e3906f06355c35470e47b03f496f2afd
              • Instruction Fuzzy Hash: BFE0EC72D44128ABCB10EBE9AC094DFFF79EB09750B418116E919A7201D77146169BD1
              Function 05A00A20 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b8676a0b7127e4456cbad53e7de2ebc36bbef4db9b0a5b3ca13a1e645afa939
              • Instruction ID: 5c6d348ea7e39aaccad903233993cff7e7466a3c4849e1b058a541d3fe92ae67
              • Opcode Fuzzy Hash: 1b8676a0b7127e4456cbad53e7de2ebc36bbef4db9b0a5b3ca13a1e645afa939
              • Instruction Fuzzy Hash: 12E04F71B0020EEFFB10DFA1E60045CBBBDFB44204B5041A8D80C93200DA333E149B95
              Function 05A0B240 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aba481d6c887d93f5202a71a5afd0108e29b3f964178efe3a89e7921645d1e1b
              • Instruction ID: 677cbc7001e3308956526f8bc7eb4e1db6df67c3ccfcef808f8930341e3e8d2f
              • Opcode Fuzzy Hash: aba481d6c887d93f5202a71a5afd0108e29b3f964178efe3a89e7921645d1e1b
              • Instruction Fuzzy Hash: 8BE092B0D50209EFDB40EFA9DA45B5EBBF1BB08300F1185A9D019E7261E7B496058F99
              Function 05A01EFB Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0db9940afdb86ddb55d2f05b5e245388200b456f63839380fb157741d1f78d1c
              • Instruction ID: 908a9e25a22c298a3046355eb71703c58af03a951690be0769e6c703bd9c9cc6
              • Opcode Fuzzy Hash: 0db9940afdb86ddb55d2f05b5e245388200b456f63839380fb157741d1f78d1c
              • Instruction Fuzzy Hash: 3DD05E367002142F8B0566A5DC14EDABADEDB89250704486AE6068B360DD62DD1897D5
              Function 05A0E9E0 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7aa8904c50390a1e2aef87a0cce7564952d3c19e012568d4a670cc04bb983b35
              • Instruction ID: c8ae8135575b6a8581b31c5a3ee1bfb820dfd420cf92724026b3e3662cda3824
              • Opcode Fuzzy Hash: 7aa8904c50390a1e2aef87a0cce7564952d3c19e012568d4a670cc04bb983b35
              • Instruction Fuzzy Hash: BEE01270D1520CEFCF80EFB8D54A79CFBF8AB44301F1045AAC90593340E6315A50DB45
              Function 05A01F00 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3766100c02a5e1b31d1be9d5243cbf07a516aeba2e1d3deac5fb8bacb590a809
              • Instruction ID: 73cd904f913bbf8d93ef6ebce698aea188e384d0ccd1e97624751d079d0f207e
              • Opcode Fuzzy Hash: 3766100c02a5e1b31d1be9d5243cbf07a516aeba2e1d3deac5fb8bacb590a809
              • Instruction Fuzzy Hash: B2D0A7367002141FCB0577E59C14DDEBFDEDF8D250700446AD2068B260DD22CD1497D1
              Function 05A09198 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
              • Instruction ID: fa4fe15a0b405a61c4e8adce386e7223986c015e1f9f258acd664ad34ef52dc5
              • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
              • Instruction Fuzzy Hash: 3CD09E72D001399B8B10AFE99C094DFFF79EF05750B418126E915A7201D3715A21DBD1
              Function 05A0BE53 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8e927c97c97128d097c228d328c18ae729f0080e27dd8020d57e32ebde55f0f
              • Instruction ID: a53e1b45fd79573635cd2850e45529cfef5279d67b6040f0de4bb9d31e1626bf
              • Opcode Fuzzy Hash: e8e927c97c97128d097c228d328c18ae729f0080e27dd8020d57e32ebde55f0f
              • Instruction Fuzzy Hash: 33D0A7E161850ECFD75143A0E55BB683A5ABB48341F6C32B7D405C16C0CA1988428E36
              Function 05A014B8 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ab1c5f342d87f328439e731eaeccb63fed577fc127bf88f17859e4d0ec6a2a7
              • Instruction ID: d0cf9c705c7645ba068e83f21d4e7f7f9590bfc3e53c7c3cce4d8196b359561e
              • Opcode Fuzzy Hash: 4ab1c5f342d87f328439e731eaeccb63fed577fc127bf88f17859e4d0ec6a2a7
              • Instruction Fuzzy Hash: C4D0C972456114ABFE329F39EA8AF547F7AF302311F60A020E800D5A80C67D59CACE41
              Function 05A0B338 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86cbc1da715f7cd55e5367478b2ce5bcf211638b7e08520777f3155a7d3052d9
              • Instruction ID: 6b8e17a329912a333eef9cec7778851b9b7b0762ded72d7a771b9e3e6e6d103d
              • Opcode Fuzzy Hash: 86cbc1da715f7cd55e5367478b2ce5bcf211638b7e08520777f3155a7d3052d9
              • Instruction Fuzzy Hash: E6D0123626410C5F4B40EF95F901C577BDDBB14700700D422F944C7521EB21F424D751
              Function 05A03F80 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c24841b538e4999e9b6349b6ba3a27f45f0ac07930ffef2f66b6e9cd14cbd388
              • Instruction ID: 0520825df68ac3ac6302210f550c530a4b7fbd3f8cc7f2b5452b70f49fa7da92
              • Opcode Fuzzy Hash: c24841b538e4999e9b6349b6ba3a27f45f0ac07930ffef2f66b6e9cd14cbd388
              • Instruction Fuzzy Hash: F9D0C93626010C6E4B40EA94F805C527BEDBB147007409823E5048A020E622F424D751
              Function 05A01A58 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab824a7ba4e96e0e1c85e05e9425f65606b03ed58b5942d804d710288d7e8c47
              • Instruction ID: 62271503c0cc639e3785e17204d0273fb60b3203dfd946fb383b9116eba7c4af
              • Opcode Fuzzy Hash: ab824a7ba4e96e0e1c85e05e9425f65606b03ed58b5942d804d710288d7e8c47
              • Instruction Fuzzy Hash: 1EE0E274950209CFC700CFA8E899AEDBFB0EB0C314F20805AE002A72A0CB709844CF50
              Function 05A08BA8 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e029c43d4358051c9cbd87b9f1a60b5645bb9ff81513c28904254890e8748ed5
              • Instruction ID: c195e538d45a283b5b37dafdfc087207b859f1314ff4e9868a52b978add0de43
              • Opcode Fuzzy Hash: e029c43d4358051c9cbd87b9f1a60b5645bb9ff81513c28904254890e8748ed5
              • Instruction Fuzzy Hash: F2C02B3F1090005ECF00A784DA00FC8BBE0BF55B40F48E063D0088B030D621C03CEBA2
              Function 05A0A650 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65a34e7066bee9d4d56bf45fd526b840fce86bfecabe793d49a6eb79a9ab9b1d
              • Instruction ID: a8111984934756ee54f5b531f0afc6f7abf3fad217f728003320294d6c95291b
              • Opcode Fuzzy Hash: 65a34e7066bee9d4d56bf45fd526b840fce86bfecabe793d49a6eb79a9ab9b1d
              • Instruction Fuzzy Hash: D5B09B7B21430076D9205764B906F4AB7D16761F10F00D615D60603564AA348456D577
              Function 05A0DFE8 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95a8af8c912135172d8c8085a58bad5303e28fa2b9c2fd9080f1b1928476d6d3
              • Instruction ID: 8d3924f0d811cc6c6fc4a9f1dbb80c542615fd61526a6785ac3dbbe3c4312514
              • Opcode Fuzzy Hash: 95a8af8c912135172d8c8085a58bad5303e28fa2b9c2fd9080f1b1928476d6d3
              • Instruction Fuzzy Hash: 19C08C3300960887D3406794B60E3A833ACAB45312F440018D20A004908BFA6490CE55
              Function 05A09E2C Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 334ccc30ea8119eb924ad1c9ecb9d975cdeb9e3a6d9e2669baf6dd5cb15886a5
              • Instruction ID: a8607f19287cf5d4c5c7a8cf3afabe18094ac82a6917033667f5b9040f1a7bec
              • Opcode Fuzzy Hash: 334ccc30ea8119eb924ad1c9ecb9d975cdeb9e3a6d9e2669baf6dd5cb15886a5
              • Instruction Fuzzy Hash: 4CB012F9374340B7955566A06A8CF1BA962ABA1700F00FD223209050D0D460CC3AD11F

              Non-executed Functions

              Function 07DB2CC0 Relevance: .3, Instructions: 324COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab1b12534c271df81cdf108def111dcf58de1082f52e0cf905413bc673664601
              • Instruction ID: 7d401c526e4265e0c261db3eb0dcf4c18720b179b89ebe1a911ee1268d592902
              • Opcode Fuzzy Hash: ab1b12534c271df81cdf108def111dcf58de1082f52e0cf905413bc673664601
              • Instruction Fuzzy Hash: D6E106B4E002198FDB24DFA9C580AAEFBB2FF89304F648169D415AB355D735AD42CF60
              Function 05910040 Relevance: .3, Instructions: 315COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284081517.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5910000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b677bdaed5ab700ca65d686c0e9d8db3c113dfe54485857a98d395a6a26a895
              • Instruction ID: 79d04aee240e150313fcf466c62dd22b3bb766d6f886ffd2d58dba4217a8f2d6
              • Opcode Fuzzy Hash: 7b677bdaed5ab700ca65d686c0e9d8db3c113dfe54485857a98d395a6a26a895
              • Instruction Fuzzy Hash: 2112A8F04227458AE310CF65E95E2993FB1BB41358FD06329EAA11F2E5DFB8254ACF44
              Function 07DB47B0 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c3eddc87d4f454974d45e642f333e8df2eff33a18ffdac2045616b93aa42923c
              • Instruction ID: 4bf98aed9954d773ffdb20cef058b8efdbb8223a3b19be001a3de7510118a65b
              • Opcode Fuzzy Hash: c3eddc87d4f454974d45e642f333e8df2eff33a18ffdac2045616b93aa42923c
              • Instruction Fuzzy Hash: 9EE118B4E002598FDB24DFA9C680AAEFBB2FF89304F248169D415A7356D735AD41CF60
              Function 07DB5598 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b9f91731c0cefbe904db0610ebf50e611505c197deb937e04e6543c56147480
              • Instruction ID: 6ba8d6711ce273f6cce4a1e26e5b28e6ab4a7abae9696571584747ca8dcd90b3
              • Opcode Fuzzy Hash: 2b9f91731c0cefbe904db0610ebf50e611505c197deb937e04e6543c56147480
              • Instruction Fuzzy Hash: 52E1F7B4E00219CBDB24DFA8D680AAEFBB2FF89304F248169D455A7355D7359E41CF60
              Function 07DB5160 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af6223e191cf50757d0a64234372accebb668d063454f9bdf0793ad955e17e25
              • Instruction ID: 10763201aeff007a4c87428c62dfee513de0071f8e07e6c67e01c1edef294ff1
              • Opcode Fuzzy Hash: af6223e191cf50757d0a64234372accebb668d063454f9bdf0793ad955e17e25
              • Instruction Fuzzy Hash: DAE106B4E002198FDB24DFA8D580AAEFBF2FB89304F648169D415AB355D735AD42CF60
              Function 07DB3108 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c8cf5a634d1e3d73b48c79c42e51c7a75bfebbe33407eaca153dad52803664d
              • Instruction ID: b292bebc380c215949fe587b24ae64d0bf5a187c4cf4fcc64017b92fb49cd924
              • Opcode Fuzzy Hash: 3c8cf5a634d1e3d73b48c79c42e51c7a75bfebbe33407eaca153dad52803664d
              • Instruction Fuzzy Hash: 57E1E4B4E002198BDB24DFA9C680AAEFBF2FB89300F648169D455AB355D735AD41CF60
              Function 05A09838 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f9a9a3a711c795abe35a6f8e25ddbcfe201a2e44b64448fc37d72eb6938d96e
              • Instruction ID: dfb87f33263ecdaaa507e9e5639044349ff98ca5cfced0376ea2738db8a0a095
              • Opcode Fuzzy Hash: 3f9a9a3a711c795abe35a6f8e25ddbcfe201a2e44b64448fc37d72eb6938d96e
              • Instruction Fuzzy Hash: ABD12435D10B5A8ACB11EF64D994B99F7B1FF96300F61C79AD0093B214EB706AC8CB91
              Function 05A09848 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284160355.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5a00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3625fb7aeaacec8fe1e62632878f45b7f7cab0ea1ecbcc5da3dd5f247c9e56cf
              • Instruction ID: b976edcdbb044f690d3f87c4ba5a74978db18bb0bd14a6149b3066839728daa2
              • Opcode Fuzzy Hash: 3625fb7aeaacec8fe1e62632878f45b7f7cab0ea1ecbcc5da3dd5f247c9e56cf
              • Instruction Fuzzy Hash: 63D11535D1075A8ADB10EF64D994B99F7B1FF96300F61C79AD0093B214EB706AC8CB91
              Function 01B0D55C Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1279350504.0000000001B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_1b00000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6272a41d41c1793b22849ba3b0e543e19a14407e67b8bb7d37df84a413973157
              • Instruction ID: 0746c908f6ae2284f2a42fdda4ab3a89ed67a38d2d24541714a0f17467549f0d
              • Opcode Fuzzy Hash: 6272a41d41c1793b22849ba3b0e543e19a14407e67b8bb7d37df84a413973157
              • Instruction Fuzzy Hash: 20A14F32F102168FCF1ADFB5C8405AEBBB2FF85300B1585ADE905AB2A1DB31E915CB40
              Function 05910006 Relevance: .2, Instructions: 232COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1284081517.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_5910000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 457e1bb91ec9ac98a359223266a9820bb450872401bc28a6dcd7faeeb019c38e
              • Instruction ID: 5a774036086e0000e3cfcb68862254683262c4dd196231d5d8a10c7e77de4d6d
              • Opcode Fuzzy Hash: 457e1bb91ec9ac98a359223266a9820bb450872401bc28a6dcd7faeeb019c38e
              • Instruction Fuzzy Hash: F5C129B18227458BD710CF24E85A2A97FB1FB85314F906329FA616F2D1DFB8254ACF44
              Function 07DB514F Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1286451343.0000000007DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7db0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5bd400f23ad808c872aecf22f5f46750478853a99a28146c00b88c8c2e982d80
              • Instruction ID: 726c397d3002da66895ef617499d786bb4dfc5bb87312c9f9b37d5221191514f
              • Opcode Fuzzy Hash: 5bd400f23ad808c872aecf22f5f46750478853a99a28146c00b88c8c2e982d80
              • Instruction Fuzzy Hash: FA5118B0E012198FDB14CFA9D5805AEFBF2BF8A210F24816AD419A7355D7359E42CF61

              Execution Graph

              Execution Coverage:0.8%
              Dynamic/Decrypted Code Coverage:4.5%
              Signature Coverage:4.5%
              Total number of Nodes:112
              Total number of Limit Nodes:11
              execution_graph 93988 42f5c3 93989 42f533 93988->93989 93993 42f590 93989->93993 93994 42e3b3 93989->93994 93991 42f56d 93997 42e2d3 93991->93997 94000 42c563 93994->94000 93996 42e3ce 93996->93991 94003 42c5b3 93997->94003 93999 42e2ec 93999->93993 94001 42c57d 94000->94001 94002 42c58e RtlAllocateHeap 94001->94002 94002->93996 94004 42c5cd 94003->94004 94005 42c5de RtlFreeHeap 94004->94005 94005->93999 94006 42b823 94007 42b83d 94006->94007 94010 1662df0 LdrInitializeThunk 94007->94010 94008 42b865 94010->94008 94011 4249a3 94016 4249bc 94011->94016 94012 424a4c 94013 424a04 94014 42e2d3 RtlFreeHeap 94013->94014 94015 424a14 94014->94015 94016->94012 94016->94013 94017 424a47 94016->94017 94018 42e2d3 RtlFreeHeap 94017->94018 94018->94012 94033 42f873 94035 42f899 94033->94035 94034 42f8eb 94035->94034 94038 429733 94035->94038 94037 42f940 94039 429791 94038->94039 94041 4297a5 94039->94041 94042 417473 94039->94042 94041->94037 94043 41744d 94042->94043 94046 417480 94042->94046 94044 417453 LdrLoadDll 94043->94044 94045 41746a 94043->94045 94044->94045 94045->94041 94046->94041 94047 424613 94048 42462f 94047->94048 94049 424657 94048->94049 94050 42466b 94048->94050 94051 42c233 NtClose 94049->94051 94052 42c233 NtClose 94050->94052 94053 424660 94051->94053 94054 424674 94052->94054 94057 42e3f3 RtlAllocateHeap 94054->94057 94056 42467f 94057->94056 94058 42f493 94059 42f4a3 94058->94059 94060 42f4a9 94058->94060 94061 42e3b3 RtlAllocateHeap 94060->94061 94062 42f4cf 94061->94062 94063 401bd3 94064 401bed 94063->94064 94064->94064 94067 42f963 94064->94067 94070 42de83 94067->94070 94071 42dea9 94070->94071 94080 407433 94071->94080 94073 42debf 94079 401d29 94073->94079 94083 41ad33 94073->94083 94075 42dede 94076 42c603 ExitProcess 94075->94076 94077 42def3 94075->94077 94076->94077 94094 42c603 94077->94094 94097 4160b3 94080->94097 94082 407440 94082->94073 94084 41ad5f 94083->94084 94115 41ac23 94084->94115 94087 41ada4 94090 41adc0 94087->94090 94092 42c233 NtClose 94087->94092 94088 41ad8c 94089 41ad97 94088->94089 94091 42c233 NtClose 94088->94091 94089->94075 94090->94075 94091->94089 94093 41adb6 94092->94093 94093->94075 94095 42c620 94094->94095 94096 42c62e ExitProcess 94095->94096 94096->94079 94098 4160d0 94097->94098 94100 4160e9 94098->94100 94101 42cc83 94098->94101 94100->94082 94103 42cc9d 94101->94103 94102 42cccc 94102->94100 94103->94102 94108 42b873 94103->94108 94106 42e2d3 RtlFreeHeap 94107 42cd42 94106->94107 94107->94100 94109 42b890 94108->94109 94112 1662c0a 94109->94112 94110 42b8bc 94110->94106 94113 1662c1f LdrInitializeThunk 94112->94113 94114 1662c11 94112->94114 94113->94110 94114->94110 94116 41ad19 94115->94116 94117 41ac3d 94115->94117 94116->94087 94116->94088 94121 42b913 94117->94121 94120 42c233 NtClose 94120->94116 94122 42b92d 94121->94122 94125 16635c0 LdrInitializeThunk 94122->94125 94123 41ad0d 94123->94120 94125->94123 94019 4241a4 94020 4241c5 94019->94020 94021 4241e3 94020->94021 94022 4241f8 94020->94022 94023 42c233 NtClose 94021->94023 94030 42c233 94022->94030 94025 4241ec 94023->94025 94026 424201 94027 424238 94026->94027 94028 42e2d3 RtlFreeHeap 94026->94028 94029 42422c 94028->94029 94031 42c250 94030->94031 94032 42c261 NtClose 94031->94032 94032->94026

              Executed Functions

              Function 004173F3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 85 4173f3-41740f 86 417417-41741c 85->86 87 417412 call 42efd3 85->87 88 417422-417430 call 42f5d3 86->88 89 41741e-417421 86->89 87->86 92 417440-417451 call 42d953 88->92 93 417432-41743d call 42f873 88->93 98 417453-417467 LdrLoadDll 92->98 99 41746a-41746d 92->99 93->92 98->99
              APIs
              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417465
              Memory Dump Source
              • Source File: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_400000_ungziped_file.jbxd
              Yara matches
              Similarity
              • API ID: Load
              • String ID:
              • API String ID: 2234796835-0
              • Opcode ID: 93b88033a21437db9dc92cbd3b34bdb9103027bdc71e498d04d4d7d2c72e8559
              • Instruction ID: ba2ddda801bd31e9fc7632f61f76a761183fc2457e7a81671b3944adb9a23a5b
              • Opcode Fuzzy Hash: 93b88033a21437db9dc92cbd3b34bdb9103027bdc71e498d04d4d7d2c72e8559
              • Instruction Fuzzy Hash: 63011EB5E4020DBBDF10DAE5DC42FDEB7789B54308F4081AAE90897241F635EB588B95
              Function 0042C233 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 105 42c233-42c26f call 404873 call 42d463 NtClose
              APIs
              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C26A
              Memory Dump Source
              • Source File: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_400000_ungziped_file.jbxd
              Yara matches
              Similarity
              • API ID: Close
              • String ID:
              • API String ID: 3535843008-0
              • Opcode ID: d34717f4a36b5f150a217ee4fd0d150cc2ffcf9910de2de1d2be4e458a2be104
              • Instruction ID: af061d661d4ca5ad4c5e34049319f4e3dd13890f077d2abe99b8086de87fc5d3
              • Opcode Fuzzy Hash: d34717f4a36b5f150a217ee4fd0d150cc2ffcf9910de2de1d2be4e458a2be104
              • Instruction Fuzzy Hash: 87E086362502547BD120FA5ADC41F97775CDFC5714F00442AFA1867142C675B90087F4
              Function 01662DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 120 1662df0-1662dfc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: b1275f5b4134a9eabfff8456f208cd0bd0f5a29d9aba5dd2adebfcf7deae027b
              • Instruction ID: 01099398d30b42247e3df16b17c272a8bb82719c0f9b863466386cdee242d7ec
              • Opcode Fuzzy Hash: b1275f5b4134a9eabfff8456f208cd0bd0f5a29d9aba5dd2adebfcf7deae027b
              • Instruction Fuzzy Hash: AB90023120140413D11175584908707000D97D0241F95C522A4424658ED6568E52A221
              Function 01662C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 119 1662c70-1662c7c LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 7ca7b8c27e3b85ab1a0cfbbc4a53b0f63c82ae3d7ca6e55d84049a62e1547f0c
