Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
Analysis ID:1528900
MD5:cc42d6edd3fc5e953bcf59b67c31faed
SHA1:291ab6d36c851cbb00d2c344c10abaea8c4f22c0
SHA256:78b3e10f355de8a780c69cc622dd3bc529365ff5fa141eb291112ee7b2ef2a94
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect virtualization through RDTSC time measurements
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe (PID: 7460 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe" MD5: CC42D6EDD3FC5E953BCF59B67C31FAED)
    • powershell.exe (PID: 7684 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7860 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.uggernauty.net/t94g/"], "decoy": ["32188.top", "mergencyroofrepair656460.online", "jkahu.fun", "ur4.autos", "r0lba4cl0qkaws8.bond", "eiliaowang.top", "urjav.xyz", "kidaman15.click", "old-removal-p350.today", "levatethismedia.info", "h33323s40.top", "dormy.click", "5406.club", "earlofwisdombook.pro", "6980.app", "ellwood999.biz", "otdates.lol", "164v.shop", "thereal.app", "takeget.online", "andshakecap.info", "urevitality.fit", "hinabrasilexpressbr.shop", "agacuan6.cloud", "ehuacs.vip", "ostbr.online", "xh354.xyz", "texhio.online", "utoflightbookings.online", "uikfox.top", "razeonthego.net", "ardenartpros.xyz", "rain-pipe-cleaning-72352.bond", "argoindah.online", "ilo808.vip", "urartexplore.top", "likbet77ofc.net", "olacecarenetwork.info", "nfluencer-marketing-47216.bond", "alerico.net", "ywildchicken.net", "8nj2.shop", "alsam.bond", "emaxvalley.xyz", "uwevei8.pro", "lwp6c7v.xyz", "hongzhuankk02.yachts", "kokbihi.online", "kxt.xyz", "ctivgym.online", "he616comies.shop", "loto.app", "lpha-mn.dev", "ungle-product.shop", "duaus.fun", "roduct-tester-jobs-48097.bond", "ikkidigitalpro.net", "oppr.fit", "uxk-porn-slut.top", "aoudimall.net", "pessin.tech", "ackhoffman.art", "echonocat.fun", "t-courses-mw-2.bond"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cb80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b8e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c8ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18809:$sqlite3step: 68 34 1C 7B E1
      • 0x1891c:$sqlite3step: 68 34 1C 7B E1
      • 0x18838:$sqlite3text: 68 38 2A 90 C5
      • 0x1895d:$sqlite3text: 68 38 2A 90 C5
      • 0x1884b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x18973:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 8 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1cb80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xa9bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x158a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b8e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c8ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x18809:$sqlite3step: 68 34 1C 7B E1
          • 0x1891c:$sqlite3step: 68 34 1C 7B E1
          • 0x18838:$sqlite3text: 68 38 2A 90 C5
          • 0x1895d:$sqlite3text: 68 38 2A 90 C5
          • 0x1884b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x18973:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 5 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, ParentProcessId: 7460, ParentProcessName: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", ProcessId: 7684, ProcessName: powershell.exe
          Sigma detected: Powershell Defender Exclusion
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, ParentProcessId: 7460, ParentProcessName: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", ProcessId: 7684, ProcessName: powershell.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, ParentProcessId: 7460, ParentProcessName: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe", ProcessId: 7684, ProcessName: powershell.exe

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.uggernauty.net/t94g/"], "decoy": ["32188.top", "mergencyroofrepair656460.online", "jkahu.fun", "ur4.autos", "r0lba4cl0qkaws8.bond", "eiliaowang.top", "urjav.xyz", "kidaman15.click", "old-removal-p350.today", "levatethismedia.info", "h33323s40.top", "dormy.click", "5406.club", "earlofwisdombook.pro", "6980.app", "ellwood999.biz", "otdates.lol", "164v.shop", "thereal.app", "takeget.online", "andshakecap.info", "urevitality.fit", "hinabrasilexpressbr.shop", "agacuan6.cloud", "ehuacs.vip", "ostbr.online", "xh354.xyz", "texhio.online", "utoflightbookings.online", "uikfox.top", "razeonthego.net", "ardenartpros.xyz", "rain-pipe-cleaning-72352.bond", "argoindah.online", "ilo808.vip", "urartexplore.top", "likbet77ofc.net", "olacecarenetwork.info", "nfluencer-marketing-47216.bond", "alerico.net", "ywildchicken.net", "8nj2.shop", "alsam.bond", "emaxvalley.xyz", "uwevei8.pro", "lwp6c7v.xyz", "hongzhuankk02.yachts", "kokbihi.online", "kxt.xyz", "ctivgym.online", "he616comies.shop", "loto.app", "lpha-mn.dev", "ungle-product.shop", "duaus.fun", "roduct-tester-jobs-48097.bond", "ikkidigitalpro.net", "oppr.fit", "uxk-porn-slut.top", "aoudimall.net", "pessin.tech", "ackhoffman.art", "echonocat.fun", "t-courses-mw-2.bond"]}
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeVirustotal: Detection: 35%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