              • Instruction ID: 8973fd18af62722bdd88b5a23aa77d3e606dfabfa1f0fd2dadebea27c8fbdbdc
              • Opcode Fuzzy Hash: 7ca7b8c27e3b85ab1a0cfbbc4a53b0f63c82ae3d7ca6e55d84049a62e1547f0c
              • Instruction Fuzzy Hash: F190023120148802D1107558880874B000997D0301F59C521A8424758EC6958D917221
              Function 016635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 121 16635c0-16635cc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 04ff427de91c0fb5ebcc53651d1404b52c0799689a0536d554b0d86fe7b9cbb2
              • Instruction ID: adcc88ee3b730a4b697f022d5ec0c7c6909c62dee0de702fd0d024830faa3541
              • Opcode Fuzzy Hash: 04ff427de91c0fb5ebcc53651d1404b52c0799689a0536d554b0d86fe7b9cbb2
              • Instruction Fuzzy Hash: 1690023160550402D10075584918707100997D0201F65C521A4424668EC7958E5166A2
              Function 0042C5B3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 42c5b3-42c5f4 call 404873 call 42d463 RtlFreeHeap
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C5EF
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_400000_ungziped_file.jbxd
              Yara matches
              Similarity
              • API ID: FreeHeap
              • String ID: DaA
              • API String ID: 3298025750-4126136302
              • Opcode ID: 2f2ad5a4e16ef9b9c315b330ef5dbf311d87e4253d5804bad18b26006209cdb3
              • Instruction ID: f728faa8a7b82506071f14cba68326dbefe122abed845c42b06b77b8215292d4
              • Opcode Fuzzy Hash: 2f2ad5a4e16ef9b9c315b330ef5dbf311d87e4253d5804bad18b26006209cdb3
              • Instruction Fuzzy Hash: 53E06D762002047BD614EE59EC41EAB33ACDFC5714F00441AFA08A7242C770B9108BB8
              Function 004173E6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417465
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_400000_ungziped_file.jbxd
              Yara matches
              Similarity
              • API ID: Load
              • String ID: U
              • API String ID: 2234796835-3372436214
              • Opcode ID: 46df88abd525dfffa8cad3483247f70efbc75388db73cca85fcfaa7512a0af03
              • Instruction ID: daa38958c436e9b4723879e3afad010fc58bef413d28c92e50e401a0f2040ddd
              • Opcode Fuzzy Hash: 46df88abd525dfffa8cad3483247f70efbc75388db73cca85fcfaa7512a0af03
              • Instruction Fuzzy Hash: 46E02B71E0810D67CB10DAE0AC45ADABB789B80314F0083EEEE5C87240F23086548BC2
              Function 00417473 Relevance: 1.6, APIs: 1, Instructions: 107libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 66 417473-41747e 67 417480-417482 66->67 68 41744d-417451 66->68 71 417484-4174ca 67->71 72 4174fb 67->72 69 417453-417467 LdrLoadDll 68->69 70 41746a-41746d 68->70 69->70 76 4174cc 71->76 77 41752e-41753a 71->77 73 4174fd 72->73 73->73 75 4174ff-417506 73->75 78 4174f6-4174f7 75->78 79 417508-417513 75->79 80 41753e-417551 76->80 81 4174ce-4174db 76->81 77->80 78->72 82 417515-417523 79->82 81->82
              APIs
              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417465
              Memory Dump Source
              • Source File: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_400000_ungziped_file.jbxd
              Yara matches
              Similarity
              • API ID: Load
              • String ID:
              • API String ID: 2234796835-0
              • Opcode ID: 477a477a4b0ca210578977906436348ea6d946bc35c4576dd38ea31edbc8e622
              • Instruction ID: 5af2aebf1cc6a5d35acf9f0b8578844e3aa83b2cc9b0a72eccc24dc0ab32b3f4
              • Opcode Fuzzy Hash: 477a477a4b0ca210578977906436348ea6d946bc35c4576dd38ea31edbc8e622
              • Instruction Fuzzy Hash: 8F31FE35508249AFCB01DB7DDC80BDABFB9FF537A0B140399D9818B292E629584287C6
              Function 0042C563 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 100 42c563-42c5a4 call 404873 call 42d463 RtlAllocateHeap
              APIs
              • RtlAllocateHeap.NTDLL(?,0041E1DB,?,?,00000000,?,0041E1DB,?,?,?), ref: 0042C59F
              Memory Dump Source
              • Source File: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_400000_ungziped_file.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 3049b646a2d1d89566495b46972c5cb9ef99f997db5504952717e7d06d9d7052
              • Instruction ID: b2fb6c81fc8a2a319a424fc76a5786d8ebba0f71c9c3e5aab3d7719a0aa7f020
              • Opcode Fuzzy Hash: 3049b646a2d1d89566495b46972c5cb9ef99f997db5504952717e7d06d9d7052
              • Instruction Fuzzy Hash: 74E092723042147BD610EF59EC85FAB37ADDFC9714F00441AFE08A7281C670B9108BB8
              Function 0042C603 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 110 42c603-42c63c call 404873 call 42d463 ExitProcess
              APIs
              Memory Dump Source
              • Source File: 0000000A.00000002.1637721060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_400000_ungziped_file.jbxd
              Yara matches
              Similarity
              • API ID: ExitProcess
              • String ID:
              • API String ID: 621844428-0
              • Opcode ID: 75d27c48131f5ecebb5a6f25743a4bbbc7b70e86f09f77d791c5466d873e239f
              • Instruction ID: 9e192509e47dd0a9a655296c1fbd8cebd03dccac08c51497db3675996a667ef4
              • Opcode Fuzzy Hash: 75d27c48131f5ecebb5a6f25743a4bbbc7b70e86f09f77d791c5466d873e239f
              • Instruction Fuzzy Hash: C3E04F762002547BD110BB5ADC41E9B77ACDBC5714F40842AFA0967142D771B91487E4
              Function 01662C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 115 1662c0a-1662c0f 116 1662c11-1662c18 115->116 117 1662c1f-1662c26 LdrInitializeThunk 115->117
              APIs
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 3364a28f73ae512255cba0dc6375d1e624772231679d2937612495fb76eb69cd
              • Instruction ID: ed04d65438d043016408d079d6d25e8f8396ab6dfcbe044dfe025994d13a91ed
              • Opcode Fuzzy Hash: 3364a28f73ae512255cba0dc6375d1e624772231679d2937612495fb76eb69cd
              • Instruction Fuzzy Hash: 16B09B719015C5C9DB51F7644E0C717790477D0701F15C175D6030751F4738C5D1E275

              Non-executed Functions

              Function 016A2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2160512332
              • Opcode ID: 6a1b77d8a0e9f5eaa33adff1ad6c1bb7629a9ba4623dd4ca4095750ed92191e9
              • Instruction ID: 2eed2a66f7b874528d3001fed460f260983ad90ae624c5de66e018a8a2708a28
              • Opcode Fuzzy Hash: 6a1b77d8a0e9f5eaa33adff1ad6c1bb7629a9ba4623dd4ca4095750ed92191e9
              • Instruction Fuzzy Hash: A6929971688342ABE721CE28CC90B6BBBE9BB84754F44482DFA9597351D770EC44CF92
              Function 01658620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
              Download Yara Rule
              Strings
              • Address of the debug info found in the active list., xrefs: 016954AE, 016954FA
              • double initialized or corrupted critical section, xrefs: 01695508
              • Thread identifier, xrefs: 0169553A
              • Critical section address., xrefs: 01695502
              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016954E2
              • Critical section address, xrefs: 01695425, 016954BC, 01695534
              • Thread is in a state in which it cannot own a critical section, xrefs: 01695543
              • Invalid debug info address of this critical section, xrefs: 016954B6
              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0169540A, 01695496, 01695519
              • corrupted critical section, xrefs: 016954C2
              • undeleted critical section in freed memory, xrefs: 0169542B
              • 8, xrefs: 016952E3
              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016954CE
              • Critical section debug info address, xrefs: 0169541F, 0169552E
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
              • API String ID: 0-2368682639
              • Opcode ID: 785699c228474fffb78364bc0ea53687cf395abe7ddca3b1f73f3c538e3d8995
              • Instruction ID: 8994ba9d461c7da84f86bb1280a13b37959cc491b21b28ff538c93cd1f6d9a25
              • Opcode Fuzzy Hash: 785699c228474fffb78364bc0ea53687cf395abe7ddca3b1f73f3c538e3d8995
              • Instruction Fuzzy Hash: A0819AB1E01358AFDF26CF99CC41BAEBBB9EB48710F10415AF506B7681D3B5A941CB60
              Function 016529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
              Download Yara Rule
              Strings
              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01692498
              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01692506
              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01692412
              • @, xrefs: 0169259B
              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016924C0
              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01692602
              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01692624
              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016922E4
              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016925EB
              • RtlpResolveAssemblyStorageMapEntry, xrefs: 0169261F
              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01692409
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
              • API String ID: 0-4009184096
              • Opcode ID: 0addbda2fce9b074ce08ffa26b08aed430abe3267155031481cd85fbcb12e3a9
              • Instruction ID: 50477a5b079f1cc7fdc7de9d36a4a02eaa918015fe78191584f7f5ff1be26f50
              • Opcode Fuzzy Hash: 0addbda2fce9b074ce08ffa26b08aed430abe3267155031481cd85fbcb12e3a9
              • Instruction Fuzzy Hash: 480271F1D002299BDF61DB54CC90BDAB7B8AF54704F4041DEEA49A7242DB30AE85CF99
              Function 016C8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
              • API String ID: 0-2515994595
              • Opcode ID: 1e2792530a14b62722e5c21aabb334c1ab2bbd3273eecfb7868f395b19370922
              • Instruction ID: 4dd67992774c87bca94494996c5272a7ec8608ba93582e4e971314c33fae4315
              • Opcode Fuzzy Hash: 1e2792530a14b62722e5c21aabb334c1ab2bbd3273eecfb7868f395b19370922
              • Instruction Fuzzy Hash: 3151AD725143119BD335DF188C44BBBBBECFF98A50F14491DEA9987241E770E605CB92
              Function 016D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
              • API String ID: 0-1700792311
              • Opcode ID: eaa1250881261e6ac580c6a5e7dd4f10aa2a52c2d8dfec4e771cb6ba0057a6fd
              • Instruction ID: 44ac22dbe00aefd5692c418cb075a0d912af376f58072904bc4d210b271a25ea
              • Opcode Fuzzy Hash: eaa1250881261e6ac580c6a5e7dd4f10aa2a52c2d8dfec4e771cb6ba0057a6fd
              • Instruction Fuzzy Hash: 61D1DD35A10686DFDB22DF68C840AADBBF2FF5A720F18805DF9469B352C7749941CB14
              Function 016A89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
              Download Yara Rule
              Strings
              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 016A8A3D
              • AVRF: -*- final list of providers -*- , xrefs: 016A8B8F
              • HandleTraces, xrefs: 016A8C8F
              • VerifierDlls, xrefs: 016A8CBD
              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 016A8A67
              • VerifierDebug, xrefs: 016A8CA5
              • VerifierFlags, xrefs: 016A8C50
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
              • API String ID: 0-3223716464
              • Opcode ID: f9b51af734a1837f3bee85562cc6d9e22a31951cf80dc929e7e67eff0eabbdda
              • Instruction ID: 48a7302cf29a48ba59118e43c03b7e11610c999f4981a013c636d59cef2a29e5
              • Opcode Fuzzy Hash: f9b51af734a1837f3bee85562cc6d9e22a31951cf80dc929e7e67eff0eabbdda
              • Instruction Fuzzy Hash: 539156B2645302AFD326EF6CCC90B5BBBE9AB95724F84445CFA426B240C7709D01CF99
              Function 0162EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
              • API String ID: 0-1109411897
              • Opcode ID: c87df16f2d5bc6dcf328cde2503ac8bd939076eb9ee8a62d6f6b08de7d8c4ff4
              • Instruction ID: ca223d25dbfd55ba54ec9ab47de6604b1d76a6f0ea5fd593dedacc73472a330f
              • Opcode Fuzzy Hash: c87df16f2d5bc6dcf328cde2503ac8bd939076eb9ee8a62d6f6b08de7d8c4ff4
              • Instruction Fuzzy Hash: 5FA24974A05A2A8FDB64DF19CC987A9BBB5EF45304F2442E9D90DA7390DB319E81CF40
              Function 016563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
              • API String ID: 0-792281065
              • Opcode ID: 76746f02d1e4142bd119b802e9892be6deebcaa499b140034f286a70b4244438
              • Instruction ID: ee014a96e8cb5ad270e7316f341e71a211a805a4ece796aca13e4a4a7b885772
              • Opcode Fuzzy Hash: 76746f02d1e4142bd119b802e9892be6deebcaa499b140034f286a70b4244438
              • Instruction Fuzzy Hash: EC914770B013129BDF39DF58DD94BAA7BAABF41B34F40816CE9016B385DB709842C794
              Function 0161645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
              Download Yara Rule
              Strings
              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01679A01
              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 016799ED
              • LdrpInitShimEngine, xrefs: 016799F4, 01679A07, 01679A30
              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01679A2A
              • apphelp.dll, xrefs: 01616496
              • minkernel\ntdll\ldrinit.c, xrefs: 01679A11, 01679A3A
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-204845295
              • Opcode ID: 6b0ef37530f6adfc620fb89a308784897d54a279798f9c43636cc4b5a65f56a2
              • Instruction ID: 0f85633c8adf0777c03b097af34fc3bb54f5bc783f4fe9970db0082ec51c0e7b
              • Opcode Fuzzy Hash: 6b0ef37530f6adfc620fb89a308784897d54a279798f9c43636cc4b5a65f56a2
              • Instruction Fuzzy Hash: 0C51E1712083019FE725EF28CC91A6B77E9FF84768F04491DE985972A4DB70E944CB92
              Function 01652674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01692180
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 016921BF
              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01692178
              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0169219F
              • RtlGetAssemblyStorageRoot, xrefs: 01692160, 0169219A, 016921BA
              • SXS: %s() passed the empty activation context, xrefs: 01692165
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
              • API String ID: 0-861424205
              • Opcode ID: 59eac647a97c6b4e53b377dfeef0ddf3e1ea80861bcce05535e163657380da44
              • Instruction ID: d0f60609bb4faeeeca29bbf3fd6feee4ca54ba8b4a4ed42a1b9f5ef82192c684
              • Opcode Fuzzy Hash: 59eac647a97c6b4e53b377dfeef0ddf3e1ea80861bcce05535e163657380da44
              • Instruction Fuzzy Hash: 6A314876F00215B7EB22CA998CA1F6B7B7DEB65A41F05406DFF0567240D370AE01C7A1
              Function 0165C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrredirect.c, xrefs: 01698181, 016981F5
              • Unable to build import redirection Table, Status = 0x%x, xrefs: 016981E5
              • LdrpInitializeImportRedirection, xrefs: 01698177, 016981EB
              • Loading import redirection DLL: '%wZ', xrefs: 01698170
              • minkernel\ntdll\ldrinit.c, xrefs: 0165C6C3
              • LdrpInitializeProcess, xrefs: 0165C6C4
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-475462383
              • Opcode ID: a62e0cc2a47c144a0a07605006b1bb50714e6c1289969970553d058225b94282
              • Instruction ID: 86a7cd99d0e35456778b4412876b222dd92d98a3d03b9a3a3e2442e0d9cd26ad
              • Opcode Fuzzy Hash: a62e0cc2a47c144a0a07605006b1bb50714e6c1289969970553d058225b94282
              • Instruction Fuzzy Hash: E13122B1644306AFD325EF28DC46E2A779AFF95B20F04055CFD45AB391E660EC04C7A6
              Function 0166096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 01662DF0: LdrInitializeThunk.NTDLL ref: 01662DFA
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01660BA3
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01660BB6
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01660D60
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01660D74
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
              • String ID:
              • API String ID: 1404860816-0
              • Opcode ID: 54ab76e53b756ff0c69347b5fd065d88283ce04f789416c4a663d725021a018b
              • Instruction ID: c78c349a46ba9bf35a2b814d350ceb4eaf3a89747f25f847d5e7a9a69c508312
              • Opcode Fuzzy Hash: 54ab76e53b756ff0c69347b5fd065d88283ce04f789416c4a663d725021a018b
              • Instruction Fuzzy Hash: B54239759007159FDB21CF68CC80BAAB7F9BF44314F1445AEE989AB241E770AA85CF60
              Function 0162A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
              • API String ID: 0-379654539
              • Opcode ID: d6ac719d08df932bdebf4407be4bb1339b50a361af7dd5e244537080d4afe990
              • Instruction ID: aed819404688b28ebe655d5509301966b87b0f45c0d30406147a4eaba5da056d
              • Opcode Fuzzy Hash: d6ac719d08df932bdebf4407be4bb1339b50a361af7dd5e244537080d4afe990
              • Instruction Fuzzy Hash: 2DC1AA701087928FD721DF98C940B6AB7E5BF84304F04896EF9859BB50E3B4C94ACF56
              Function 01658402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
              Download Yara Rule
              Strings
              • @, xrefs: 01658591
              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0165855E
              • LdrpInitializeProcess, xrefs: 01658422
              • minkernel\ntdll\ldrinit.c, xrefs: 01658421
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1918872054
              • Opcode ID: 58a84b655b1941d5020dfb45a1f7e6595ea3914ed03924f843ccdf691801fff3
              • Instruction ID: bf41b6cf54e710b9422abd702caced4621730166137709d462cb4f86abc11382
              • Opcode Fuzzy Hash: 58a84b655b1941d5020dfb45a1f7e6595ea3914ed03924f843ccdf691801fff3
              • Instruction Fuzzy Hash: EA918B71508345AFDB62DE26CC80FABBAEDFB84658F40092EFA8597151E730D904CB66
              Function 0165273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
              Download Yara Rule
              Strings
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 016922B6
              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 016921D9, 016922B1
              • SXS: %s() passed the empty activation context, xrefs: 016921DE
              • .Local, xrefs: 016528D8
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
              • API String ID: 0-1239276146
              • Opcode ID: 62fbe577a47a232008a4b40a400e99d60e07e2eebbe461fe5b26a615b513df84
              • Instruction ID: 5610cc46abf0adac761209916e87baae62c08676d06807df2b3dd488d4dfc894
              • Opcode Fuzzy Hash: 62fbe577a47a232008a4b40a400e99d60e07e2eebbe461fe5b26a615b513df84
              • Instruction Fuzzy Hash: 3EA1AB3190022ADBDB25CF69CCA4BA9B7B5BF58314F2541EED908AB351D7309E81CF94
              Function 01654AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
              Download Yara Rule
              Strings
              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01693456
              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01693437
              • RtlDeactivateActivationContext, xrefs: 01693425, 01693432, 01693451
              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0169342A
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
              • API String ID: 0-1245972979
              • Opcode ID: e86505092a15415f339113dbc1dbec13886568171b959fcc1cadec25279be02b
              • Instruction ID: 8f27eb32b89c90019a09e2e3507a3fe30ddc4edda30106afc0811d7b089b81bc
              • Opcode Fuzzy Hash: e86505092a15415f339113dbc1dbec13886568171b959fcc1cadec25279be02b
              • Instruction Fuzzy Hash: FA6103366457129BDB228F2CCC45B2AB7E9AF80B50F15855DEC959B380EB30EC41CB95
              Function 016264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
              Download Yara Rule
              Strings
              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0168106B
              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01680FE5
              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016810AE
              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01681028
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
              • API String ID: 0-1468400865
              • Opcode ID: b55b768a4b7ec658d20f6fa5320b1ee5503e9af56e38f90c03838528ffb51759
              • Instruction ID: fedcaebce959fc9dfa20b889862cad424169a113520badcce46f3cd6198fce6e
              • Opcode Fuzzy Hash: b55b768a4b7ec658d20f6fa5320b1ee5503e9af56e38f90c03838528ffb51759
              • Instruction Fuzzy Hash: 6C71DAB1904315AFCB21EF18CC84B9B7BA9AB95764F00446CFD498B24AD734D589CFD2
              Function 0164245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
              Download Yara Rule
              Strings
              • LdrpDynamicShimModule, xrefs: 0168A998
              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0168A992
              • apphelp.dll, xrefs: 01642462
              • minkernel\ntdll\ldrinit.c, xrefs: 0168A9A2
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-176724104
              • Opcode ID: 40766f0747439a1d03b1a75d812afa49a3d9dbf286935927c574667ea479df9a
              • Instruction ID: ebab9575c0d7abab44d41c2f6418a22a26c7f51417e13d3ba16c16b9003b374d
              • Opcode Fuzzy Hash: 40766f0747439a1d03b1a75d812afa49a3d9dbf286935927c574667ea479df9a
              • Instruction Fuzzy Hash: 6D316B75650202EBDB31AF9DDC85E6ABBB5FB84B20F26415EFD0167349C7B05982CB80
              Function 016329A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
              Download Yara Rule
              Strings
              • HEAP[%wZ]: , xrefs: 01633255
              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0163327D
              • HEAP: , xrefs: 01633264
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
              • API String ID: 0-617086771
              • Opcode ID: beb4f93cf4221fa00bb50b3e0cdf0ca7bb5b8a2b05167586006e82c9d2185acc
              • Instruction ID: 315edae81eab34eb9b95ec6791035038c414e411fc47745c0b14478b83b8dff8
              • Opcode Fuzzy Hash: beb4f93cf4221fa00bb50b3e0cdf0ca7bb5b8a2b05167586006e82c9d2185acc
              • Instruction Fuzzy Hash: D392BC71A042499FEB25CF68C8547AEBBF1FF89314F18805DE846AB391D734A946CF50
              Function 01630770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-4253913091
              • Opcode ID: 540cf724d8eb5c73ed3811accd8ab1925d96d840c86a6d82eabbd7020dee3cbc
              • Instruction ID: e89b2cdae23f084df9e468ea54943c08b3c5819514cbeb15f401c40d6b443caa
              • Opcode Fuzzy Hash: 540cf724d8eb5c73ed3811accd8ab1925d96d840c86a6d82eabbd7020dee3cbc
              • Instruction Fuzzy Hash: BBF1AF30600606DFEB25DF68CC94B6AB7F6FF84704F1482A9E5569B381D734E986CB90
              Function 01646962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: $@
              • API String ID: 0-1077428164
              • Opcode ID: 18d1ec9b677ef3d664547193d7980801f3c3d9b567a42612661e1d749525c64f
              • Instruction ID: 3df312599905ed2550ceab1a0d3e11de5adcc1d076c7ba6b153b84f7ed052a7a
              • Opcode Fuzzy Hash: 18d1ec9b677ef3d664547193d7980801f3c3d9b567a42612661e1d749525c64f
              • Instruction Fuzzy Hash: A9C26D716083519FEB25CF28CC81BABBBE5AF89754F04892DF98987341D734D845CBA2
              Function 0161A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: FilterFullPath$UseFilter$\??\
              • API String ID: 0-2779062949
              • Opcode ID: 66e3b462108e9cc2c115084768d791ba1aaf799aa98a00a9242dc8aa73e0f4da
              • Instruction ID: c8969d603df6a2c8806528b39df793f5656d61a34d2974e505bd757a7d70d722
              • Opcode Fuzzy Hash: 66e3b462108e9cc2c115084768d791ba1aaf799aa98a00a9242dc8aa73e0f4da
              • Instruction Fuzzy Hash: 4AA19E7191162A9BDB31DF68CC88BEAB7B9FF44710F0441EAEA08A7210D7359E84CF54
              Function 01640BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
              Download Yara Rule
              Strings
              • LdrpCheckModule, xrefs: 0168A117
              • Failed to allocated memory for shimmed module list, xrefs: 0168A10F
              • minkernel\ntdll\ldrinit.c, xrefs: 0168A121
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
              • API String ID: 0-161242083
              • Opcode ID: 85e42eb243bc58872ee6c8a24d88422aca71315fc50ba16f57a1f43f11134aa6
              • Instruction ID: 0a07079f10b82248c352056c2390c65a1010808ac2962a297c5c9ece3aec0d8e
              • Opcode Fuzzy Hash: 85e42eb243bc58872ee6c8a24d88422aca71315fc50ba16f57a1f43f11134aa6
              • Instruction Fuzzy Hash: 6271D070A00216DFDB25EFACCD80AAEB7F5FB44214F14816DE942A7351E774A942CB54
              Function 01630A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-1334570610
              • Opcode ID: 178633fc1dabdd7e47d9d70bd53a90e00589c17cff79077cce49f916141e7d35
              • Instruction ID: 25f070452fa4f04a920b37fa30de2fa877c07550aaf0b773fd85771b36ab4225
              • Opcode Fuzzy Hash: 178633fc1dabdd7e47d9d70bd53a90e00589c17cff79077cce49f916141e7d35
              • Instruction Fuzzy Hash: 3E61AE706003059FDB29DF28C840B6ABBE2FF85704F14865DE8568B396D771E886CB95
              Function 0165C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
              Download Yara Rule
              Strings
              • Failed to reallocate the system dirs string !, xrefs: 016982D7
              • LdrpInitializePerUserWindowsDirectory, xrefs: 016982DE
              • minkernel\ntdll\ldrinit.c, xrefs: 016982E8
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1783798831
              • Opcode ID: fd360fc302135ccd7204513fe1164ffa9e157b1338d116d5be0dd564da292ac7
              • Instruction ID: ba8eea6dcc79c3a657b37db413014c7a64b4514860774b04c4564647633516ad
              • Opcode Fuzzy Hash: fd360fc302135ccd7204513fe1164ffa9e157b1338d116d5be0dd564da292ac7
              • Instruction Fuzzy Hash: 2041E071504301ABCB21EB68DC44B6B7BEDEF89B60F00892EFA4897294E770D801CB95
              Function 016DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
              Download Yara Rule
              Strings
              • @, xrefs: 016DC1F1
              • PreferredUILanguages, xrefs: 016DC212
              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 016DC1C5
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
              • API String ID: 0-2968386058
              • Opcode ID: 4363f72733ec7c46ab9fb2fda3fd907b64770aaf683e07330fd4e7b8ef366b24
              • Instruction ID: 6d3ffe50855e7982f0a421f3709fb1f14548a012362b1373f827e851994ca6e0
              • Opcode Fuzzy Hash: 4363f72733ec7c46ab9fb2fda3fd907b64770aaf683e07330fd4e7b8ef366b24
              • Instruction Fuzzy Hash: EA417172E0021DEBDB11DAD9CC91BEEBBBDAB14700F14816EE609A7244D7749A44CB94
              Function 016B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
              • API String ID: 0-1373925480
              • Opcode ID: 3ccf32fdd9159c572cf60fe00be02e6c10d53027490e85e39116fc10fc42f477
              • Instruction ID: 8dfb85b9ab79ae7535f0fa62dd13560962699763f9128ade4dd5dcb8c4829dbd
              • Opcode Fuzzy Hash: 3ccf32fdd9159c572cf60fe00be02e6c10d53027490e85e39116fc10fc42f477
              • Instruction Fuzzy Hash: EF412632A006588BEB26DBD9CD84BEDBBB9FF55340F14046DD902EB382DB359981CB51
              Function 016A4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrredirect.c, xrefs: 016A4899
              • LdrpCheckRedirection, xrefs: 016A488F
              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 016A4888
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-3154609507
              • Opcode ID: f78fd2a08833c62fc106fbfc2bc7147049202d60c167c7a0e1b8c2a8b48de1ae
              • Instruction ID: 3e567b938d98e34fa9a4fdf1b980047cc4c8aa15cb968f166791b9e98da8c6b5
              • Opcode Fuzzy Hash: f78fd2a08833c62fc106fbfc2bc7147049202d60c167c7a0e1b8c2a8b48de1ae
              • Instruction Fuzzy Hash: AD41C332A046919FCB21CE5CEC40A267BE9FF49A50B4A056DED4997351DBB0EC01CF91
              Function 01630BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-2558761708
              • Opcode ID: 90e71fa0d1c91a174136b69c75a7bd9c01da67c8a0efb7f5439b720cc48a420b
              • Instruction ID: 7f915320a8c34357439fbab741a0bf1ae657cb7a125ff64346cdf7c8711227ed
              • Opcode Fuzzy Hash: 90e71fa0d1c91a174136b69c75a7bd9c01da67c8a0efb7f5439b720cc48a420b
              • Instruction Fuzzy Hash: A311CD353561029FDB29EA1CCC41B66B3A6AF81716F18826DF4078B255DB30D846C755
              Function 016A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
              Download Yara Rule
              Strings
              • Process initialization failed with status 0x%08lx, xrefs: 016A20F3
              • LdrpInitializationFailure, xrefs: 016A20FA
              • minkernel\ntdll\ldrinit.c, xrefs: 016A2104
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2986994758
              • Opcode ID: d9e6ba07839b377f176e9890be0007851d0909889a9bc5cf72809e431c17770f
              • Instruction ID: 0a398b9a486c5a5bf0225e5e5000dc69d7b9e6412145924e78aa12db1d2e565e
              • Opcode Fuzzy Hash: d9e6ba07839b377f176e9890be0007851d0909889a9bc5cf72809e431c17770f
              • Instruction Fuzzy Hash: C5F0C835680309ABE725DA4CDC56F96376DFB41B64F50005DF70467281D6B0AE40CA95
              Function 016303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: #%u
              • API String ID: 48624451-232158463
              • Opcode ID: 9a346bbe9418ec5373f6945ef0aa304a8517e4eac99bc689d37cfe6935a6fe3c
              • Instruction ID: 685549cb593ec2771926c2a58dec1ec1f9e7366ab011f22a9d26d1efd6b86160
              • Opcode Fuzzy Hash: 9a346bbe9418ec5373f6945ef0aa304a8517e4eac99bc689d37cfe6935a6fe3c
              • Instruction Fuzzy Hash: E2713772A0014A9FDB01DFA8CD94BAEB7F9AF48304F144169E905E7251EB34EE05CB64
              Function 0162A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
              Download Yara Rule
              Strings
              • LdrResSearchResource Exit, xrefs: 0162AA25
              • LdrResSearchResource Enter, xrefs: 0162AA13
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
              • API String ID: 0-4066393604
              • Opcode ID: a3943bcffb2763472ffdccaefb8994743d7ed69e66bfcf80730d863d3db85c00
              • Instruction ID: 618d22072f1609f62344f4e33529d8eaaef1ecb43697eaf763fdd38b98e43a31
              • Opcode Fuzzy Hash: a3943bcffb2763472ffdccaefb8994743d7ed69e66bfcf80730d863d3db85c00
              • Instruction Fuzzy Hash: 3FE15D71A006299FEB229EDDCE90BAEBBBABF04710F10452AE901E7751D7B4D941CF50
              Function 016EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: `$`
              • API String ID: 0-197956300
              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction ID: 2d38147ae5ac134512bf80f73553ac4cc97d7a245de551955f9b82f04b1beb3f
              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction Fuzzy Hash: 90C1BE312053429BEB24CF68CC49B6BBBE6AFD4318F084B2CF6968B290D774D509CB55
              Function 0169E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Legacy$UEFI
              • API String ID: 2994545307-634100481
              • Opcode ID: d2be99efa34965375b01c85f5bb29c2e7bfb98473f7daaa22db35b5cc745ffee
              • Instruction ID: 2a9aedf3313bd3bfa16efd70506c8299a1cc45fb1fe74f4338e5e59dab337b4c
              • Opcode Fuzzy Hash: d2be99efa34965375b01c85f5bb29c2e7bfb98473f7daaa22db35b5cc745ffee
              • Instruction Fuzzy Hash: 3D615871E006199FDB24DFA88D40BAEBBB9FB48700F15406EE649EB291D732A941CB54
              Function 016C43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: @$MUI
              • API String ID: 0-17815947
              • Opcode ID: 1d8c1e4de66991b4f2b2b8729933d11e1396d357136e86ebb52e702b0400e63a
              • Instruction ID: c056c5a3f4c81e7dea5d1b4b5e34e84551fd0a940ec688050a5ce2a93b0c88c3
              • Opcode Fuzzy Hash: 1d8c1e4de66991b4f2b2b8729933d11e1396d357136e86ebb52e702b0400e63a
              • Instruction Fuzzy Hash: 285118B1D0021DAEDB11DFA9CC90AEEBBBDEB54B54F10452DE611B7290DB309D05CB64
              Function 016204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
              Download Yara Rule
              Strings
              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0162063D
              • kLsE, xrefs: 01620540
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
              • API String ID: 0-2547482624
              • Opcode ID: ee716b6577eccfa8e74e3ebc6240e9cd353c07bb921e6cee2022ca05c2594448
              • Instruction ID: 048b9725adb6f53532aae7a806799023e76b46b75d431b980a183391b670d33a
              • Opcode Fuzzy Hash: ee716b6577eccfa8e74e3ebc6240e9cd353c07bb921e6cee2022ca05c2594448
              • Instruction Fuzzy Hash: 3F51AC71504B628BD734DF68C9446A7BBE8AF85304F10883EFA9A87341E7709545CF96
              Function 0162A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
              Download Yara Rule
              Strings
              • RtlpResUltimateFallbackInfo Enter, xrefs: 0162A2FB
              • RtlpResUltimateFallbackInfo Exit, xrefs: 0162A309
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
              • API String ID: 0-2876891731
              • Opcode ID: a7099aa55a6fd6d8960ce774b2e137d6154d2767a83d556649c36d50a6fb3faa
              • Instruction ID: 0465d27b226ef08ee8e6f4db28c421a58d2d8a44baff0c57a6a9083ef9fb3821
              • Opcode Fuzzy Hash: a7099aa55a6fd6d8960ce774b2e137d6154d2767a83d556649c36d50a6fb3faa
              • Instruction Fuzzy Hash: 4541DC31A01A66CBDB21DF99CC40B6A7BB5FF84704F1441A9E900DB792E3B5C901CF85
              Function 0165A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Cleanup Group$Threadpool!
              • API String ID: 2994545307-4008356553
              • Opcode ID: 24cfea90321e27f502e415369654c1f6bd452f97bb88c057d68ce39639de9310
              • Instruction ID: aa13a0b5d36c44140aa569262b041b7c253c19f38813ba0917e0036e4f024631
              • Opcode Fuzzy Hash: 24cfea90321e27f502e415369654c1f6bd452f97bb88c057d68ce39639de9310
              • Instruction Fuzzy Hash: FE01D1B2250700AFD351DF64CE45B1677E8E794725F018A3DBA48CB190E374D804CB5A
              Function 0162C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: MUI
              • API String ID: 0-1339004836
              • Opcode ID: ba854c559cb887386123aead9ca30514fc79a3177196740be1df1691bddf76a9
              • Instruction ID: 049c84c69768d95e4aabb2cd8336e66534352bd6ed695f179f54de676eaad0ce
              • Opcode Fuzzy Hash: ba854c559cb887386123aead9ca30514fc79a3177196740be1df1691bddf76a9
              • Instruction Fuzzy Hash: 7D825B75E00A298FEB25CFA9CC80BEDBBB1BF49310F148169E959AB391D7349941CF50
              Function 016A6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 64a3ecccb63cab752f81a5f6c9c54af23b41d697e8b5c5ec3ba4e64810cb4836
              • Instruction ID: ba69b71503f592f0185f437dbabc6a211e8203dffeb8b064576029a7b5222dfe
              • Opcode Fuzzy Hash: 64a3ecccb63cab752f81a5f6c9c54af23b41d697e8b5c5ec3ba4e64810cb4836
              • Instruction Fuzzy Hash: D2918571900229AFEB21DF95CD85FAEBBB9EF54750F544059F600AB290D774AD00CFA4
              Function 016CE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 1f2a696e4a98bc6565b4cd993c8b0cc7f67bf945ee22fe3af4d87b39050a7c45
              • Instruction ID: 312457e019b8ea4c13b605ed6c50d1b9caf2222f3cf833f2d1a35cc4a53a8f50
              • Opcode Fuzzy Hash: 1f2a696e4a98bc6565b4cd993c8b0cc7f67bf945ee22fe3af4d87b39050a7c45
              • Instruction Fuzzy Hash: 71918032900649AFDB22ABA5DC44FBFBF7AEF95B50F10001DF505A7250DB79A901CB94
              Function 0165A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: GlobalTags
              • API String ID: 0-1106856819
              • Opcode ID: 9dc59f2b5f5ebcd3edafca3b2d982442a16fbf303d1a85de9825ce6375e97a67
              • Instruction ID: 02266399b0c34ac0088afa6a14134d920c727ef52aab92bb37663ed34b9f140c
              • Opcode Fuzzy Hash: 9dc59f2b5f5ebcd3edafca3b2d982442a16fbf303d1a85de9825ce6375e97a67
              • Instruction Fuzzy Hash: 34716175E0031A9FDF28CF9CD990AADBBB6BF48710F14812EE505AB341E7709941CB64
              Function 016C4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: .mui
              • API String ID: 0-1199573805
              • Opcode ID: 6d6657af45f99a44a9a8b387dd4c9c13fb0e2026c0417506d96a333f2c5b40f3
              • Instruction ID: 6224b71b2a821c7e6d393af06109bbf9cece318540708d2ea8c32db5675947f0
              • Opcode Fuzzy Hash: 6d6657af45f99a44a9a8b387dd4c9c13fb0e2026c0417506d96a333f2c5b40f3
              • Instruction Fuzzy Hash: 66515B72D0062ADBDB10DF9DDC50ABEBBB5EF14A50F05416EEA12BB344DB349901CBA4
              Function 0163E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: EXT-
              • API String ID: 0-1948896318
              • Opcode ID: 82d290e4e5baf4264e01423f72c5cb5923b58928d6eb03538e28fb4721c62186
              • Instruction ID: 2e7ae32af848a9b62020256354ac432c82c6660e512af330b5a8d728bb057231
              • Opcode Fuzzy Hash: 82d290e4e5baf4264e01423f72c5cb5923b58928d6eb03538e28fb4721c62186
              • Instruction Fuzzy Hash: BE4190725083169BD721DA79CC40BABB7E9AFC8714F04092DFA84D7280E775D904C7A6
              Function 0169C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: BinaryHash
              • API String ID: 0-2202222882
              • Opcode ID: e407e4159fb1762b55d1f7f53b0de62bbe5015b6ad410d8764196e22344c8f27
              • Instruction ID: 07d74ccdc928cb216182d93a4fa40bb62033c7e22d1abca4410d4d496d7c992c
              • Opcode Fuzzy Hash: e407e4159fb1762b55d1f7f53b0de62bbe5015b6ad410d8764196e22344c8f27
              • Instruction Fuzzy Hash: DB4152B1D0012DABDF21DA50CD84FDEBB7DAB45714F0145E9EA08AB140DB709E89CFA8
              Function 016B6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: #