          Machine Learning detection for sample
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: iGDc.pdbSHA256 source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: iGDc.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 4x nop then pop esi7_2_004172E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 4x nop then pop edi7_2_00417D73

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.uggernauty.net/t94g/
          Source: unknownDNS traffic detected: query: 241.42.69.40.in-addr.arpa replaycode: Name error (3)
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeString found in binary or memory: http://ocsp.comodoca.com0
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000000.00000002.1354786354.00000000024A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe PID: 7460, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe PID: 7744, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041A320 NtCreateFile,7_2_0041A320
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041A3D0 NtReadFile,7_2_0041A3D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041A450 NtClose,7_2_0041A450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041A500 NtAllocateVirtualMemory,7_2_0041A500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041A2DA NtCreateFile,7_2_0041A2DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041A31A NtCreateFile,7_2_0041A31A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_01142BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_01142DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01144340 NtSetContextThread,7_2_01144340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01144650 NtSuspendThread,7_2_01144650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142B60 NtClose,7_2_01142B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142B80 NtQueryInformationFile,7_2_01142B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142BA0 NtEnumerateValueKey,7_2_01142BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142BE0 NtQueryValueKey,7_2_01142BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142AB0 NtWaitForSingleObject,7_2_01142AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142AD0 NtReadFile,7_2_01142AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142AF0 NtWriteFile,7_2_01142AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142D10 NtMapViewOfSection,7_2_01142D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142D00 NtSetInformationFile,7_2_01142D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142D30 NtUnmapViewOfSection,7_2_01142D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142DB0 NtEnumerateKey,7_2_01142DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142DD0 NtDelayExecution,7_2_01142DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142C00 NtQueryInformationProcess,7_2_01142C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142C70 NtFreeVirtualMemory,7_2_01142C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142C60 NtCreateKey,7_2_01142C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142CA0 NtQueryInformationToken,7_2_01142CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142CC0 NtQueryVirtualMemory,7_2_01142CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142CF0 NtOpenProcess,7_2_01142CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142F30 NtCreateSection,7_2_01142F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142F60 NtCreateProcessEx,7_2_01142F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142F90 NtProtectVirtualMemory,7_2_01142F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142FB0 NtResumeThread,7_2_01142FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142FA0 NtQuerySection,7_2_01142FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142FE0 NtCreateFile,7_2_01142FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142E30 NtWriteVirtualMemory,7_2_01142E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142E80 NtReadVirtualMemory,7_2_01142E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142EA0 NtAdjustPrivilegesToken,7_2_01142EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142EE0 NtQueueApcThread,7_2_01142EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01143010 NtOpenDirectoryObject,7_2_01143010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01143090 NtSetValueKey,7_2_01143090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011435C0 NtCreateMutant,7_2_011435C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011439B0 NtGetContextThread,7_2_011439B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01143D10 NtOpenProcessToken,7_2_01143D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01143D70 NtOpenThread,7_2_01143D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_00B0F0440_2_00B0F044
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_068012480_2_06801248
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_06803A500_2_06803A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_0680D3D40_2_0680D3D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_0684BBB00_2_0684BBB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_0684BBA00_2_0684BBA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041D8427_2_0041D842