              • API String ID: 0-1885708031
              • Opcode ID: bf7c77692031e65d922e777b54f7bd12bc3fd1f5b1e8c2e5445e56f4e7c91536
              • Instruction ID: eca21c49a26bf361552eb2617068c7da79c96cac7ef37292f768cae4735a0d20
              • Opcode Fuzzy Hash: bf7c77692031e65d922e777b54f7bd12bc3fd1f5b1e8c2e5445e56f4e7c91536
              • Instruction Fuzzy Hash: 4A311431A007199BEB22DB69CC90BEEBBB9DF55704F144068EA41AB382CB75DC85CB54
              Function 0169CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: BinaryName
              • API String ID: 0-215506332
              • Opcode ID: 20955cefed4d9306394fc622b4a76d78fc378eae32909686b305f00f88b83924
              • Instruction ID: efe0c25bb890e6875b593147629f5c08cd16bf63db4b7acbb6d717aba6bd40a9
              • Opcode Fuzzy Hash: 20955cefed4d9306394fc622b4a76d78fc378eae32909686b305f00f88b83924
              • Instruction Fuzzy Hash: F931E13690051AAFEF16DA59CC55E7FBB78EB80760F014169E905A7290D7309E05DBE0
              Function 016A892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
              Download Yara Rule
              Strings
              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 016A895E
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
              • API String ID: 0-702105204
              • Opcode ID: b0aa048bc6cab2fc0e2a7496c4025cb998cb5b9d6f171f36e766e5116bcce01a
              • Instruction ID: bf0888b5b4b0d8bb59fdbba4ac12d86207a0d109242233a501fc3cb8ceca0e98
              • Opcode Fuzzy Hash: b0aa048bc6cab2fc0e2a7496c4025cb998cb5b9d6f171f36e766e5116bcce01a
              • Instruction Fuzzy Hash: 900176B22042019FE7396B1DCC84A9ABF6AEFC6665B84002CF24103655CB20AC82CF96
              Function 016C2000 Relevance: .8, Instructions: 757COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0bf3aa31ad41576bed732cc09d32c002a906075c4cc6874537eeee8d356b196
              • Instruction ID: edbe0fbeb6a1504840189c320f0cc8658dddd1217e21783138a9ea6b273326da
              • Opcode Fuzzy Hash: c0bf3aa31ad41576bed732cc09d32c002a906075c4cc6874537eeee8d356b196
              • Instruction Fuzzy Hash: 2E42AE756093418BD725CF68CCA0A7BBBE6EB88B00F49492EFE8697350D770D845CB52
              Function 016B8158 Relevance: .6, Instructions: 617COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e230e6a4ad771a089998457e767981002ab67c1ce26dec07c077687d7f760b7
              • Instruction ID: 0fae13eb55e86683a6904f4e923e307642cd5b97e913fecd4e2ae17f97343bce
              • Opcode Fuzzy Hash: 3e230e6a4ad771a089998457e767981002ab67c1ce26dec07c077687d7f760b7
              • Instruction Fuzzy Hash: 79423D75A002198FEB25CF69CC81BEDBBFABF48300F158199E949AB342D7349985CF50
              Function 01632840 Relevance: .6, Instructions: 605COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 028dfb44d9ef7ba0113e9285e8574d53ab4dfcf13e615b49f7fa8bfa6ec0b8a6
              • Instruction ID: 51bed3936a298fddcbc158c6a1d9f0b3a81aa481e0065a2b30b09eacdec2d699
              • Opcode Fuzzy Hash: 028dfb44d9ef7ba0113e9285e8574d53ab4dfcf13e615b49f7fa8bfa6ec0b8a6
              • Instruction Fuzzy Hash: 7E32CDB0A007558BEB25EF69CC547BEBBF2BF84704F24821DD54A9B385D735A842CB60
              Function 016CA118 Relevance: .6, Instructions: 591COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b8dab14bb56f4e89d863e8368984b4d9e5fe6b1fb34fb415951b3973d769b5b
              • Instruction ID: 4cdaece25a467ce2d5fbb26de3531066580164eb8b3005942edfc139a0aadc8a
              • Opcode Fuzzy Hash: 1b8dab14bb56f4e89d863e8368984b4d9e5fe6b1fb34fb415951b3973d769b5b
              • Instruction Fuzzy Hash: BF22BD746046698BEB25CFA9C894372BBF1EF44B00F08C55EE9868B386F335D452DB60
              Function 01626A50 Relevance: .5, Instructions: 548COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 465ea72dca7dc30df45932b5e8438639f22abf4d01696cf604a71f9169cd2664
              • Instruction ID: 6602ce2abc5f35f0198ec553c997d315504bc7d816c6c46a7eb3863ae9317387
              • Opcode Fuzzy Hash: 465ea72dca7dc30df45932b5e8438639f22abf4d01696cf604a71f9169cd2664
              • Instruction Fuzzy Hash: 1032BE71A05615CFDB25DF68C880BAABBF2FF48310F148669E956AB391D730E842CF50
              Function 01644A35 Relevance: .4, Instructions: 423COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction ID: 7a2bd0764b520999af89febe64797489f0b22b2ab2f5cdb25086f6f1cdd2ad5e
              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction Fuzzy Hash: 43F17171E0021A9BDF15DF99CD81BAEBBF6BF48710F098169E945AB340EB34D841CB64
              Function 016B892B Relevance: .4, Instructions: 386COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be38975e91db932a6e57a268de6d52efd2513a70bd7a18a686aaa14ab59dbd1c
              • Instruction ID: 41de8e92c7b53b76a13f5e726961d27be0ab9567a3bb5787352c5a38e970e319
              • Opcode Fuzzy Hash: be38975e91db932a6e57a268de6d52efd2513a70bd7a18a686aaa14ab59dbd1c
              • Instruction Fuzzy Hash: 23D1E271E0060A8BDF15CF69CC81AFEB7FEAF88304F18816AD955A7241D735E946CB60
              Function 016265D0 Relevance: .4, Instructions: 383COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6a2e42a72aef59e7dc7be7d1e14dd29d011ab7b164e1e409c28b5cfe8ffd777
              • Instruction ID: 949a4827902bf7243a089df4156e1d9eeb80f49ff3974d5fb502476401ef8365
              • Opcode Fuzzy Hash: c6a2e42a72aef59e7dc7be7d1e14dd29d011ab7b164e1e409c28b5cfe8ffd777
              • Instruction Fuzzy Hash: 64E1AE71608752CFC715CF28C890A6ABBE1FF89314F058A6DE99987351DB31E906CF92
              Function 01618397 Relevance: .4, Instructions: 380COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d385bca1dd8cee3a4c591bab7e2a8ec4d4cebbf84df0b32b1285537da716c6ee
              • Instruction ID: 8ac2d6902ab0e4b99afc7170718bdb887c37aeba6715dc57a3dc96e4ac37ff33
              • Opcode Fuzzy Hash: d385bca1dd8cee3a4c591bab7e2a8ec4d4cebbf84df0b32b1285537da716c6ee
              • Instruction Fuzzy Hash: 87D10371A006169BDB14CF68CC90EBEB7BAFF54314F09462DEA16DB284EB34E951CB50
              Function 016A8243 Relevance: .3, Instructions: 322COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction ID: 74e5f5b10202c01bb28de6f3902da432b14ceeea6990281fd027e2219fe190e2
              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction Fuzzy Hash: B8B17174A006059FEB24DB99CD40AABBBBEFF84305F90846DAA4297790DB34ED45CF50
              Function 01630535 Relevance: .3, Instructions: 300COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction ID: 79cc52e7418bca73922415beb8a20d5cbe626597a79e8778d76640210282b82c
              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction Fuzzy Hash: 7BB10671604646AFDB26DB68CD50BBEBBF6AFC8310F140299E552D7381DB30E946CB90
              Function 016283C0 Relevance: .3, Instructions: 281COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d981faba4b0adfbc09a0f927a7bb069352ba4859d54b10d005f721991b1db786
              • Instruction ID: 2c9d0751dcbebfbdf1698a6989ed02ec414120ad954f99adf177eb0ed5bb706b
              • Opcode Fuzzy Hash: d981faba4b0adfbc09a0f927a7bb069352ba4859d54b10d005f721991b1db786
              • Instruction Fuzzy Hash: C6C156702083418FE764DF18C894BAAB7E9BF88304F44496DE98997391D7B4E909CF92
              Function 0161C427 Relevance: .3, Instructions: 280COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52b445a8986c62285e94a659874b552802653b7fe699586cc9b4a18fc70f3297
              • Instruction ID: 41041f693ada8f7b7c3220abe833344283f7ac8e5340a23f08dcae7b972448bc
              • Opcode Fuzzy Hash: 52b445a8986c62285e94a659874b552802653b7fe699586cc9b4a18fc70f3297
              • Instruction Fuzzy Hash: 67B18270A402668BDB64DF58CC90BADB7B6EF44700F0885E9D50AE7385EB30DD86CB24
              Function 0164E5E7 Relevance: .3, Instructions: 278COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 128e1839285258c419fd9f30d6340c63aba8479057773991335c85770b300eae
              • Instruction ID: 3527e5b777ae00019dc329ba41c29a52499991282711a8597c1887601c7144f9
              • Opcode Fuzzy Hash: 128e1839285258c419fd9f30d6340c63aba8479057773991335c85770b300eae
              • Instruction Fuzzy Hash: 46A11631E006259FEB21EB5CCC48BAEBBB5BF01724F054295EA00AB391D7789D41CBD1
              Function 01660185 Relevance: .3, Instructions: 276COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2628868fae2405f36530e2200a6479bf5c245dfa41f9596bc09cec8cfafa18e6
              • Instruction ID: 3ae864747dc35d5eb5d32098abe2c25de7b8d1120191a6674cb34fffe4964801
              • Opcode Fuzzy Hash: 2628868fae2405f36530e2200a6479bf5c245dfa41f9596bc09cec8cfafa18e6
              • Instruction Fuzzy Hash: 6BA18F71A01616DBEB25DF69CD90BAAB7A9FF54314F04403DEA4597381EB34E812CB90
              Function 016F4500 Relevance: .3, Instructions: 275COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62a9601b875959a5649f7509493015e7e36ebcaaae727c9843297f95c2ef848c
              • Instruction ID: 10e7e14395306f0328872087e7d19858c1dcfa4ee0fc004b53fe51c8820764c5
              • Opcode Fuzzy Hash: 62a9601b875959a5649f7509493015e7e36ebcaaae727c9843297f95c2ef848c
              • Instruction Fuzzy Hash: 96A1CD72A056129FC721DF18CD80B6ABBEAFF88714F05492CF6859BB51CB34E901CB95
              Function 016F2B57 Relevance: .3, Instructions: 266COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
              • Instruction ID: c876e3de4e49ff765372efbc5095f6f6456314a0517019185ce6f3f8b2ec08a0
              • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
              • Instruction Fuzzy Hash: D4B11571E0061A9FDB29CFA9C890AADBBB5FF88310F14816DEA15A7354D730E941CF94
              Function 016A60E0 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0833b8430aa5a8ce002c45f3140018a7f68ffb3914291b17b287594caa0379d
              • Instruction ID: 9c548cd10b645f9bec6e11f92875b960c25f9eaff6a5db3462edd7a9bbca3def
              • Opcode Fuzzy Hash: f0833b8430aa5a8ce002c45f3140018a7f68ffb3914291b17b287594caa0379d
              • Instruction Fuzzy Hash: A091A171D00216AFDB15CFA8DC94BAEBFB5AF48710F5941A9E610AB341D734ED018FA4
              Function 0163E3F0 Relevance: .3, Instructions: 261COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d08ba42322d732e12577b4c8c1a999441f3ec4b8547f22b57544b3360223f1a
              • Instruction ID: 616beb3dbc6778b664b4d8b38242cf337d1281f3b313dec9d68e507b25581d2e
              • Opcode Fuzzy Hash: 8d08ba42322d732e12577b4c8c1a999441f3ec4b8547f22b57544b3360223f1a
              • Instruction Fuzzy Hash: BD914571A01216DBEB24EB5CCC40B79BBB2EFD8724F058569ED059B381E736D902CB61
              Function 01676ACC Relevance: .2, Instructions: 226COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21c3aaef74c5232278a3728bb2dd48cb6c4b8f2a278cf028b96d13097a833f14
              • Instruction ID: 022202346f8f469fad5aa596878c09f9beb1fb8e57cde962f2da63f470dddaaa
              • Opcode Fuzzy Hash: 21c3aaef74c5232278a3728bb2dd48cb6c4b8f2a278cf028b96d13097a833f14
              • Instruction Fuzzy Hash: B88182B1A00A169FEB24CF69C940ABEBBF9FB48700F14852EE455E7740E734D951CBA4
              Function 016EAB40 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction ID: 41f1f04cbb39e53541e452bd5c31426a8e9b7179fed7d8486ac8feabf07ef05e
              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction Fuzzy Hash: ED819172A012059FDF19CF98C898AAEBBF6BF84310F18866DD9169B344D774D911CB44
              Function 0165E284 Relevance: .2, Instructions: 212COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 122db80ae53c561bbe5112dc9e856cad211a39ce0dfe096bddbb806abf45dfdf
              • Instruction ID: 13c46929b403e44de5d29583776f161ec8fc72c7ed9f5e64699d7dfacb5cf2be
              • Opcode Fuzzy Hash: 122db80ae53c561bbe5112dc9e856cad211a39ce0dfe096bddbb806abf45dfdf
              • Instruction Fuzzy Hash: BB817C71A00609AFDF65CFA9CC80AEEFBBAFB88354F10442DE955A7211D731AD05CB60
              Function 0163C640 Relevance: .2, Instructions: 206COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c9a58a0bfed002c3cd4ffb21b1f63a3264e3d6a8971f8cb03b1a1c9ba47116aa
              • Instruction ID: 2cc57f6de0ec2f2537262dc7aada4be63025e71d43f855e6d777411e478de2de
              • Opcode Fuzzy Hash: c9a58a0bfed002c3cd4ffb21b1f63a3264e3d6a8971f8cb03b1a1c9ba47116aa
              • Instruction Fuzzy Hash: 2471CE75D04669DBCB26DF58CC90BBEBBB5FF98710F14821AE942AB350D7709801CBA0
              Function 016D47A0 Relevance: .2, Instructions: 202COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 63570eaf87053ff5610b5b079cc706a99ae200feb29fdd78967d763c95e4ba03
              • Instruction ID: ae05f736f7307935b4b0ec1b72852f0912a00951d49ce346b874a7bf10c98ee9
              • Opcode Fuzzy Hash: 63570eaf87053ff5610b5b079cc706a99ae200feb29fdd78967d763c95e4ba03
              • Instruction Fuzzy Hash: A9719F70D01205EFDB20CF5DDD45AAABBF9EB91710B05815EFA00AB658CB71DD80CB59
              Function 0163260B Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7004aa116b2bc2dc45250a15f36ea5bfe7665cefdac0af507811211e95a72139
              • Instruction ID: 7d398a5e2002eba43e0ade38e5e4082f78e672cbccf8922da7f179543aede33b
              • Opcode Fuzzy Hash: 7004aa116b2bc2dc45250a15f36ea5bfe7665cefdac0af507811211e95a72139
              • Instruction Fuzzy Hash: CD71CF31A046528FD312DF2CC890B2AB7E6FFC5710F0885ADE8958B352DB34D846CB95
              Function 016A035C Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction ID: e403c160b5ae3c305ef3440644f79790940e673171110a7a32f361d189b7b095
              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction Fuzzy Hash: F0715C71A0061AAFDB10DFA9CD84A9EBBBAFF88700F504569E545E7250DB34EE01CF94
              Function 016B62A0 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e5581b752c62875234e3d1519cb6840a6493d106f2f9ac486912ad5da966dae4
              • Instruction ID: 7d2759da3e417d8551ac45db08c5e6e0f6216bb58469353723f31d81106d6544
              • Opcode Fuzzy Hash: e5581b752c62875234e3d1519cb6840a6493d106f2f9ac486912ad5da966dae4
              • Instruction Fuzzy Hash: EF71E332241B01AFE732DF18CC94F96BBB6EF40724F14842CE656872A1D779E984CB50
              Function 01628AA0 Relevance: .2, Instructions: 197COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8751ac47de7da0414d9888351a151bc88e40223ec6b263ce58dd71c16a862f7
              • Instruction ID: 0a90b5bd036825e13e66a9285cb6e2fa60ddc04ab32f1ee850d1e03972b69808
              • Opcode Fuzzy Hash: a8751ac47de7da0414d9888351a151bc88e40223ec6b263ce58dd71c16a862f7
              • Instruction Fuzzy Hash: A8818C72A043168BDB24DF9CDDA4B6DB7FABB48320F19822DD901AB381C7749941CB94
              Function 016DA250 Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe6320159ca80fd8bc485de6d71253932a883a7b624e68ae2ad1256ff1b9b165
              • Instruction ID: 03b88e38e32c9e88c0b6a7c6908814ce8b4e522a4323962b4b44d0469ccff163
              • Opcode Fuzzy Hash: fe6320159ca80fd8bc485de6d71253932a883a7b624e68ae2ad1256ff1b9b165
              • Instruction Fuzzy Hash: 7551CF72909612AFD721DEA8CC44E6BBBE9EBC9750F01092DFA40DB250D774ED05C7A2
              Function 016C8350 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 524006e6b39ad7083f8f1a2ba966a3909e00f4ce9678b9b593f1111ff41b6406
              • Instruction ID: e068137f2802661ce8219c44c428f8a8c999cc0a4d96abeb1a27d9f528546a23
              • Opcode Fuzzy Hash: 524006e6b39ad7083f8f1a2ba966a3909e00f4ce9678b9b593f1111ff41b6406
              • Instruction Fuzzy Hash: F9518A709007059BD731DF9AC884AABFBFDFF94B10F10861ED296976A1C7B0A945CB90
              Function 0165E443 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd8195e1256435247d2f0a5170072678abe13ccf12752bde6baef1a95e70dcec
              • Instruction ID: 21eb06d41f731e57e34b7f86a29dfe2ff2a3019dce811ef52760985fd1c1687d
              • Opcode Fuzzy Hash: cd8195e1256435247d2f0a5170072678abe13ccf12752bde6baef1a95e70dcec
              • Instruction Fuzzy Hash: 71514971200A059FCB22EFA9CD80EAAB7BEFF54794F40046DE94297360D735EA41CB54
              Function 016C4180 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2760353adb8f8ac4d9d6209577decbe20cd55f5e6dfeb9532ca289429992ba62
              • Instruction ID: f32179fed5c886bff7b1a79377244a582af60b76067951201541e6172ce72e21
              • Opcode Fuzzy Hash: 2760353adb8f8ac4d9d6209577decbe20cd55f5e6dfeb9532ca289429992ba62
              • Instruction Fuzzy Hash: 3D5145716083028FD754DF2AC891A6BBBE6FFC8A14F44492DF589C7350EB34D9068B96
              Function 016445B1 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction ID: 6a00cc6b9300ea75c806c1ccb20a24f0ff47e819058b8682470c586fe9ec3788
              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction Fuzzy Hash: 8451AE71E0021AABDF15DF98C841BFEBBBAAF44354F144169EA01AB340DB34DD45CBA4
              Function 016AE9E0 Relevance: .2, Instructions: 154COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction ID: df21c0df117999644209f8f1acd06be9b094b5ddbdd72e65b8bc159bcdad68bf
              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction Fuzzy Hash: 2D51EB31D0021AEFDF11DF94CD98BAEBB79AF00314F514669DA1267290D7329D40CFA4
              Function 016E8B28 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13b74418473cd989d863daa5d5ffbecb637153babecc9f5d771b1b586ede1716
              • Instruction ID: 5d7023f05a4a96c9456897ae9b764d9fa7ba9be8894af1dfcdca69672efeebc3
              • Opcode Fuzzy Hash: 13b74418473cd989d863daa5d5ffbecb637153babecc9f5d771b1b586ede1716
              • Instruction Fuzzy Hash: 9541D1707036119BDA29DB2DCD9CB3BBBDEEF91620F048718E9558B384DB34D811C690
              Function 016ACBF0 Relevance: .1, Instructions: 148COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83f9d6e7c19daab5321b1469ae9df5b915a8de8eae4b9d6ce58f23e7b1e82893
              • Instruction ID: 7fcfe2220be78bd7fa584ea42673db60a2239e3904e6fd58ad0382af0354f35b
              • Opcode Fuzzy Hash: 83f9d6e7c19daab5321b1469ae9df5b915a8de8eae4b9d6ce58f23e7b1e82893
              • Instruction Fuzzy Hash: 78517B7290021ADFCB20EFA9CD909AEBBF9FB48364B908519E546A7304D770AD01CFD0
              Function 0165A430 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a05032972cfe6bac4376c1ad44646059b14315ac946a2b2b547c1452be03c9f
              • Instruction ID: 459d79047de12362de35d2fdee46c9573353eccb6deb25bbfc3284115c81f726
              • Opcode Fuzzy Hash: 0a05032972cfe6bac4376c1ad44646059b14315ac946a2b2b547c1452be03c9f
              • Instruction Fuzzy Hash: 604139716443129BCF65EFADDCA0FAA3B6AEB59718F00412CEF029B341D7B19802C795
              Function 016EA9D3 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction ID: 25731a8af0a6e91cfb89719a6d9c18c50b4068224925179b1d56f8957256abe9
              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction Fuzzy Hash: A941D8716067169FDB25CF98CD88A6AB7EAFF90210B05472DED5287340EB30ED19C794
              Function 016501F8 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 546987dcad1c498ab5279342411c9e79d226ecc577d66fd4caa93dbefc3a8293
              • Instruction ID: 549f79feb8d927499f11617bd88ab0b902780ae32f8f330e544f66f22b1ff412
              • Opcode Fuzzy Hash: 546987dcad1c498ab5279342411c9e79d226ecc577d66fd4caa93dbefc3a8293
              • Instruction Fuzzy Hash: EC41893690021A9BDB54DFA8C840AEEBBB9AF48710F14816AFD15A7340D735DD42CBA8
              Function 0164EBFC Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 37724d1881b2b2b708040a65d83650aaa0ee5dbd34d1184b6b5115df40c8fccd
              • Instruction ID: 64514c6c09e7f83c497c555227814ab84c19d465e267f4b76ac8963d51ff0a19
              • Opcode Fuzzy Hash: 37724d1881b2b2b708040a65d83650aaa0ee5dbd34d1184b6b5115df40c8fccd
              • Instruction Fuzzy Hash: 9041E4726043029FD721EF28CC80A27B7EAFF88224F00496DEA67C7351DB36E8458B54
              Function 01662750 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction ID: 3953179b332e5914af633ccae4cf7351b9c6a04263c1b00be3bf22cc3885ffa6
              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction Fuzzy Hash: A1514775A016158FCB15CF99C880AAEF7F6FF84720F2481A9D915EB351D730AA42CB90
              Function 01626154 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d6976be4c986086d858ef8b7f7372ba26e8c5a6be1a982e7aed62a26cb34250
              • Instruction ID: c363a290b220ddbbf2e617cbab8dba822527e4513cb25278fcb7e188674fb239
              • Opcode Fuzzy Hash: 4d6976be4c986086d858ef8b7f7372ba26e8c5a6be1a982e7aed62a26cb34250
              • Instruction Fuzzy Hash: 9D512670905626DBDB25DB2CCC10BA8BBB1FF12314F1482A9E929A77D1D774A981CF84
              Function 01620BCD Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 875237efb0db576cdadba43a0ae9736c69f4718deb36c483342246b4c320aa69
              • Instruction ID: 2f670beee38e984a21f1e958648bb563047613ef7066689c697d15962c3d2862
              • Opcode Fuzzy Hash: 875237efb0db576cdadba43a0ae9736c69f4718deb36c483342246b4c320aa69
              • Instruction Fuzzy Hash: BB41A076A406289FDB21DF68CD40BEA77B9EF45740F0100A9E908AB341D734DE85CF95
              Function 016E866E Relevance: .1, Instructions: 129COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction ID: 901f07b6d5d1972f02ab432b544172814d36648929a0c5e3621db966082a0f31
              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction Fuzzy Hash: 80419475B01115ABDF15DB99CC88ABFBBFEAF84600F1541A9E904A7341D770DD018BA0
              Function 01620887 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67edd7190d05653a7d8a1c83615253c8d533b6b11070529a377c45c84d0bc549
              • Instruction ID: bcb5afaf59b461532b34b43f98f1731f9db38cd5b66bcf611f6ae21a25064cca
              • Opcode Fuzzy Hash: 67edd7190d05653a7d8a1c83615253c8d533b6b11070529a377c45c84d0bc549
              • Instruction Fuzzy Hash: A941B171A00B129FE725CF28CC80A22B7F9FF89314B109A6DE55787A51E774E846CF94
              Function 0164A470 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d7c56a50e0c9bd8a3d761890e6814c00644f15faee4f84cf2c48b5aa08e31d9
              • Instruction ID: 5b4c180df1d423c97980fff2f149e09a96127b557f4ba7df3f17d527d33f0c76
              • Opcode Fuzzy Hash: 6d7c56a50e0c9bd8a3d761890e6814c00644f15faee4f84cf2c48b5aa08e31d9
              • Instruction Fuzzy Hash: 2541FF32A81205DFDB25DFACCD94BED7BB5FB58320F084269D412AB381DB349901CBA4
              Function 01628BF0 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 300b131e7f6212a12d03df04e72d32f44bef4fb2d664948d856cc7d5ed10728a
              • Instruction ID: ec21cdcb056093aae703c357e254329e75f9597c5a9313efcd2af16283f319ef
              • Opcode Fuzzy Hash: 300b131e7f6212a12d03df04e72d32f44bef4fb2d664948d856cc7d5ed10728a
              • Instruction Fuzzy Hash: 6141DF72A00622CBD7249F5CCC80A5ABBFAFBA4724F18812ED9029B755C735D842CF90
              Function 01618918 Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f3b670c542dd9c16feb753a68fffcffc7656df14dee663e611ff66082b696dc5
              • Instruction ID: eed63c97f479120a3b8808949c2461c1922cfb4ce5fcab775067d38fcfb91f5a
              • Opcode Fuzzy Hash: f3b670c542dd9c16feb753a68fffcffc7656df14dee663e611ff66082b696dc5
              • Instruction Fuzzy Hash: 73414A315087469FD312DF698C40A6BF6EAAF88B54F44092EF984D7260E730DE058B97
              Function 0161A020 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction ID: 0844a7421833c86ad8d050fce86df3b885f42fe530ab56a9ad8da3bb56859624
              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction Fuzzy Hash: A9415F31A01251DFDB11DEAD8C407BABB72EB50B5AF19C06AE945DB348D73B8D81CB90
              Function 016209AD Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b150b869fea92d453e767372cf638832c9dfd1a05b88e31cb7633b2b09becb2
              • Instruction ID: 0729c1b29939c8e640f8ef217244bd7623c4eb5658521eb1ace73691983ba782
              • Opcode Fuzzy Hash: 2b150b869fea92d453e767372cf638832c9dfd1a05b88e31cb7633b2b09becb2
              • Instruction Fuzzy Hash: 0F416671A01A11EFD721CF18C840B26BBF5FF58314F608A6EE8498B352E771E9428F95
              Function 01650710 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction ID: 1068def3f057096b09278aee1d5b27fd1b2447a05ed7d3d2e1ddf821e431ff9b
              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction Fuzzy Hash: 1B413875A00605EFDB64CF98C990AAABBF9FF18704F10496DE996D7250D330EA44CF90
              Function 0162262C Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 295daa34aacd39af1e2bef6d3e13baaafc1cbf2fb53953a91dc27deea1688aae
              • Instruction ID: 75b5cf8c37c3ec9a2e3c2d918f8561f1bcb17c05c80ab3a99d8c9da22cff3c71
              • Opcode Fuzzy Hash: 295daa34aacd39af1e2bef6d3e13baaafc1cbf2fb53953a91dc27deea1688aae
              • Instruction Fuzzy Hash: 4941AEB1505B21DFCB21EF28CD60B69B7B2FF54720F1086ADD8169B2A1DB70A941CF51
              Function 0165C8F9 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0017a4b130fda84d7e8a68ae37694ed02993f58196ff6f3d90ab208ea9a0315b
              • Instruction ID: 44aa2dd131f4e88e03fb1c697b26cf297931704e3ea2d744d4d24723e323433f
              • Opcode Fuzzy Hash: 0017a4b130fda84d7e8a68ae37694ed02993f58196ff6f3d90ab208ea9a0315b
              • Instruction Fuzzy Hash: A63188B1A01349DFDB52CF68C840B99BBF9EF49724F2085AED519EB251D3329902CB94
              Function 016A07C3 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7c9799d43313690d2b4a4cde230d6bd2abb5075d1f1132632d167288ccc58b9
              • Instruction ID: dac2e5b8d0e04bd0f82df28e8de953bedeac4abd5b65221bbbc7b58648668e3e
              • Opcode Fuzzy Hash: a7c9799d43313690d2b4a4cde230d6bd2abb5075d1f1132632d167288ccc58b9
              • Instruction Fuzzy Hash: B941AE729043019BD760DF28C845B9BBBE8FF88724F008A2EF998C7250D770D805CB96
              Function 016180A0 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dc0f685c67238c431522b34a120768b230f8215306e50f8100db57e8846742fc
              • Instruction ID: 719e2d1566a1b65463b461793b843483c640a4aedac7fca62eb276a20985f1a9
              • Opcode Fuzzy Hash: dc0f685c67238c431522b34a120768b230f8215306e50f8100db57e8846742fc
              • Instruction Fuzzy Hash: EF41E372E05617AFDB01DF18CC81AA8B7BAFF54761F288629D815A7384D734ED418BD0
              Function 016A05A7 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6156731f5860058f4477628e8d838e54d5542ed14ccff9719b3801dfa11fa744
              • Instruction ID: 4b9a3aa0d8b46dbe77809868935034c6363748da0286c4f0a89662d4e70862a0
              • Opcode Fuzzy Hash: 6156731f5860058f4477628e8d838e54d5542ed14ccff9719b3801dfa11fa744
              • Instruction Fuzzy Hash: A841B1726046529FC320DF68CC40A6AB7E9BFC8700F54461DF99597780E730ED14CBAA
              Function 01624859 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4aefd5009d045e3c4c784acc8faa964ccb87d51744996b19423adae096c8516
              • Instruction ID: cf087c688850b717beaede68892443661fede14c47912aea0cdf78c39a99dfda
              • Opcode Fuzzy Hash: e4aefd5009d045e3c4c784acc8faa964ccb87d51744996b19423adae096c8516
              • Instruction Fuzzy Hash: 9F41BE30B047228BD725DF2CDC94B2ABBAAEF80360F14442DE6468B391DB70D951CF91
              Function 01618B50 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e7a44aace2a44bca98a2a5e1dc5137c95469a60b942c7c0ff87a3d6ea624ca26
              • Instruction ID: 2f18c1de59b34d8bf90bb1b262051ddf31d543d1c7dd4bc55c976985e4e801ac
              • Opcode Fuzzy Hash: e7a44aace2a44bca98a2a5e1dc5137c95469a60b942c7c0ff87a3d6ea624ca26
              • Instruction Fuzzy Hash: C0418071A01615CFCB15DF69CD8099DBBF6FF98320B28862ED466A7354DB349941CB40
              Function 016302E1 Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction ID: 8caf8dc511a1e38541fa7dfd065d81431d807dce477a0d50be68b73db6989f1c
              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction Fuzzy Hash: C2314631A04246AFEB129B6CCC80B9BBFF9AF54310F0441A9F855D7342C7B4D888CBA4
              Function 016CE3DB Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e8afb8873556c7e702c830b0b4ba296b45627c5a6704078485a5a48a030be4a
              • Instruction ID: dd64349d0caed86904edce6c04eaa622ad0046229f04f569065d4b685e329979
              • Opcode Fuzzy Hash: 6e8afb8873556c7e702c830b0b4ba296b45627c5a6704078485a5a48a030be4a
              • Instruction Fuzzy Hash: 3E31B431741716ABD722AF658C40FBFBAB9EB59F50F00402CF600AB381CAA5DC0187E4
              Function 016D4B4B Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86eaa421ac9e3e8799389e66366cb6703fd3670b8817a404f65a1010afcf578b
              • Instruction ID: 16aaa8faa1d1aea3cc58b81f874d7da63ff1d099cdfb1fa44080ec8194032444
              • Opcode Fuzzy Hash: 86eaa421ac9e3e8799389e66366cb6703fd3670b8817a404f65a1010afcf578b
              • Instruction Fuzzy Hash: B3319E32A052018FC721DF1DDC80E66B7E6FB85360F0A846EF9958BB51DB71AC41CB95
              Function 01624260 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 564ebf085ce4ba27262bcbf9a5e1fd7397d9f0fa7d4369129baa45617b114ad7
              • Instruction ID: 74750071f425ef9aecc4398bc2d66cdbaa3da26e72d57ebfc0b99691f60fe2be
              • Opcode Fuzzy Hash: 564ebf085ce4ba27262bcbf9a5e1fd7397d9f0fa7d4369129baa45617b114ad7
              • Instruction Fuzzy Hash: 5C418D31200B45DFD722DF29CC91BD67BE9BB45354F01892DE65A8B350CBB4E804CB94
              Function 016D4BB0 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 34dfc8b1f1515a3b65b106f17a28e2274bd7531152c2ab8e4d23ba6f7432ae71
              • Instruction ID: 41eb58a2667daf629cfa0e023e6807732ca4fc2d31e0f50b8e3dc6046a3187cc
              • Opcode Fuzzy Hash: 34dfc8b1f1515a3b65b106f17a28e2274bd7531152c2ab8e4d23ba6f7432ae71
              • Instruction Fuzzy Hash: F6318B71A052019FD720DF2CCC90A2AB7E5FB84720F09896DF9959BB91EB30ED05CB95
              Function 0169EB1D Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce064cf4eb2fadec36df5c6da094f999d009109d2c6173fd0e5eb263746c6f0e
              • Instruction ID: 95dd422d1a47ba60c41d2b5b88f67f51accf841c31d19ddf12a0c531881f39f0
              • Opcode Fuzzy Hash: ce064cf4eb2fadec36df5c6da094f999d009109d2c6173fd0e5eb263746c6f0e
              • Instruction Fuzzy Hash: F031B0326016C2DBFB22D75CCE48B257BDDBB40B44F1D04A4AA859B7D2DB29D841C224
              Function 016E61C3 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dcfb0d3c110c2898f4a4f9bca96a708d0050e2556dd3eaaddb87d6c431a0901c
              • Instruction ID: c927dc34d287a3c555bbf09f6b3fd80a28a5bbd268155951213f515984f8eef9
              • Opcode Fuzzy Hash: dcfb0d3c110c2898f4a4f9bca96a708d0050e2556dd3eaaddb87d6c431a0901c
              • Instruction Fuzzy Hash: 7931B275A01116AFDB15DF98CC44BAEB7FAEB48740F458268E900AB244D770ED01CBA4
              Function 016C483A Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41a79a709443bd6d40331dbc60baa6d8b813b259efd070afb59261cfca126dc9
              • Instruction ID: d83bec19bca9aa13012b0bcd80bda2d15b7c7692c3947a70a9ac02d2a8c80319
              • Opcode Fuzzy Hash: 41a79a709443bd6d40331dbc60baa6d8b813b259efd070afb59261cfca126dc9
              • Instruction Fuzzy Hash: 92315576A4012DABCB21DF54DC94BDE7BFAEB98750F1040A9E508A7250CB30DE51CF90
              Function 0164EB20 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89e7cd7a2b28c292eed6ea769e5ebbd557efb5b244dbcd251cc0c54575b5e576
              • Instruction ID: c2bfe59dba533d21182ae14abbffcdabc98b9b293a333781376faeaef9a9b128
              • Opcode Fuzzy Hash: 89e7cd7a2b28c292eed6ea769e5ebbd557efb5b244dbcd251cc0c54575b5e576
              • Instruction Fuzzy Hash: 0931E432E00215AFDB21DFA9CD40AAEBBF9FF44350F018569E516E7250D3759E008BA0
              Function 016E60B8 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05413f600c0b52243eaba28093e6e57160bb4f386eb136c5561659168f1717b8
              • Instruction ID: 1771533ac17e135ad0b2101b4777c00ac6907058b0725253bf676d99adc7484b
              • Opcode Fuzzy Hash: 05413f600c0b52243eaba28093e6e57160bb4f386eb136c5561659168f1717b8
              • Instruction Fuzzy Hash: 0D31F471A41202EBDB139FADCC50BAABBFAAF94315F00416DE506EB342DB30DD018B90
              Function 016207AF Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 37f9a75b6176df277eacf3e6b5c0f5227c39b61af9d00be966552e9816f557cf
              • Instruction ID: 025d8f037d074657ae46b306b25f0794ec87e2f898655cf1318c2294146f5397
              • Opcode Fuzzy Hash: 37f9a75b6176df277eacf3e6b5c0f5227c39b61af9d00be966552e9816f557cf
              • Instruction Fuzzy Hash: E831F976A04B22DBCB12DE288C80D6BBBA6AFD4650F03456DFD5697310DB74DC018BD5
              Function 01628550 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9d60f9cd1ba1287a0548df9aff1123ae6a31dea7a22ff4d935019214f4df484a
              • Instruction ID: e1e3c87b75115056d321253340ccafa3bd20a708a3899729c2a5d1e8b2ca9c27
              • Opcode Fuzzy Hash: 9d60f9cd1ba1287a0548df9aff1123ae6a31dea7a22ff4d935019214f4df484a
              • Instruction Fuzzy Hash: 3831AFB26097118FE761DF19CC40B2BBBE9FB88700F044A6DE984A7351D770E844CBA2
              Function 0165A6C7 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction ID: 1400c53ce238a1056cab4ee0124ec31983b74f318bca9abbb178aacbac95d32b
              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction Fuzzy Hash: 8C312CB6B00B01AFD761CFA9DE40B67BBF8AB08650F04052DA99AC3751E730E9008B64
              Function 016CEBD0 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 674e458083563a9a59bc472bc413d6e51baa9db6661c6c83e9f51ac1b14c82df
              • Instruction ID: 4842cbb18445357c1fa97985701e9418a8ada24d8f1bfdf01c1cc0fbc67819ac
              • Opcode Fuzzy Hash: 674e458083563a9a59bc472bc413d6e51baa9db6661c6c83e9f51ac1b14c82df
              • Instruction Fuzzy Hash: F2318BB16093418FCB11DF1DC95086ABFF1FF89A18F4449AEE4989B351D332D945CB92
              Function 0164438F Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4afcabe0914f63e1f5a413dec380eaae1fab19ad0409d5c0e1f5a3a5b44972b
              • Instruction ID: 4e05626720fd501fe8059d65100ab2abbdc88bdf5e68500c5d90fd9d3ebd3af6
              • Opcode Fuzzy Hash: e4afcabe0914f63e1f5a413dec380eaae1fab19ad0409d5c0e1f5a3a5b44972b
              • Instruction Fuzzy Hash: 3C31D472B012059FD724EFA9CD82B6EBBFAEB84704F008529D545D7255DB30D946CB90
              Function 0161CB7E Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction ID: 02d137a258adfe2932184f44b648cfcfaea614ee8782c4890b7341cee038cf92
              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction Fuzzy Hash: 56210436E4125AAADB10DFB98C01BAFBBB6AF54750F098175AE15E7340E370CD0187A0
              Function 0161C156 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abd289ab789f0db6e10146df8c77246c5c898c265c38d05cc9e47f7adca789b4
              • Instruction ID: 0a82c6eb385a871c417d51834242b035fe52aa7aeba680439fb735dc546217a2
              • Opcode Fuzzy Hash: abd289ab789f0db6e10146df8c77246c5c898c265c38d05cc9e47f7adca789b4
              • Instruction Fuzzy Hash: 563170715002118BD731AF5CCC41B79B7B5EF80314F44C5ADD9459B386DB74D982CB94
              Function 016DC3CD Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction ID: a820a597d640a7f53d6cb0e4240e455a0ac22bc1bc21b112a596527a0edf2762
              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction Fuzzy Hash: 6A213D36A0065AB7CB15ABA98C00ABFBBBBEF40710F40801EFA9587691E734D940C764
              Function 0161E420 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53975987bcb28be558850320974a13dcd3741c749e6333d667f4499652305c58
              • Instruction ID: 37897260943f305677c6f83828d2b4d443e896e605a63fdebbce9cfa9fb86cdf
              • Opcode Fuzzy Hash: 53975987bcb28be558850320974a13dcd3741c749e6333d667f4499652305c58
              • Instruction Fuzzy Hash: 7A31F731A4152C9BDB32DF18CC41FEEB7BAEB15750F0500A5EA45A7290D775DE818FA0
              Function 01654588 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction ID: 0d77a83b73194ae77e1b154581709a487d71ff672afdfc93f8201f65804aab50
              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction Fuzzy Hash: 9B217435A00615EFCB55CF58CD80A8EBBF5FF48714F5080A9EE159B241EA71DA45CB60
              Function 016544B0 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 46435da00388c24ac48a44af0059fd365803db656c2ce16710113fd59259ad45
              • Instruction ID: a120a487a8e97dbfda42d51f63ea197fb009b4be16f169c04debec8218dab333
              • Opcode Fuzzy Hash: 46435da00388c24ac48a44af0059fd365803db656c2ce16710113fd59259ad45
              • Instruction Fuzzy Hash: 8C21C1726087459BCB22CF58CC80B6BB7E5FB88764F008569FD559B741EB30E941CBA2
              Function 0161E388 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction ID: 9de63dca01827086adafec7089db10328c568efeaff40e1c01a78b2fec666e48
              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction Fuzzy Hash: 08316B31600645EFD722CB68C984F6AB7B9EF85354F1449A9E952CB394E730EE42CB50
              Function 0169E609 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ad8cb0d596ba99fb5f1d3f97aca3308fa089761c44d2b85178bf036bd4ce7eb
              • Instruction ID: a88815b5f5d27b3e07cfefe8d623fb01d95a9bc540c68134d4c20b561dcb37ce
              • Opcode Fuzzy Hash: 6ad8cb0d596ba99fb5f1d3f97aca3308fa089761c44d2b85178bf036bd4ce7eb
              • Instruction Fuzzy Hash: 0A316975A00225DFCF18CF1CCC849AEB7BAEF84304B15855AF9099B391E772EA51CB94
              Function 016A06F1 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 98960e4755bd79b88c2eb9ed248a7a4effb7e9bc2c9b48b60ec1bfe0b798447c
              • Instruction ID: bfa89cbe944077c1b81dfcca5daf28663a7c48b96df5aa2e29518e1a0e605128
              • Opcode Fuzzy Hash: 98960e4755bd79b88c2eb9ed248a7a4effb7e9bc2c9b48b60ec1bfe0b798447c
              • Instruction Fuzzy Hash: 89219C719002299BCB259F59CC81ABEBBF8FF49740B400069F941AB240D738AD42CFA5
              Function 016A019F Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9afd3c13942ca18680865cd3f551455085372b537efc9ced900e593dd6db1dd
              • Instruction ID: edd765f016212f9c74e2d7e4294b08d17f5816bf3f21685f11693c8de852192f
              • Opcode Fuzzy Hash: a9afd3c13942ca18680865cd3f551455085372b537efc9ced900e593dd6db1dd
              • Instruction Fuzzy Hash: 72218972600645AFD715DBACDD84A6AB7A8FF88740F144069F904DB7A1D738ED40CBA8
              Function 016A0283 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15adc9aa1c2433ba201b037d0f6eeea7d277b8b8d953882fc62776f78181cdfe