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_004010307_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041DC0E7_2_0041DC0E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_00402D907_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041ED9A7_2_0041ED9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_00409E507_2_00409E50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041DF5A7_2_0041DF5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_00402FB07_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AA1187_2_011AA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011001007_2_01100100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011981587_2_01198158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D01AA7_2_011D01AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C41A27_2_011C41A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C81CC7_2_011C81CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A20007_2_011A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CA3527_2_011CA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111E3F07_2_0111E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D03E67_2_011D03E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B02747_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011902C07_2_011902C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011105357_2_01110535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D05917_2_011D0591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B44207_2_011B4420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C24467_2_011C2446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011BE4F67_2_011BE4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011347507_2_01134750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011107707_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110C7C07_2_0110C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112C6E07_2_0112C6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011269627_2_01126962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A07_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011DA9A67_2_011DA9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111A8407_2_0111A840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011128407_2_01112840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010F68B87_2_010F68B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E8F07_2_0113E8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CAB407_2_011CAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C6BD77_2_011C6BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110EA807_2_0110EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011ACD1F7_2_011ACD1F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111AD007_2_0111AD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01128DBF7_2_01128DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110ADE07_2_0110ADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110C007_2_01110C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0CB57_2_011B0CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01100CF27_2_01100CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01130F307_2_01130F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B2F307_2_011B2F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01152F287_2_01152F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01184F407_2_01184F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118EFA07_2_0118EFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01102FC87_2_01102FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111CFE07_2_0111CFE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CEE267_2_011CEE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110E597_2_01110E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01122E907_2_01122E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CCE937_2_011CCE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CEEDB7_2_011CEEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011DB16B7_2_011DB16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0114516C7_2_0114516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FF1727_2_010FF172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111B1B07_2_0111B1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011170C07_2_011170C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011BF0CC7_2_011BF0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C70E97_2_011C70E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CF0E07_2_011CF0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C132D7_2_011C132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FD34C7_2_010FD34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0115739A7_2_0115739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011152A07_2_011152A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112B2C07_2_0112B2