              • Instruction ID: c05cc92ae3976946a9fc1012d8ff5e48307c3ab76a0b245e93911627e9703512
              • Opcode Fuzzy Hash: 15adc9aa1c2433ba201b037d0f6eeea7d277b8b8d953882fc62776f78181cdfe
              • Instruction Fuzzy Hash: 9421C2729043469FD711EF59DD48B6BBBDCAF91240F48445ABD80C7351D734DD05CAA2
              Function 01642835 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21aee5a469af3b6baf9895dc3956a96f06e8bf0ac83074c79a5d9fdba4e1e2f2
              • Instruction ID: 8b91dbabc47b5adbd4429439c49cd1c6b070e55e7c44a68b11b69dcd7d0458ea
              • Opcode Fuzzy Hash: 21aee5a469af3b6baf9895dc3956a96f06e8bf0ac83074c79a5d9fdba4e1e2f2
              • Instruction Fuzzy Hash: EB2107327056819BF3226B6C9D18B287BD5AF81770F290369FA20DB7D2D768C842C254
              Function 0165A30B Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c209977cd9a4ccc028108c2e1b0845c4e022e8044c4c5ac3089dff072389fa20
              • Instruction ID: ac94cd35f7cd6905ba1ddbbfc190dc3695a7761e694aad3fc3373c1008565ee9
              • Opcode Fuzzy Hash: c209977cd9a4ccc028108c2e1b0845c4e022e8044c4c5ac3089dff072389fa20
              • Instruction Fuzzy Hash: EF21AC75240B019FCB25DF69CC00B46B7F5BF48708F14856CA90ACB762E775E842CB98
              Function 016DA49A Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc874efefea255385deef5564392976d9a1c5f067906a47c5c4ae41b96be03d8
              • Instruction ID: e5f508b1862b72fa6ba2e03f32281515b54bf80f90ab7cdd77e86369db451949
              • Opcode Fuzzy Hash: cc874efefea255385deef5564392976d9a1c5f067906a47c5c4ae41b96be03d8
              • Instruction Fuzzy Hash: F4112973784A11BFE72256999C01F27769ADBD4B60F91006CF759CB280EB70DC01879A
              Function 016A0946 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e2e3908a4dd961367bc5897f52a4fc7b28fc3232ef887c73a2379ab3ecd9a81
              • Instruction ID: 8427c8e1b3323411e60e320db90be9f39bf188e506bdb6a3a811089cbc80fa59
              • Opcode Fuzzy Hash: 0e2e3908a4dd961367bc5897f52a4fc7b28fc3232ef887c73a2379ab3ecd9a81
              • Instruction Fuzzy Hash: AA21D4B1E00219ABCB24DFAAD8809AEFBF9FF99710F10412EE405A7254DB749941CF54
              Function 016B80A8 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction ID: 157c3226c56c9792e13da7f0563adddf03877fa680374fd48957f6a839753d17
              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction Fuzzy Hash: 46216A72A0020AAFDB129F98CC80BEEBBBEEF88311F244459F901A7251D734D9918B50
              Function 01650124 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction ID: ef359d0b9f8551fd334df26c59769fcd8dfbdf5311d674fbfda2743a337f36a2
              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction Fuzzy Hash: 31110173601605BFE7229F88CC40F9ABBB9EB80755F10002DFE018B280E671ED44CB65
              Function 01628770 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64f9f2282f15afc04147de8e3c7a5ce93ace6cb9f2d26efe54525e45fec0bae0
              • Instruction ID: 7564f8bc13e155144a5de5e2433cfda1367d4d3928a11bced8ad23245185a3c7
              • Opcode Fuzzy Hash: 64f9f2282f15afc04147de8e3c7a5ce93ace6cb9f2d26efe54525e45fec0bae0
              • Instruction Fuzzy Hash: D211B271701A319BDB11CF4DCC80A6ABBEDAF5A710B19406DEE089F305D7B2D9018F90
              Function 0165AAEE Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
              • Instruction ID: 14410992161741f3bfbb3e624077dd7d9e3ac72b8b4a889d6eb2af9a95367527
              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
              • Instruction Fuzzy Hash: C2218B72600641DFDB758F89C940A66FBE6EB94B10F148A3DE94A87710E730EC01CB80
              Function 016280E9 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2c428bd23cb319fa6cf14ce09c72bacedef094e0d9cdfbf3a02c4b086952c149
              • Instruction ID: 87d7bb335dc30582ee92442e66c20209651ac72be2a7b777f2b832fc03e447ff
              • Opcode Fuzzy Hash: 2c428bd23cb319fa6cf14ce09c72bacedef094e0d9cdfbf3a02c4b086952c149
              • Instruction Fuzzy Hash: 0E214C75A00616DFCB14CF58C981AAABBF9FB88319F34816DD105A7391C771AD16CF90
              Function 0165674D Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 72024d4c2afa6640f15083521983167a89511fe93445aefd4285991c78bec079
              • Instruction ID: 8559f71f09d5b8ec0c1170d2191fa429fecf6207188be17b1a14de3d885f3d70
              • Opcode Fuzzy Hash: 72024d4c2afa6640f15083521983167a89511fe93445aefd4285991c78bec079
              • Instruction Fuzzy Hash: E9216A71600A00EFD7608F69CC80B66B7E9FB84350F84882DE9AAC7650DB70E841CB64
              Function 016B6870 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 755185fd4f447eb454d73b7dcabff4dfb5e7d69eeacee646da23fdd5b57269c1
              • Instruction ID: 3eb40640323d053b30c1112d8725e487ba5f7178b64a32e40b980d01a34b50aa
              • Opcode Fuzzy Hash: 755185fd4f447eb454d73b7dcabff4dfb5e7d69eeacee646da23fdd5b57269c1
              • Instruction Fuzzy Hash: 2F119132240515EBD722EB9DCD80FDA77A9EB95660F114029F2059B251DA70E941C7A0
              Function 0164E8C0 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c06bb0bd38046b6a8f0b30f83706f4f73c7d4aa40e047126981ec83f8121b4f
              • Instruction ID: d7e75b6f5b2c0caa794b950fc8831e6da550b377bb56b3f4ed0320b85e8db3a0
              • Opcode Fuzzy Hash: 0c06bb0bd38046b6a8f0b30f83706f4f73c7d4aa40e047126981ec83f8121b4f
              • Instruction Fuzzy Hash: 5A112637305114AFCB19DB29CC81A6BB267EFD6374B25453DEA22CB391EA71D842C394
              Function 016566B0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: db533a0ce8437c27b7b29f09a8b7e34ec620369a5c7f2f75bfe3545f51c65d8e
              • Instruction ID: b820310ce6899f9fa842c351c6c9b9f8c9e7d67d99d81be6d9e707bea5cc10df
              • Opcode Fuzzy Hash: db533a0ce8437c27b7b29f09a8b7e34ec620369a5c7f2f75bfe3545f51c65d8e
              • Instruction Fuzzy Hash: BA11BC76A012059BCB65CF59CD80A6ABBE9AB84620F41807DED059B311E770DD00CBA4
              Function 016EA8E4 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction ID: 0edaf4779cbb109d7ad1ea36c5bcd8ec38fcc8b0a29c67ee8990f5dfd5f8e609
              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction Fuzzy Hash: 08110436A10905AFDB19CB98CC05B9DBBF6EF84310F058269EC4597380E671AD11CBC0
              Function 01620AD0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
              • Instruction ID: be80aa101ad0c63d347a3bc4c24b28879f5e200c141be5c056d3499072a45f84
              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
              • Instruction Fuzzy Hash: F721E2B5A00B059FD3A0CF29C840B52BBE4FB48B10F10492EE98AC7B40E371E814CB94
              Function 016AE7E1 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction ID: 7720133affdc565300b75cf0c0a4f19f5e45934ee3799fc8dc8ea5f9c2701471
              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction Fuzzy Hash: 6A11C232600601EFE7219F48CC40B56BBE6EF85754F46842CEA0A9B260DB32DD40DFA0
              Function 016427ED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 51360da2fc8236184c7304c477dea884131305a3c05ffb8d5a4f64e12cbe06c7
              • Instruction ID: bb76ccb2447c567ea80c43d2abf1f7fe20e056e5b7f956f022378d2038677fc5
              • Opcode Fuzzy Hash: 51360da2fc8236184c7304c477dea884131305a3c05ffb8d5a4f64e12cbe06c7
              • Instruction Fuzzy Hash: CE010472605645AFF316A6ADEC98F6B7A8DEF80390F160069FD00CB341DA14DC01C275
              Function 01624690 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67f357dead2792246e84333172c30f3925a10ffcdbe830539cba519339c3fd36
              • Instruction ID: 7f8514ef4ce3d7fe5a78bf12822abd4a14a425a3ad45cf8fa9812d51baeda750
              • Opcode Fuzzy Hash: 67f357dead2792246e84333172c30f3925a10ffcdbe830539cba519339c3fd36
              • Instruction Fuzzy Hash: 7311C236200A65AFDB25CF59DC80F667BA9EB85764F004519FA288B750CB71E800CF60
              Function 016F4B00 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee5a55da8d91936379d856e41fb39d1889ab4d8d907f2460e2694510ed1b0706
              • Instruction ID: 082e86b85590d4cb0f8f9fd823aab096b2a884122df29baa80a2df2fcf63a289
              • Opcode Fuzzy Hash: ee5a55da8d91936379d856e41fb39d1889ab4d8d907f2460e2694510ed1b0706
              • Instruction Fuzzy Hash: A011E0322006059BD7229A29DC44B67B7A6FFC4210F14442DEB4287B91DF30A802CB90
              Function 01656620 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de24391a5249a0ebe51175bdf7153b8b3b048738d99a74042c9a0ed90ccdebbe
              • Instruction ID: 95f9369d0c928d7d685a2d5b55a0e63953674ac4a999cd1b257d94bbf3ef20ff
              • Opcode Fuzzy Hash: de24391a5249a0ebe51175bdf7153b8b3b048738d99a74042c9a0ed90ccdebbe
              • Instruction Fuzzy Hash: 8111CE72A01626ABDB21DF59CD80B5EFBB9EF88750F900068EE01A7300D730AD01CBA5
              Function 0164EA2E Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0569ef2a552e51e069a3d7431bf331dd3bb2dfb4a02e4a7624d90b6843e9ff55
              • Instruction ID: 11fb1ab6ea9b9969f7724a7f04dab5990f716b34b4a45791b02320c0a15e2192
              • Opcode Fuzzy Hash: 0569ef2a552e51e069a3d7431bf331dd3bb2dfb4a02e4a7624d90b6843e9ff55
              • Instruction Fuzzy Hash: 9201D27150010A9FC329DF1CD844F26BBFAFBC6724F20816EE0048B264D7749C82CB94
              Function 0164E53E Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction ID: 54f8179331011726ab4b46c89674e138461f5b74e4b4dd9d0599dc1afdf383ff
              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction Fuzzy Hash: B3118E722016C2DBEB26A72CDD58B257B94FB41758F1901E0EE41CB792F72EC842C2A0
              Function 016AE75D Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction ID: 91c1d9b6fd424ffe47dbd65f181c33a0aa0d836e0fb984e3fab2670320275928
              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction Fuzzy Hash: 89019236700615AFE7219F58CC40F7A7EAAEB85750F458428EA059B260E772ED41CF94
              Function 0161A250 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction ID: 1fc1c22084cdd101d16e8724c362ebc1707614342a24113f20feacf6cb93cd3c
              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction Fuzzy Hash: F00126714067619BCB318F59DC40AB27BA9EF55760B08C62DFC958B285C331D401CB60
              Function 016F4940 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cb087ac9d69072ead517004126850c60c3d2660bdc7d6eba37c6807c3ca4280
              • Instruction ID: a4fccbc8259fed37d647ae07b414b4ceec3258ca47f8bc2c098d1cdbac3879c9
              • Opcode Fuzzy Hash: 4cb087ac9d69072ead517004126850c60c3d2660bdc7d6eba37c6807c3ca4280
              • Instruction Fuzzy Hash: 7C01D6726415019FC732DF1CDC40E13B7A9EB91770B15425DEA689B696EB30D801C7D0
              Function 0169E1D0 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bc0131e0e2fa1b4c7a1be9584749a12cd38fce75c68bc95a5c60efb2d84a45a2
              • Instruction ID: 33439ecc6663618f2f242490c3657edf40226af28d1b20243128d9ebff8a3592
              • Opcode Fuzzy Hash: bc0131e0e2fa1b4c7a1be9584749a12cd38fce75c68bc95a5c60efb2d84a45a2
              • Instruction Fuzzy Hash: E711AD32241641EFDB15EF19CD90F16BBB9FF58B44F2000A9F9059B661C336ED01CA94
              Function 01626259 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d41e300aff6ba72f0c5bf6c6e6c19ebe9ebc5865c064a27dc275f26db38ac285
              • Instruction ID: 301df78779f7e555342fb49b0086fa417c56455ab81b2f4cd65e687ad9f07f5b
              • Opcode Fuzzy Hash: d41e300aff6ba72f0c5bf6c6e6c19ebe9ebc5865c064a27dc275f26db38ac285
              • Instruction Fuzzy Hash: 1311C270502229ABDB25EF28CC51FE87379FF04714F5081D8A718A61E0D7709E81CF88
              Function 016A6050 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 450e5137e5c1d82b8166378f0406980dc34af4d7f0f56dd2f3273925dd5dc809
              • Instruction ID: 19aae316fc665b2dec3608e027daaedb4738e8d93d19a389f55f1ae6bfd235c8
              • Opcode Fuzzy Hash: 450e5137e5c1d82b8166378f0406980dc34af4d7f0f56dd2f3273925dd5dc809
              • Instruction Fuzzy Hash: D5112973900119ABCB15DB98CC80DDFBB7DEF48258F044166E906E7211EA34EA55CBE0
              Function 0162208A Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction ID: cce6d9155c1fb802c17a5b07d6f950e247d51d3b9a9a1b33b884630d857824fd
              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction Fuzzy Hash: 7101F1326005208BEF118A6DDC90EA2776BBFC4600F1540ADEE158F346DB758C81CBA0
              Function 016B6500 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25739f8b2efa938a31f3d5ee8c93a5b808291cc3c0c5e5b9d3f16c2ef711e10e
              • Instruction ID: caf41215a902f47478259165faf324d6ce1b88595b963b953e4a406e2aeeb364
              • Opcode Fuzzy Hash: 25739f8b2efa938a31f3d5ee8c93a5b808291cc3c0c5e5b9d3f16c2ef711e10e
              • Instruction Fuzzy Hash: 4611A1326441469FD711CF58D880BE6BBB9FB9A314F08C159E8498B316D732EC91CBA0
              Function 016AC810 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7ff033d6aa87b79a51fd6c82e8732e60ed7a137010d3a327b4abb76fd20c1f27
              • Instruction ID: 64cd7ad88e6e38261f5b1c6dab01828e5b1d1f0e16a0ecaee0ee9c28f2c12f2a
              • Opcode Fuzzy Hash: 7ff033d6aa87b79a51fd6c82e8732e60ed7a137010d3a327b4abb76fd20c1f27
              • Instruction Fuzzy Hash: A11118B1E002099BCB00DFA9D941AAEBBF8FF58250F10806AA905E7351D674EE01CBA4
              Function 016CEA60 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0bde2da9e81ff720ad2cd43ffd38af151228b4b1fb3459d1e74d8b718c07a12
              • Instruction ID: 1276ee9b32b09b234c5ea0984c6bd76d3f729567479239ff0e2ae3b600624718
              • Opcode Fuzzy Hash: f0bde2da9e81ff720ad2cd43ffd38af151228b4b1fb3459d1e74d8b718c07a12
              • Instruction Fuzzy Hash: 7B01B1321402119FCB32AF5D8C50936BFBAFF91E60B04442EE9555B351CB229C41CB91
              Function 0161C020 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction ID: c8ae59a2e3330cbdaebd2db0c1d0df4dadfeb78a768ff84ee3cca20133c20b33
              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction Fuzzy Hash: 0B01D8322007459FEB2296A9DD40EAB77EAFFD6654F04881DAA468BA40DF75E402CB50
              Function 016620F0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5bbe746b04433f27a0e62c13e13c129acca2cb7560cfe223e013227814c0c229
              • Instruction ID: 42d2a0bf636fec1f724514a734cc1113647a3cc7639d6cead0f459e5880344a8
              • Opcode Fuzzy Hash: 5bbe746b04433f27a0e62c13e13c129acca2cb7560cfe223e013227814c0c229
              • Instruction Fuzzy Hash: 93116D75A0020DEBCF05DFA8CC50BAEBBBAEB45284F00405DEA0197350DB35AE11CB90
              Function 0165E5CF Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3015513d1740b90757675114a6ec656c1a73f68736e8696c981add9ad6709da9
              • Instruction ID: 665d4a6b2a12c6fea47ee7c81800b534a44671e96fc7c822b5dc9f5ebf44fad1
              • Opcode Fuzzy Hash: 3015513d1740b90757675114a6ec656c1a73f68736e8696c981add9ad6709da9
              • Instruction Fuzzy Hash: F501DFB2241A02BBD711AB2ECD80E53BBADFB986A4B00062DB50583651DB24FC11C6A8
              Function 016B69C0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5db5d953a30f1fa4aabc89135aac3a1579a3dd3778e654a151b1af0896c91ef
              • Instruction ID: da05d66013301281500a154096af2cb92b6d1a7632a460e2634832906921ea50
              • Opcode Fuzzy Hash: a5db5d953a30f1fa4aabc89135aac3a1579a3dd3778e654a151b1af0896c91ef
              • Instruction Fuzzy Hash: AC01FC322142169BD720DF6EDCC89A7FBACFF99660F114129ED5987380E7309951C7D1
              Function 016AC460 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e4471af0b228601dd5c692aa3da2b804a5c66915acfa3c4e312a3ade66f64a68
              • Instruction ID: 48712c5e68e7acd30d474e36a09de374c681dfc0ffa0f8aaba9450178db85566
              • Opcode Fuzzy Hash: e4471af0b228601dd5c692aa3da2b804a5c66915acfa3c4e312a3ade66f64a68
              • Instruction Fuzzy Hash: B3111B75A01209ABDF15EF68DC44EAE7BBAEB59250F004059F90197350DB35ED11CB94
              Function 016AC97C Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86f7b38a57f4a184c7f0bb99e314476d7b3c2898f265e027596481611efdd0b7
              • Instruction ID: ed5d4facae18dc832ea2994d9dc17876a638d5fb3487bcd7ff35e2b76ed9c648
              • Opcode Fuzzy Hash: 86f7b38a57f4a184c7f0bb99e314476d7b3c2898f265e027596481611efdd0b7
              • Instruction Fuzzy Hash: 3B1139B16183099FC700DF69D841A5BBBF8FF99710F40851EB998D7391E630E901CB96
              Function 016ACA11 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59a7415a9010eb528870c5290d7a3426876d36c41de2717091c59f94f32533c2
              • Instruction ID: b39549688666d0033fc1cc83c64838a8c2538078e905e2f558945dfe86a2340e
              • Opcode Fuzzy Hash: 59a7415a9010eb528870c5290d7a3426876d36c41de2717091c59f94f32533c2
              • Instruction Fuzzy Hash: C41179B16083089FC300DF69D841A5BBBF8FF99350F00851EBA58D73A4E630E900CB96
              Function 0163E016 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction ID: c07f760d013db8ef19a0f55a4e0c07d21e75efa0dac933b5c81db8c0918cbb7e
              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction Fuzzy Hash: F1018B32200680DFE322871DCE48F26BBE8EF94764F0904A6F905CB7A1D739DC41CA25
              Function 0161826B Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d82b15eb158864e2d77919290c66ea35952b4d2d4274be3933def68cbdba649d
              • Instruction ID: 4bf0eaa01db59bb89fb5cf032c8b000cd76ec207405d0ee1a80035a785ef81a8
              • Opcode Fuzzy Hash: d82b15eb158864e2d77919290c66ea35952b4d2d4274be3933def68cbdba649d
              • Instruction Fuzzy Hash: 36018F317105059BD715EF69DC109AABBAEFF81620F5980699A01A7798EE20DD02C694
              Function 016CEB50 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: b2ecd00c2dc56ea74dd17eff94e079f6a7a7b4fad22f08866898d0bc11df1a33
              • Instruction ID: 85ab2c29366ef9096b33c0c37ed1564dc6f88a5422bb9dca5e0890dca5fb8621
              • Opcode Fuzzy Hash: b2ecd00c2dc56ea74dd17eff94e079f6a7a7b4fad22f08866898d0bc11df1a33
              • Instruction Fuzzy Hash: 2D018FB1284601AFD3315B19DD50B22BAB9EF95F60F05442EB2169B390D7B1A8418B68
              Function 01622582 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 025dbcc6e91b5d88cc4667d576eb0dff0684e1d1138346ce9b348d1fb6c084d2
              • Instruction ID: 5a67bd4cf47d0f0547f85042cb5d512d6d4cce957957015ce90813fffe27bd57
              • Opcode Fuzzy Hash: 025dbcc6e91b5d88cc4667d576eb0dff0684e1d1138346ce9b348d1fb6c084d2
              • Instruction Fuzzy Hash: 65F0A433A41B21B7C7319B5A8D50F57BAAAEBC4B90F15842DE606A7740DA34ED01CAA0
              Function 0164C073 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction ID: 6e88c0e01b46e890c05b090dd98b440f11268dad550fd637c3b3b19c44a3585a
              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction Fuzzy Hash: 92F062B2601615ABD328CF4DDC40E57FBEEDBD5A90F05812DA555D7320EA31DD05CBA0
              Function 016F634F Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a754ad86a7b7228dac79a62fad5b118a81e54a2522501f8832f492284a7b551d
              • Instruction ID: 5c062f96e283f9ceb12ce10ba2cdb825ab6ee17d45f382049c5675fa73bfe1b2
              • Opcode Fuzzy Hash: a754ad86a7b7228dac79a62fad5b118a81e54a2522501f8832f492284a7b551d