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B12ED7_2_011B12ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C75717_2_011C7571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AD5B07_2_011AD5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CF43F7_2_011CF43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011014607_2_01101460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CF7B07_2_011CF7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C16CC7_2_011C16CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A59107_2_011A5910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011199507_2_01119950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112B9507_2_0112B950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117D8007_2_0117D800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011138E07_2_011138E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CFB767_2_011CFB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112FB807_2_0112FB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01185BF07_2_01185BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0114DBF97_2_0114DBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CFA497_2_011CFA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C7A467_2_011C7A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01183A6C7_2_01183A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01155AA07_2_01155AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011ADAAC7_2_011ADAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B1AA37_2_011B1AA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011BDAC67_2_011BDAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C1D5A7_2_011C1D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01113D407_2_01113D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C7D737_2_011C7D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112FDC07_2_0112FDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01189C327_2_01189C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CFCF27_2_011CFCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CFF097_2_011CFF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01111F927_2_01111F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CFFB17_2_011CFFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010D3FD57_2_010D3FD5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010D3FD27_2_010D3FD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01119EB07_2_01119EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: String function: 01145130 appears 58 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: String function: 0117EA12 appears 86 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: String function: 010FB970 appears 280 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: String function: 01157E54 appears 101 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: String function: 0118F290 appears 105 times
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: invalid certificate
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000000.00000000.1312956631.0000000000132000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameiGDc.exe, vs SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000000.00000002.1362367333.000000000834F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000000.00000002.1362172458.0000000006AF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000007.00000002.1336299278.00000000011FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeBinary or memory string: OriginalFilenameiGDc.exe, vs SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe PID: 7460, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe PID: 7744, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, xlIEYBw9yIGE6JMOWQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, E4uZqFOLhSMef7LqQC.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, E4uZqFOLhSMef7LqQC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, E4uZqFOLhSMef7LqQC.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, E4uZqFOLhSMef7LqQC.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, E4uZqFOLhSMef7LqQC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, E4uZqFOLhSMef7LqQC.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, xlIEYBw9yIGE6JMOWQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, xlIEYBw9yIGE6JMOWQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, E4uZqFOLhSMef7LqQC.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, E4uZqFOLhSMef7LqQC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, E4uZqFOLhSMef7LqQC.csSecurity API names: _0020.AddAccessRule
          Source: classification engineClassification label: mal100.troj.evad.winEXE@11/6@1/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7700:120:WilError_03
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeMutant created: \Sessions\1\BaseNamedObjects\gxFNYLiZ
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xe3tlqns.qbm.ps1Jump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeVirustotal: Detection: 35%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: iGDc.pdbSHA256 source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: iGDc.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.67b0000.3.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, E4uZqFOLhSMef7LqQC.cs.Net Code: GlqSWLFtcA System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, E4uZqFOLhSMef7LqQC.cs.Net Code: GlqSWLFtcA System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, E4uZqFOLhSMef7LqQC.cs.Net Code: GlqSWLFtcA System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.25e9d94.0.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: 0xD4049BCC [Sat Sep 19 19:30:20 2082 UTC]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_067FD801 push es; ret 0_2_067FD810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_06805648 pushfd ; iretd 0_2_068056F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_068056F0 pushfd ; iretd 0_2_068056F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_06805613 pushad ; iretd 0_2_06805639
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_0680AE19 push eax; mov dword ptr [esp], edx0_2_0680AE2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 0_2_0684DE8B push eax; ret 0_2_0684DE91
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041D842 push CE770B89h; ret 7_2_0041D64A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041E1D5 push CE770B89h; ret 7_2_0041D64A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041DAED push CE770B89h; ret 7_2_0041D64A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041DB45 push CE770B89h; ret 7_2_0041D64A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0040E355 push ebp; iretd 7_2_0040E381
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041D475 push eax; ret 7_2_0041D4C8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041DC0E push CE770B89h; ret 7_2_0041D64A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041D4C2 push eax; ret 7_2_0041D4C8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041D4CB push eax; ret 7_2_0041D532
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_00417CDD push ecx; retf 7_2_00417CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041D566 push CE770B89h; ret 7_2_0041D64A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041D52C push eax; ret 7_2_0041D532
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_00416649 push ebx; iretd 7_2_0041664B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041DE5D push CE770B89h; ret 7_2_0041D64A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041D65F push CE770B89h; ret 7_2_0041D64A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0041DF5A push CE770B89h; ret 7_2_0041D64A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010D225F pushad ; ret 7_2_010D27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010D27FA pushad ; ret 7_2_010D27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011009AD push ecx; mov dword ptr [esp], ecx7_2_011009B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010D283D push eax; iretd 7_2_010D2858
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010D1368 push eax; iretd 7_2_010D1369
          Source: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeStatic PE information: section name: .text entropy: 7.736784074386954
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, wvyFp5lEMaXfIDvbM4g.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'z0rfRsnEaV', 'MKbfuxmesF', 'TbtfFKRq03', 'e7RfvuQXWh', 'rNFfVcO9SM', 'QsffNHS43N', 'RoVfC7IVAq'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, o35qSosUGnefXxGkm9.csHigh entropy of concatenated method names: 'UuGb5WCYBm', 'xoqbw0fbZU', 'BP5bKaabiZ', 'tpubj4VTdK', 'pO3b8uA9T4', 'V4SbUPCYxs', 'niGbhbRc5E', 'Ehob7Xj9WN', 'mDVbQRTNbF', 'R2GbfjEV7O'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, CpNlZy8hqofMdFNKt0.csHigh entropy of concatenated method names: 'PMNrljTqKm', 'fDarbgK2Y2', 'jR1roYPXgO', 's58oXpgiW5', 'eLdozBduPo', 'U0ErIecsxZ', 'i26rOTGfIF', 'pSDr0Lk5xu', 'qcGrsfqedj', 'KhSrS5TtBQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, E4uZqFOLhSMef7LqQC.csHigh entropy of concatenated method names: 'Cr8s6QHGZr', 'IdysldHUlT', 'CeysH1PWUs', 'ujnsbiRM3W', 'zgusYoJG0s', 'RXRsoIDI8v', 'tbxsr7GPVq', 'pOksJNpFFp', 'bcQskAB0vC', 'KposnOXEvH'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, IeoGratBW3O1qvysQn.csHigh entropy of concatenated method names: 'xG67laWdWb', 'byE7Hig4n0', 'A8l7bwSRK2', 'dOK7YGeQIC', 'HV87oimJfK', 'Kri7ryrxkk', 'c2b7J2thxb', 'v9S7k75glI', 'UaS7nyNObm', 'Chg7t3GPff'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, AFVuE3FDqBXyamboG8.csHigh entropy of concatenated method names: 'Q2j79Twmg9', 'MFQ7L1yaNs', 'fuH71h1YZ4', 'OLU7pCSkFv', 'Wxm7Re04ZH', 'xyG7qTAxXj', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, xlIEYBw9yIGE6JMOWQ.csHigh entropy of concatenated method names: 'ob5HREyBPI', 'j9CHua8Usu', 'JdkHFVob9F', 'ecnHv2SMHo', 'kRMHVoc0bC', 'GSAHNsEk8Q', 'hWWHCeMZpu', 'vT9HyG2gf8', 'eYdHBp5M5a', 'E9EHXAtrbs'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, FXj55bXUxxvboVoahD.csHigh entropy of concatenated method names: 'UIoQOsiAni', 