              • Instruction Fuzzy Hash: 38012176A10209ABDB04DFA9D951A9EB7F8FF58704F10405AE904E7350D6749A018BA4
              Function 0161C310 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction ID: 20e5c249db115cf97c134ee0d0eb5f6dca3ae0c6010ea47362951b4820ff6788
              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction Fuzzy Hash: D1F02B33284A339BD7325A9D4C40B2FAA9A9FD1B64F1E0039F2099B74CCA658D0397D0
              Function 016F625D Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4192285dea0a92dac813158ed676254244fc85c411f82acb43d2eb4578afeb8e
              • Instruction ID: 89fd39f42cdf809fa47def846fa389f30da4bb84228c50cd083b39c6618ddd1d
              • Opcode Fuzzy Hash: 4192285dea0a92dac813158ed676254244fc85c411f82acb43d2eb4578afeb8e
              • Instruction Fuzzy Hash: 40014475A10209EFCB04DFA9D951AAEB7F9FF58304F10805AF904E7351D674AE01CBA4
              Function 016F62D6 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7d360a58d26b206584a9361827ac99da1857a0cacc1a07ca14397588a462b85
              • Instruction ID: 68a54f6a9c0fe3ea2447e96272ee55590975c57ecaa057428bdeca458c42af73
              • Opcode Fuzzy Hash: a7d360a58d26b206584a9361827ac99da1857a0cacc1a07ca14397588a462b85
              • Instruction Fuzzy Hash: C6014471A00209EFDB04DFA9D945A9EB7F8FF58304F50405AFA14E7350D6749D01CBA4
              Function 0165CA6F Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction ID: b877054225ef4e3350f45bcc1562641029af9934b5ce7729de936fe31b072a35
              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction Fuzzy Hash: 4701D1322016899BE722971DCD09F59BF9DEF82B50F0840A9FE04CB7A1D77AC801C614
              Function 016F61E5 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b627fec25eb6c257f11bb661ccd3427e14fda07872aab31bb01d22e531437400
              • Instruction ID: ab05798bc39431e93aed1aa5a08349eb7750dde63312b09564f159c227f0e74c
              • Opcode Fuzzy Hash: b627fec25eb6c257f11bb661ccd3427e14fda07872aab31bb01d22e531437400
              • Instruction Fuzzy Hash: EC014F71A002499BDB04DFA9D945AEEBBF8FF59310F14405EE505E7380D774EA01CB98
              Function 016A63C0 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction ID: ab26306ed7abc651caa3486531b9fbdb3f63f89b3d691d0ae7b1c26bf4fdd2a0
              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction Fuzzy Hash: 63F01D7220001EBFEF019F94DD80DAF7B7EEB59298B144129FA1192160D635DD21ABA0
              Function 016AA4B0 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a97a19f1e511e6cac47997f9e3e7c49fcdf049b4e51916ca43bc9068e806d256
              • Instruction ID: 7a96578ee20f513b93201952295299f1c8610d7e4bf7d31fecfe129c23fc849b
              • Opcode Fuzzy Hash: a97a19f1e511e6cac47997f9e3e7c49fcdf049b4e51916ca43bc9068e806d256
              • Instruction Fuzzy Hash: 41018536100209ABCF229E88DC40EDA3F66FB4C664F068106FE1866220C332D971EF81
              Function 0161C0F0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d5211fa5dbed6554b29c64cfdf4c556343e15259fa8762b85e5fdb01b01f988
              • Instruction ID: ede7ed8462e34303b96b5b381ac32028d9346f49bbb73c373df0cc580f1066d2
              • Opcode Fuzzy Hash: 4d5211fa5dbed6554b29c64cfdf4c556343e15259fa8762b85e5fdb01b01f988
              • Instruction Fuzzy Hash: 13F024712C42415BF310962D8C12F2632E6F7D4662F69842EEB058F3C5EA70DC0183A4
              Function 0165656A Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd8c275911cada6874f0d7bc4020c47943611fadd754df09e79c65f5c80e9089
              • Instruction ID: fa091f8a5dd776bde04385ee24cd51de919a09430703540afb45468368ef0dee
              • Opcode Fuzzy Hash: dd8c275911cada6874f0d7bc4020c47943611fadd754df09e79c65f5c80e9089
              • Instruction Fuzzy Hash: 3401AF702406819BE7669B3CCE58B2537A9BB81B48F984194BE41CBBE6DB28D842C614
              Function 016C437C Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction ID: c1ca94ce74311bf3f10d901a67da3aed31de444ff8f4bc22200474c277e1101e
              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction Fuzzy Hash: 26F0893574192347EB75FA2F9C30B3EAA56DFD0E51B15062C9559CB780DF60DC018794
              Function 016AE872 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction ID: 08d0dc6a507cf316ec65b43cebbc3d2ad2e613624d2d7dc1e1e8c8d378320bc9
              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction Fuzzy Hash: 35F089337515119BD3319A4DCC80F16B769EFD5A60F9B0169A6049B360C765EC02CFD0
              Function 016AC89D Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba071a6a2772f469a778141787e08d1b2fe150a32fc305c82af0806e5eafa3c6
              • Instruction ID: c55d5164d93735a7c0db3d2e8082938231a5e3a3e25c2a7cf69cf00438b71716
              • Opcode Fuzzy Hash: ba071a6a2772f469a778141787e08d1b2fe150a32fc305c82af0806e5eafa3c6
              • Instruction Fuzzy Hash: 8EF0C2716093049FC310EF28C945A1BBBE4FF99710F80465EB898DB394EA34ED01CB96
              Function 01650854 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction ID: 930f54c2a66d26ae36a9dc6771e094602c0d9e0d0a97ed9938cba09b0e72e7af
              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction Fuzzy Hash: F9F0E972610204AFE714DF25CC01F56B7EAEF98354F258078A945D72A4FBB0ED01C654
              Function 016AC912 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c55dc9dfb0cee85491d0cce66333e7be753ecfa805c1dd8c35105e1f38a0a1e
              • Instruction ID: 9e82741e926c5b5e3a7a776cbd6394de223318bfe4b10f575769edde95eb3222
              • Opcode Fuzzy Hash: 6c55dc9dfb0cee85491d0cce66333e7be753ecfa805c1dd8c35105e1f38a0a1e
              • Instruction Fuzzy Hash: 22F0C270A0020DDFCB04EF69C915A9EB7B4FF18300F008059B805EB385DA38EE01CB54
              Function 016247FB Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10607765637c9d97cc29ff9bade75362de4e7cfeb0277b38819b64ecf0f38de9
              • Instruction ID: 698eb4e9b96ebea5e116dea2cd2ecbcfb0a2e103f1834c7b882b442aadcf041e
              • Opcode Fuzzy Hash: 10607765637c9d97cc29ff9bade75362de4e7cfeb0277b38819b64ecf0f38de9
              • Instruction Fuzzy Hash: 8CF09031926EF19FE7228B5CCC44BA27FD89B01660F0B496AD94987602CFACD880CE51
              Function 016E0115 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0853933235363aa4882fc5045dac283a1b9a6c254dd8f8b343dbe0ade3859d9
              • Instruction ID: 733e76ff19b44fb3b552ea1d2825c751e581446df354bc337266fc74e18b66d8
              • Opcode Fuzzy Hash: d0853933235363aa4882fc5045dac283a1b9a6c254dd8f8b343dbe0ade3859d9
              • Instruction Fuzzy Hash: 3FF0A76691B68117CF326B6CBC583D17BA7A752124F1A558DF4A15F345C6F4C483C324
              Function 0165C5ED Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe34a2d478a1b269358a82b2853a6bf2f82624378efba4d5c655dc63fcbdcb50
              • Instruction ID: 3cef6cb224e71676a9bfc13c87ffde5e85c3ff35f414d4fcf3d020b049196738
              • Opcode Fuzzy Hash: fe34a2d478a1b269358a82b2853a6bf2f82624378efba4d5c655dc63fcbdcb50
              • Instruction Fuzzy Hash: 15F0E2755117719FE3A29B1CCD48B517BDCAB41BA0F099429DD0687612C764EA81CA70
              Function 01662619 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction ID: 3f7da2704c4d5ae72b1de4b6da9bd4ffd69d3465c20ca1d29d910295a66e2a90
              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction Fuzzy Hash: 55E0D8323006012BE7119E598CD0F47776FDFD2B10F04007DB9049F252CAE2DC0983A8
              Function 016B6030 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction ID: d3e96b3e705f63f017eb404f7e9c09676ab13511516762a83d44627e6159026f
              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction Fuzzy Hash: 28F06572104204DFE3218F0ADE84FA2B7F9EB55364F45C029E6099B661D379EC80CFA4
              Function 01620710 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction ID: 881ccaf08e2ef839d2d7ae0765ff0bc0409d21ba975088340e0d50e4e29326f6
              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction Fuzzy Hash: 16F0ED7A204B559BEB16CF19D840AE57BA9FB49360F000098F8428B301EB36E982CF94
              Function 016549D0 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction ID: 4df9ede5390e65404249999bd9934e76976aee7c1311d28824b74e3eb5a32a5a
              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction Fuzzy Hash: D7E0D832244145ABD3E15A598C00B6677A6DBD07A0F150469EE098B258FF70DCC1C7EC
              Function 016F4164 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8b288d3eeada1933846ac224ed66ffc5258121295757d7229f2d69c600c49e9a
              • Instruction ID: 9718024d68a3209152209cb850f9be65aa120c71c8e2ab033a4b42ecbcbe924f
              • Opcode Fuzzy Hash: 8b288d3eeada1933846ac224ed66ffc5258121295757d7229f2d69c600c49e9a
              • Instruction Fuzzy Hash: 99F02B31A259918FE772D72CDE80F6377E0AF10631F0A055CD5008BF16CB24DC40C650
              Function 016C678E Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction ID: 4fe90ff62436bd33af92e3c0a0d88881b458894c8ab1e8b9e4ad46055dfb9a7f
              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction Fuzzy Hash: 51E0DF32A00110BBDB21A799CD01FAABEADDF90EA0F050098BA02E7290E530DE00C6A4
              Function 016F08C0 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
              • Instruction ID: c22609b2e536bf243d7121ebd321e2a53714abf83469fcd2a372b1cf1c150a16
              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
              • Instruction Fuzzy Hash: 79E09B316403508BCF258A1DC941A53B7EEDF95661F16806DEA1547713C331F843C6D0
              Function 016225E0 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f268014f5b36dd47205359f7be8fc84b7b9aa6172b175031e908054a826666ec
              • Instruction ID: ac89d9ff6d4360a035e89b91db0c607bc7769fc531e1fbe000be121a3dbb5944
              • Opcode Fuzzy Hash: f268014f5b36dd47205359f7be8fc84b7b9aa6172b175031e908054a826666ec
              • Instruction Fuzzy Hash: DFE092721009649BC321BB2ADD11F8A779BEBA0364F01451DF11557190CB34A810CB88
              Function 016DA456 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction ID: 11075065e1952e5a71b727dee611c90a3d2445752fccacb43a72d6b9d5f571e0
              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction Fuzzy Hash: 9EE09231411611DFE7326F6ACC48B527BE6FF90711F148C2CA096026B0C77598C0CA84
              Function 016A4000 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction ID: 3e54f2af64bcba3538ff31bcdac1f988267824f8cb2536bf98f42b7b8837fced
              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction Fuzzy Hash: C9E0C2343403058FE715CF19C840B627BB6BFD5A10F68C068A9488F305EB72E842DB50
              Function 0165CA38 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32e6c360de6b8f9f6226271e6501f8c22bf10e250ad6ee5f4e99511991abbe8f
              • Instruction ID: 1a0580ef3ef2e139f4e1af32d1e53bab0d7539e59d598f1dc568c1d2eaf02ede
              • Opcode Fuzzy Hash: 32e6c360de6b8f9f6226271e6501f8c22bf10e250ad6ee5f4e99511991abbe8f
              • Instruction Fuzzy Hash: A7D02B328851306ACFB5E11C7C04FD33E5E9B40320F018870FE0893011D554CC8282D8
              Function 0161823B Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction ID: 8bd124ecb3fd4c40624c7c9645de8e39823c2930c51d04a079230b39bd17d2d5
              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction Fuzzy Hash: 2AE0C231000A10EFDB332F16DC10F9176AAFF94B10F24882DE081171A887B4AC82CB88
              Function 01622050 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1dc954f8d7f76370de5ca63e9d7873f68480679358ddafcd3c04e67fab172053
              • Instruction ID: 5be32a6d9f4c4cd01f49a0650df9767827579cad59d1330ae1e4a356a68a6b4d
              • Opcode Fuzzy Hash: 1dc954f8d7f76370de5ca63e9d7873f68480679358ddafcd3c04e67fab172053
              • Instruction Fuzzy Hash: BCE0C2332018606BC321FB5DDD10F4A739FEFA4370F014229F15187690CA64AC00CB98
              Function 01676AA4 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
              • Instruction ID: 71672e3dd4ff03d6310fdac111b6c7eaa09e0f07bb39de863a608dd33b25b281
              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
              • Instruction Fuzzy Hash: 95D05E36511A50AFD3329F1BEE00C13BBF9FBC4A10705062EA54683A20C770AC06CBA0
              Function 0165E59C Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction ID: 6b39d9ed5fece23d79bc538b520984440872c2af2e3942d0866b4facff303685
              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction Fuzzy Hash: C8D0A932214620ABDB32AA1CFC00FC333E9BB88720F06049DB008C7250C364AC81CA88
              Function 0169E908 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction ID: 261ca165073b70a64b38ccfc00219d2c4e8ec5d45258915e882e66f3dc6c8076
              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction Fuzzy Hash: 65E0EC359506849BDF12DF59CA40F5ABBB9BB94B40F150058E1485B760C729A901CB40
              Function 0161A0E3 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction ID: 789f5f1680e15a080f92ed7b80784af8b162c92997de546153101606f2931d68
              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction Fuzzy Hash: 00D022322130B093CB2856956D00F636906ABC0A95F0E002C340AD3A04C1088C43C2E0
              Function 0165A830 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction ID: b74b561ed14007ae4850f22878b33bac0c054c025650e2c380f219e9374e2e5b
              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction Fuzzy Hash: F8D012371D054DBBCB119F66DC01F957BA9E7A4BA0F444020B504875A0C63AE950D584
              Function 0165CA24 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8402c59f4b9b08bf17d47a4cee71184ed920c68a131fac3b0b09881a8816bcd9
              • Instruction ID: a404c57320229bc4e9c0831339156d6dda36f20859e8805bed6b6b2b1de2793f
              • Opcode Fuzzy Hash: 8402c59f4b9b08bf17d47a4cee71184ed920c68a131fac3b0b09881a8816bcd9
              • Instruction Fuzzy Hash: 90D092356566069BDF6ADB59CE10A6A7ABDEF64B41F4000ACEA0192620E329E8128A50
              Function 016302A0 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
              • Instruction ID: 60e1f7bb0ddddfb67f89f237bdc3a8b8a894f14d7ec525b15cdb0958f99f622a
              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
              • Instruction Fuzzy Hash: 15D0C935212E80CFD61BCB0CC9A4F1533A8FB84B44F814490F501CBB22DB6CD944CA00
              Function 0165C700 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction ID: 8d1713207b9afe39a1118f65207fb4f56a429ccc5e1fe7d6ad05e7a799aab82a
              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction Fuzzy Hash: F4C01232290648AFC712AA99CD01F027BAAEBA8B40F000021F2048B670C635E820EA88
              Function 01640310 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction ID: f6e9bdd7ba10a689ab23bf0b4f23373d93f1822ed7c6bc090a5f03c042bd1fc5
              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction Fuzzy Hash: 75D01236100249EFCB02DF41C890D9A7B2BFBD8710F108019FD19076108A31ED62DA50
              Function 01620750 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction ID: 4ad718402088b07d1c68c5da17df28208e58b7615997ce46ff154a33ffa90369
              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction Fuzzy Hash: E6C04C797015418FCF15DB19D794F4577E4F754750F1518D0E805CB721E724E805CA10
              Function 01664340 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e172c4c438b62026560107f1a6eac222164adcec0cd607ffd011448312a46f51
              • Instruction ID: f7f97deef94f908ec4ae79470bc2e782c74a5bc3a3690f3ad69399aa2a9c5aac
              • Opcode Fuzzy Hash: e172c4c438b62026560107f1a6eac222164adcec0cd607ffd011448312a46f51
              • Instruction Fuzzy Hash: E790023160580012914075584C885474009A7E0301B55C121E4424654DCA148E565361
              Function 01664650 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af830110bb7be53304a420d388521d7c1bdf41d7c9871420fec7eff7d7515d0c
              • Instruction ID: 8fa1b03d2af62e782b7278729e8f26cf32a47cc7f17137c5ce48a0972b1b01d2
              • Opcode Fuzzy Hash: af830110bb7be53304a420d388521d7c1bdf41d7c9871420fec7eff7d7515d0c
              • Instruction Fuzzy Hash: 7790026160150042414075584C084076009A7E1301395C225A4554660DC6188D559369
              Function 01662B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ccb6725167cf3c6fcc5f46eae2291cf729cf734ab64d7158a4eff0fe6b893c86
              • Instruction ID: c094ff774621442249ccdcac35c2955db6d1e2b771fcc15579f40e1bd43956a3
              • Opcode Fuzzy Hash: ccb6725167cf3c6fcc5f46eae2291cf729cf734ab64d7158a4eff0fe6b893c86
              • Instruction Fuzzy Hash: 1D90026120240003410575584818617400E97E0201B55C131E5014690EC5258D916225
              Function 01662BE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc452bf3455871ee68dc3655075af0b004f7b57898154ac9c104b2b6e22eb915
              • Instruction ID: 3238d8adecb2e293899483f2b882ebbdbe8c29a1b04ed87c5a509cb3dfe011c5
              • Opcode Fuzzy Hash: cc452bf3455871ee68dc3655075af0b004f7b57898154ac9c104b2b6e22eb915
              • Instruction Fuzzy Hash: AF90023120544842D14075584808A47001997D0305F55C121A4064794ED6258E55B761
              Function 01662BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69a36abefe46d9a1aa9cd6432f09e5cc93e9e2ff33ae8a20f84b353b267e25f5
              • Instruction ID: c6849e1bfd3c8cf7815ecd82bb5a9ea22b1dd29454d0924a70bef014fda25150
              • Opcode Fuzzy Hash: 69a36abefe46d9a1aa9cd6432f09e5cc93e9e2ff33ae8a20f84b353b267e25f5
              • Instruction Fuzzy Hash: 1490023120140802D1807558480864B000997D1301F95C125A4025754ECA158F5977A1
              Function 01662BA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9d3c19a870f5bfc7e3336adbad1f5683318f8e46cc164c1044bdf4d6563cb6bc
              • Instruction ID: 83f03ab27ceb34e8506a6d8bb7c12b88fda2fa14d41b05bfda64488891129807
              • Opcode Fuzzy Hash: 9d3c19a870f5bfc7e3336adbad1f5683318f8e46cc164c1044bdf4d6563cb6bc
              • Instruction Fuzzy Hash: 6990023160540802D15075584818747000997D0301F55C121A4024754EC7558F5577A1
              Function 01662B80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c5b2c55409f5be972b2846da9632008c6a88802b4af4ec50c23641d99da3cc0c
              • Instruction ID: f740f227d4ccd97c60f894749862203e01d864ac7c840700ab5ac454172667af
              • Opcode Fuzzy Hash: c5b2c55409f5be972b2846da9632008c6a88802b4af4ec50c23641d99da3cc0c
              • Instruction Fuzzy Hash: 7290023120140802D10475584C08687000997D0301F55C121AA024755FD6658D917231
              Function 01662AF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0549a3e63423b6006877f54c648af8402c3525380764edd321d08bdd992a0121
              • Instruction ID: f5e96baa7a7fc60b6beaa8ea9678d25e1f5908b341f11ba2dcf336f4226a8815
              • Opcode Fuzzy Hash: 0549a3e63423b6006877f54c648af8402c3525380764edd321d08bdd992a0121
              • Instruction Fuzzy Hash: 2B900225221400020145B9580A0850B0449A7D6351395C125F5416690DC6218D655321
              Function 01662AD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e93b157703c2a8edba07a0835b37a589a07f98f219307276279df38eaed497fb
              • Instruction ID: 22a0c5602167dc04f56710278e5ac1d60890ac0f729e9f2b723f2e14867e28d5
              • Opcode Fuzzy Hash: e93b157703c2a8edba07a0835b37a589a07f98f219307276279df38eaed497fb
              • Instruction Fuzzy Hash: C6900435311400030105FD5C0F0C507004FD7D5351355C131F5015750DD731CD715331
              Function 01662AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32e2d9ef0ac5ac6136f8cc178ba8284c5aa593340866f0031cf12e4c15a958d8
              • Instruction ID: ca783e9f1b678f294d46f28c7d12e69ee4bd81cb892e94d1575bbcda220e1c6e
              • Opcode Fuzzy Hash: 32e2d9ef0ac5ac6136f8cc178ba8284c5aa593340866f0031cf12e4c15a958d8
              • Instruction Fuzzy Hash: 9B9002A1201540924500B6588808B0B450997E0201B55C126E5054660DC5258D519235
              Function 01662D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57ed11ce04f73bae528b7a15e76a5fb5af136af5a6cfa2209e91dc89003f109f
              • Instruction ID: 077264464a19b4303da0f0ba24ea8771e0188bf338d04d41d1381306e3ec3074
              • Opcode Fuzzy Hash: 57ed11ce04f73bae528b7a15e76a5fb5af136af5a6cfa2209e91dc89003f109f
              • Instruction Fuzzy Hash: 5990022130140003D1407558581C6074009E7E1301F55D121E4414654DD9158D565322
              Function 01662D00 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 04adb0fc40d7ea4debdd3fc52cd9a638a810730bdf506a7a3e6fb1631d7ee54b
              • Instruction ID: 53c5da4b0dd24fee8639edd387089d6d85ded672696ff297731d250f2e19685b
              • Opcode Fuzzy Hash: 04adb0fc40d7ea4debdd3fc52cd9a638a810730bdf506a7a3e6fb1631d7ee54b
              • Instruction Fuzzy Hash: 8C90022120544442D1007958580CA07000997D0205F55D121A5064695EC6358D51A231
              Function 01662D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d18123388768f473314c7a4bc8a621c4c3a1f57f6425e76d0d7f97cc49e09338
              • Instruction ID: 23c44f9f7c0ccdde50e8a47e1582190f4d1dc869a6600f3b7a53e985c6ab7b2d
              • Opcode Fuzzy Hash: d18123388768f473314c7a4bc8a621c4c3a1f57f6425e76d0d7f97cc49e09338
              • Instruction Fuzzy Hash: A290022921340002D1807558580C60B000997D1202F95D525A4015658DC9158D695321
              Function 01662DD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3340b977abc0a125eb1d30446df286bb8c406af4b03142260aee87f5857f63db
              • Instruction ID: 9092915bf9b2b0314d6c4f44d434a8849fcda06ff662cf15e2b9e3beb717f164
              • Opcode Fuzzy Hash: 3340b977abc0a125eb1d30446df286bb8c406af4b03142260aee87f5857f63db
              • Instruction Fuzzy Hash: 8E900221242441525545B5584808507400AA7E0241795C122A5414A50DC5269D56D721
              Function 01662DB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65f277dfc95fe6dbbe16dc410dd7c36d594d10555f314e01bb168c7f674a8045
              • Instruction ID: e2cf5fc8dbfcd8cc3df00955539fe7d947e6500ddf59e624cfda916b19763376
              • Opcode Fuzzy Hash: 65f277dfc95fe6dbbe16dc410dd7c36d594d10555f314e01bb168c7f674a8045
              • Instruction Fuzzy Hash: 7A90023124140402D14175584808607000DA7D0241F95C122A4424654FC6558F56AB61
              Function 01662C60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd7135d4b5395fd567ed0d10ca89bfdf709aaf3c15108ead6feacb13967a8a12
              • Instruction ID: 77a5ef659118583d8e456265b839763a5c3ff70327c21284cabfcb7172037a52
              • Opcode Fuzzy Hash: fd7135d4b5395fd567ed0d10ca89bfdf709aaf3c15108ead6feacb13967a8a12
              • Instruction Fuzzy Hash: 0C90023120140842D10075584808B47000997E0301F55C126A4124754EC615CD517621
              Function 01662CF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf45d9351f5c3628e64ad7f31a27eded5ba6b3e550f91b90e2c4e89c3f6c7bf8
              • Instruction ID: 60555c2fe0896c56c24f157ef53b400b4ad825e70ea5e3149bbd0bec0a997e0e
              • Opcode Fuzzy Hash: cf45d9351f5c3628e64ad7f31a27eded5ba6b3e550f91b90e2c4e89c3f6c7bf8
              • Instruction Fuzzy Hash: 5790023120140403D1007558590C707000997D0201F55D521A4424658ED6568D516221
              Function 01662CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a7295a7f561ce86f22451e8bd7f70f47d78b753ac7a5f9ab22f0125925f83e5
              • Instruction ID: 5aa5c98cf53d9c2237c685970c384b0e477ef91ea39f485699e92ed05ec17506
              • Opcode Fuzzy Hash: 6a7295a7f561ce86f22451e8bd7f70f47d78b753ac7a5f9ab22f0125925f83e5
              • Instruction Fuzzy Hash: D090022160540402D1407558581C707001997D0201F55D121A4024654EC6598F5567A1
              Function 01662CA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ae21458706c8cfc987989e26298a1388cce1e368ccc0b41b065301feddffc57b
              • Instruction ID: 0f9aa48dc1d1c748ba24fd6d056fac7becae8afbb45ecd7bf4f8f4db6008dd1b
              • Opcode Fuzzy Hash: ae21458706c8cfc987989e26298a1388cce1e368ccc0b41b065301feddffc57b
              • Instruction Fuzzy Hash: 3690023120140402D1007998580C647000997E0301F55D121A9024655FC6658D916231
              Function 01662F60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39a8b49c6abe5535838ed74d46d1e9d8bfd7923a1e5f72060535e641c0ff0e08
              • Instruction ID: 117049bc8f1ebba074339039371ddece1dd3cdeb116a06562eb4dcd8cfd00a5b
              • Opcode Fuzzy Hash: 39a8b49c6abe5535838ed74d46d1e9d8bfd7923a1e5f72060535e641c0ff0e08
              • Instruction Fuzzy Hash: 8790026121140042D10475584808707004997E1201F55C122A6154654DC5298D615225
              Function 01662F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd2b905cef66ad6a07b87ea3a770047ca010ce8a26a738e073bc989f41f91d20
              • Instruction ID: a8a622882e7305bc52a6ecbf61ce57e479468eff335fd8617a0820ab1c71a580
              • Opcode Fuzzy Hash: cd2b905cef66ad6a07b87ea3a770047ca010ce8a26a738e073bc989f41f91d20
              • Instruction Fuzzy Hash: 2690026134140442D10075584818B070009D7E1301F55C125E5064654EC619CD526226
              Function 01662FE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09a276320106d45e2f1116ec997258b03398b2108c07911e1bface4d6df402b4
              • Instruction ID: c1b14f7557f880ec428c1de71a6eff494f0090edb1a17938333871d27bef3753
              • Opcode Fuzzy Hash: 09a276320106d45e2f1116ec997258b03398b2108c07911e1bface4d6df402b4
              • Instruction Fuzzy Hash: 71900221211C0042D20079684C18B07000997D0303F55C225A4154654DC9158D615621
              Function 01662FA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 196792a3c5c3028075dd2515d74ec65bf2135817d1393ebdbbc2d89cf798ceba
              • Instruction ID: cde5eee2dde60fb12ba3673562aa9dfe6ad695fb9235b311a3c09cdd6748dea5
              • Opcode Fuzzy Hash: 196792a3c5c3028075dd2515d74ec65bf2135817d1393ebdbbc2d89cf798ceba
              • Instruction Fuzzy Hash: 6090023120180402D10075584C0C747000997D0302F55C121A9164655FC665CD916631
              Function 01662FB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a709a8b62622e0cd41b5351a4dccd56adef63b108c3473c6b3fa70fea500bea7
              • Instruction ID: ccae4fdb42f9bdcf6bc8ffd2f993fdb2c939bc55f91398df76c5896a7296b46f
              • Opcode Fuzzy Hash: a709a8b62622e0cd41b5351a4dccd56adef63b108c3473c6b3fa70fea500bea7
              • Instruction Fuzzy Hash: 8890022160140042414075688C489074009BBE1211755C231A4998650EC5598D655765
              Function 01662F90 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 628dda09b86533d8452499ada396680227262830ad24452897e47d6e737e6ad5
              • Instruction ID: 8e3bd5dde2208af87f2cde39045525fa13dfe0f9ddd9418f29816b31d6598206
              • Opcode Fuzzy Hash: 628dda09b86533d8452499ada396680227262830ad24452897e47d6e737e6ad5
              • Instruction Fuzzy Hash: 0090023120180402D10075584C1870B000997D0302F55C121A5164655EC6258D516671
              Function 01662E30 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 251f4b6a821b4dae1bc8e282d41af02f673c7f43223117878e81d7e17721ac02
              • Instruction ID: 28b4aa8a27c52bdb473f534cc1543feffdf9c8c955c686446f88b64c2fbdf526
              • Opcode Fuzzy Hash: 251f4b6a821b4dae1bc8e282d41af02f673c7f43223117878e81d7e17721ac02
              • Instruction Fuzzy Hash: D390022130140402D10275584818607000DD7D1345F95C122E5424655EC6258E53A232
              Function 01662EE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfb01950cebd3f143f80a51df945819977e51e90c1b4a60cb034144e341048ba
              • Instruction ID: 2e1ce91a7f488cadfe6d5accc48841c232ef44864bdd3301af7ea65ca856c242
              • Opcode Fuzzy Hash: dfb01950cebd3f143f80a51df945819977e51e90c1b4a60cb034144e341048ba
              • Instruction Fuzzy Hash: CB90026120180403D14079584C08607000997D0302F55C121A6064655FCA298D516235
              Function 01662EA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6eefed697dc7baac61e392c7d45b1c304182fdb8af345db80c3faabc59ac4dc2
              • Instruction ID: 577adceda164299ae625314c4a374c6e25363ad44c8e2849a63a6511d0c8ee05
              • Opcode Fuzzy Hash: 6eefed697dc7baac61e392c7d45b1c304182fdb8af345db80c3faabc59ac4dc2
              • Instruction Fuzzy Hash: 6590027120140402D14075584808747000997D0301F55C121A9064654FC6598ED56765
              Function 01662E80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c18c85a2a4449529f2e95d2012287dac07077f080482b6f20e5403bfcbc632c3
              • Instruction ID: 190e5d8c0731743c04a734760077fd6fbc74101c49768f65093c7f9ad80c4862
              • Opcode Fuzzy Hash: c18c85a2a4449529f2e95d2012287dac07077f080482b6f20e5403bfcbc632c3
              • Instruction Fuzzy Hash: AE90022160140502D10175584808617000E97D0241F95C132A5024655FCA258E92A231
              Function 01663010 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ddb72e3fa5236036507f83a405d4909127a66257fbba038359a560d4d7a7a3d
              • Instruction ID: 5bf35cadd7e2c6f50c0be09b2cdf374bad197f798c10bb2bd2c0950b371a3ced
              • Opcode Fuzzy Hash: 0ddb72e3fa5236036507f83a405d4909127a66257fbba038359a560d4d7a7a3d
              • Instruction Fuzzy Hash: 5190022120184442D14076584C08B0F410997E1202F95C129A8156654DC9158D555721
              Function 01663090 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2fc840ba902719ad8d1c07bc546d21e5b59a82cd960bce62bf7da605965aa908
              • Instruction ID: 645c554d91c7dd2b096e7a8a6f325b0e3d09248151e35dc0ca6f73ba7007cbd5
              • Opcode Fuzzy Hash: 2fc840ba902719ad8d1c07bc546d21e5b59a82cd960bce62bf7da605965aa908
              • Instruction Fuzzy Hash: 3290022124140802D14075588818707000AD7D0601F55C121A4024654EC6168E6567B1
              Function 016639B0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac69a2c92f80cb18f022a150538a136a979c63ece78f3e07f05e676db4940835
              • Instruction ID: 709dd3cde8461db2643c8a009b63afea99958237d777b056589764d5c2370d56
              • Opcode Fuzzy Hash: ac69a2c92f80cb18f022a150538a136a979c63ece78f3e07f05e676db4940835
              • Instruction Fuzzy Hash: 7890022124545102D150755C48086174009B7E0201F55C131A4814694EC5558D556321
              Function 01663D70 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85bb78430f2524da7fedfbfb4cd7fc4ad20175ac443501e7f92955c2c9e3442e
              • Instruction ID: 4493e6d715561b4e96ceef525f78d4a5cd6c6e48e7899f31d13cac6eaf019118
              • Opcode Fuzzy Hash: 85bb78430f2524da7fedfbfb4cd7fc4ad20175ac443501e7f92955c2c9e3442e
              • Instruction Fuzzy Hash: 7A90023520140402D51075585C08647004A97D0301F55D521A4424658EC6548DA1A221
              Function 01663D10 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 830741c4cf8d523f6af5ddba51f0b38962d5c3529b4b680c0f014cd8e1397e9b
              • Instruction ID: e745e012469c149039ed82dc5b28fd8169708aad1bf83794a589d82050dd0faf
              • Opcode Fuzzy Hash: 830741c4cf8d523f6af5ddba51f0b38962d5c3529b4b680c0f014cd8e1397e9b
              • Instruction Fuzzy Hash: 8B90023120240142954076585C08A4F410997E1302B95D525A4015654DC9148D615321
              Function 01662C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction ID: 78dfd5bbceb54ca91cd4a2a6c994c42a56b28f6f3cc7643338e06eb382223418
              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction Fuzzy Hash:
              Function 01662890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: 948af4cab237965f37d761f4e84b4512b4044e34852d258e03040aea7b0814be
              • Instruction ID: ce194fdff84d1b593d1b185d3136e6137ad8f754359c274ef26e8b7cca4ecd4a
              • Opcode Fuzzy Hash: 948af4cab237965f37d761f4e84b4512b4044e34852d258e03040aea7b0814be
              • Instruction Fuzzy Hash: 2851C1A6A00116AFDB11DFAD8CA097EFBBCBB48240714C26DE5A5D7641E334DE44CBA0
              Function 016D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: 5592e1dc890cb781fbb9ef2ffa511580059445618b5f1afbd58cf7d94a150669
              • Instruction ID: b8020b33eb3e15f3bb24b63ce8950c95fa9a03a5598a4e48a96c4c453be463de
              • Opcode Fuzzy Hash: 5592e1dc890cb781fbb9ef2ffa511580059445618b5f1afbd58cf7d94a150669
              • Instruction Fuzzy Hash: C651F371E00646AEDB31DF9CCDA097FBBF9EB48200B44846DE996D7741E774EA408760
              Function 01657630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
              Download Yara Rule
              Strings
              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01694725
              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01694787
              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 016946FC
              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01694742
              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01694655
              • Execute=1, xrefs: 01694713
              • ExecuteOptions, xrefs: 016946A0
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
              • API String ID: 0-484625025
              • Opcode ID: 81748505eede7396846bc77844bfd639d9d9dbc2a6e5a79c5f8176d04d01ddf4
              • Instruction ID: f3310e1e7e8f608aa82388ddabfb9bc1c68b09dff8a519509402f7998e2365d1
              • Opcode Fuzzy Hash: 81748505eede7396846bc77844bfd639d9d9dbc2a6e5a79c5f8176d04d01ddf4
              • Instruction Fuzzy Hash: 29510A31600219ABEF11ABA8EC95FBE77ADEF15300F44009DDA05A72C1EB71DE468F65
              Function 0166B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-$0$0
              • API String ID: 1302938615-699404926
              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction ID: 7e6c579203cbbf6e7dac689b0676e96cd63d7393096f6ad8fc0b519d328bd646
              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction Fuzzy Hash: EF81BC30B0525ADEEF258E68CC917BEBFAAAF45320F18411AD961E7391C73898418B65
              Function 016D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$[$]:%u
              • API String ID: 48624451-2819853543
              • Opcode ID: ff9d13505efff531388e71bbd723e7cf8e02035a98879faaaac71cf3b2a04125
              • Instruction ID: 54bae808f98891ac4f5ffdb8972747ea4e9e2e1ef3f8917c43491ddd80d68484
              • Opcode Fuzzy Hash: ff9d13505efff531388e71bbd723e7cf8e02035a98879faaaac71cf3b2a04125
              • Instruction Fuzzy Hash: 5721517AE00119ABDB11DE79CC50ABEBBF9EF54651F08411EEA15E3200E730DA158BA1
              Function 0164F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
              Download Yara Rule
              Strings
              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016902BD
              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016902E7
              • RTL: Re-Waiting, xrefs: 0169031E
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
              • API String ID: 0-2474120054
              • Opcode ID: ede730f6b424ee3d23fcca0680c96f4c57798f388e9f61b0d04bffd2c63d18da
              • Instruction ID: 581de54478d748f720d2ed469482b438c5e15d146d55fea0951cd7f1c0f84111
              • Opcode Fuzzy Hash: ede730f6b424ee3d23fcca0680c96f4c57798f388e9f61b0d04bffd2c63d18da
              • Instruction Fuzzy Hash: 1EE1AC706087429FEB25CF2CCC84B2ABBE9AB85324F144A9DF5A58B3D1D774D845CB42
              Function 0165BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
              Download Yara Rule
              Strings
              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01697B7F
              • RTL: Resource at %p, xrefs: 01697B8E
              • RTL: Re-Waiting, xrefs: 01697BAC
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 0-871070163
              • Opcode ID: 37c71c85a01c7d2c353c794a44ee3679c150a21345beea95a48fbf0f03b8f4c7
              • Instruction ID: 71dbad531b24956e28806ce13c88416cb21ad28005f482ecf0aee26d1a35915d
              • Opcode Fuzzy Hash: 37c71c85a01c7d2c353c794a44ee3679c150a21345beea95a48fbf0f03b8f4c7
              • Instruction Fuzzy Hash: BD41E2317007029FDB25CE2DDC40B6AB7EAEF98710F100A1DE95A9B380DB31E8058F95
              Function 0165B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              APIs
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0169728C
              Strings
              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01697294
              • RTL: Resource at %p, xrefs: 016972A3
              • RTL: Re-Waiting, xrefs: 016972C1
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 885266447-605551621
              • Opcode ID: 54ab18484dc5572d79ebe932786b1ba062e5a24c07cb4bfbb56bc6ea30a41664
              • Instruction ID: a58019a71875c8df013bb04d3e60e89a85a459002bde078bdf8113180cd98075
              • Opcode Fuzzy Hash: 54ab18484dc5572d79ebe932786b1ba062e5a24c07cb4bfbb56bc6ea30a41664
              • Instruction Fuzzy Hash: 7F41FF31611206ABCB21CE69CC81B6ABBAAFF94710F14465DFD55EB380DB20E8528BD5
              Function 016D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$]:%u
              • API String ID: 48624451-3050659472
              • Opcode ID: b3b59becaf48e5cac8cb5c4e0411b9b652b8c16af2df4b35077ad59d9c95e69d
              • Instruction ID: a9ca8117f4434ac0ad5d50d9d1f46dd98f7ae43ef23e71c0bd84c65ea67bb70d
              • Opcode Fuzzy Hash: b3b59becaf48e5cac8cb5c4e0411b9b652b8c16af2df4b35077ad59d9c95e69d
              • Instruction Fuzzy Hash: DB318172A002199FDB20DF2DCC50BEEB7F9EB44610F45455EED49E3200EF30AA548BA0
              Function 01667D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-
              • API String ID: 1302938615-2137968064
              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction ID: 2d5b6f16d1d83535f5a6ab1ad42409fe2206da714652ac694a9376635612f62d
              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction Fuzzy Hash: 3891B271E0020A9BEB24DF6DCC80ABEBBBDAF84728F14451AE955E73C0D7349941CB51
              Function 01629126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.1638245421.00000000015F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 015F0000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_15f0000_ungziped_file.jbxd
              Similarity
              • API ID:
              • String ID: $$@
              • API String ID: 0-1194432280
              • Opcode ID: 3211f14d5238881fe04c9304802790714eb01125b0116dcfdd12e549fe93c1a5
              • Instruction ID: ae7f058f65aced2930810460b94554d605f0b177b4752f2d93c2770d633d53ea
              • Opcode Fuzzy Hash: 3211f14d5238881fe04c9304802790714eb01125b0116dcfdd12e549fe93c1a5
              • Instruction Fuzzy Hash: 4C812971D002799BDB31DB54CC54BEABBB8AF48714F1041EAEA19B7280D7709E85CFA4