'fuQQsCGNUZ', 'vXgQSwBFf5', 'jQQQlnLy9w', 'Rt0QHiQFMD', 'MWYQYIy2ml', 'LPyQopGXqb', 'yTW7C61ldj', 'avo7yGTMiP', 'Utw7BEAoO9'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, EmYPgEMBQCWZ9A4T72.csHigh entropy of concatenated method names: 'hWho6rZDfl', 'LRtoHHsSIv', 'cEMoY8rOtD', 'RsroroUM0M', 'zQCoJxsFlZ', 'JFuYVNscs4', 'kmLYNPNFP3', 'XEtYCOxa3a', 'qn4Yyy6EYN', 'x05YBMY8D5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, XpOWKj9AUfhiB883bx.csHigh entropy of concatenated method names: 'ommWTkMnF', 'BHu53l7Q0', 'V7Qw7Lrq0', 'OvTdWqRdX', 'hOnj1dnfS', 'z2g3fCkfA', 'l40ID9aNCGBNcpaiKt', 'TpcyXR3bEPnEEwBm67', 'wwZ7CyD2l', 'gVQf2cP3W'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, RUmI4MNnoe3hw9LtV7.csHigh entropy of concatenated method names: 'FfhhnIdtDV', 'kmchtkCpVJ', 'ToString', 'NEWhlgswr4', 'tDchHccke8', 'pXrhbp33Hc', 'zsOhYi4Iu5', 'SHohoPvi2N', 'vZ1hrVCEhW', 'SIThJg9nFm'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, Wf4kesqoACHAE2XEBm.csHigh entropy of concatenated method names: 'BBcrPRZylc', 'EwErm8DnUd', 'XwPrWZ3Vga', 'cqer58qBu1', 'rTlrZLWxUR', 'xvKrwfkruL', 'JrLrdb49IH', 'DrprKH5ZgF', 'F2urjqHpuh', 'pQ7r31H3v8'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, dAsYu2USK2159UQ6ET.csHigh entropy of concatenated method names: 'Kl1hym0xFh', 'IUXhXgr69a', 'kby7IBTQoG', 'PrV7OTHgP2', 'pZEhiHavLj', 'KZHh4xp3qU', 'lGGhxITytH', 'oHahR4XIPo', 'zQrhuVBajw', 'xfJhFwfJtB'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, CFlKvelphoBZvK4hXgV.csHigh entropy of concatenated method names: 'klCQPskB0t', 'jbcQm8R5aF', 'aYVQWHtQCZ', 'NwrQ5nRD1X', 'XrJQZQ70ML', 'VutQw8CRrG', 'dcrQdWFXvl', 'CqZQKFmwca', 'EVqQj65cQQ', 'CAsQ3TuV5Z'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, KAMcFOG423RXbKqhOW.csHigh entropy of concatenated method names: 'ODiDKx1fLr', 'mXqDjbi15c', 'MgZD9p337e', 'jRtDLihBvf', 'd1eDp7ohvy', 'HEODq6X20D', 'HR9DEi3VNZ', 'P7jDMgFY7F', 'Uj8DTbHO1r', 'BjqDiR4vDY'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, TAQYtDBT26ov40cDwc.csHigh entropy of concatenated method names: 'XoEOrsnfRJ', 'CBDOJvWC9D', 'Y6LOn6UhQX', 'YZ5OtDqKvW', 'UKkO8YbQnQ', 'It7OU2m23G', 'K66p21qbf7PPHbyGXE', 'thJShxC4dorDkZLDMb', 'hNBOOeFvo5', 'M8OOsjvXj5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, zvnvEjou1LWx6J2FCc.csHigh entropy of concatenated method names: 'Dispose', 'imoOB4wB27', 'Qp30Lh8uGg', 'Ah4ee9VFe7', 'U5TOXviPBt', 'R1IOzZqcn3', 'ProcessDialogKey', 'st30IY1sf3', 'bNe0OjMX5n', 'wQg00oCUQA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, vmprtQzxvSgJjUwOlW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'X5wQDnc22N', 'H9MQ85bpu8', 'fG3QUxs5SK', 'QHBQhAM1QE', 'SarQ7sacBx', 'SSFQQL8nir', 'IcLQf3O3x5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3694500.2.raw.unpack, LuG0j34VKrxiUTTP4k.csHigh entropy of concatenated method names: 'zpm8T2qBBL', 'Dfi845Uo9S', 'Bku8RwRbw5', 'hK08uVyAMy', 'SOe8L2KLCf', 'mog81lp1D9', 'FsN8pZCs2o', 'orF8qCEccZ', 'MQu8GFbSdS', 'u3H8EvhaJA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, wvyFp5lEMaXfIDvbM4g.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'z0rfRsnEaV', 'MKbfuxmesF', 'TbtfFKRq03', 'e7RfvuQXWh', 'rNFfVcO9SM', 'QsffNHS43N', 'RoVfC7IVAq'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, o35qSosUGnefXxGkm9.csHigh entropy of concatenated method names: 'UuGb5WCYBm', 'xoqbw0fbZU', 'BP5bKaabiZ', 'tpubj4VTdK', 'pO3b8uA9T4', 'V4SbUPCYxs', 'niGbhbRc5E', 'Ehob7Xj9WN', 'mDVbQRTNbF', 'R2GbfjEV7O'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, CpNlZy8hqofMdFNKt0.csHigh entropy of concatenated method names: 'PMNrljTqKm', 'fDarbgK2Y2', 'jR1roYPXgO', 's58oXpgiW5', 'eLdozBduPo', 'U0ErIecsxZ', 'i26rOTGfIF', 'pSDr0Lk5xu', 'qcGrsfqedj', 'KhSrS5TtBQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, E4uZqFOLhSMef7LqQC.csHigh entropy of concatenated method names: 'Cr8s6QHGZr', 'IdysldHUlT', 'CeysH1PWUs', 'ujnsbiRM3W', 'zgusYoJG0s', 'RXRsoIDI8v', 'tbxsr7GPVq', 'pOksJNpFFp', 'bcQskAB0vC', 'KposnOXEvH'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, IeoGratBW3O1qvysQn.csHigh entropy of concatenated method names: 'xG67laWdWb', 'byE7Hig4n0', 'A8l7bwSRK2', 'dOK7YGeQIC', 'HV87oimJfK', 'Kri7ryrxkk', 'c2b7J2thxb', 'v9S7k75glI', 'UaS7nyNObm', 'Chg7t3GPff'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, AFVuE3FDqBXyamboG8.csHigh entropy of concatenated method names: 'Q2j79Twmg9', 'MFQ7L1yaNs', 'fuH71h1YZ4', 'OLU7pCSkFv', 'Wxm7Re04ZH', 'xyG7qTAxXj', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, xlIEYBw9yIGE6JMOWQ.csHigh entropy of concatenated method names: 'ob5HREyBPI', 'j9CHua8Usu', 'JdkHFVob9F', 'ecnHv2SMHo', 'kRMHVoc0bC', 'GSAHNsEk8Q', 'hWWHCeMZpu', 'vT9HyG2gf8', 'eYdHBp5M5a', 'E9EHXAtrbs'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, FXj55bXUxxvboVoahD.csHigh entropy of concatenated method names: 'UIoQOsiAni', 'fuQQsCGNUZ', 'vXgQSwBFf5', 'jQQQlnLy9w', 'Rt0QHiQFMD', 'MWYQYIy2ml', 'LPyQopGXqb', 'yTW7C61ldj', 'avo7yGTMiP', 'Utw7BEAoO9'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, EmYPgEMBQCWZ9A4T72.csHigh entropy of concatenated method names: 'hWho6rZDfl', 'LRtoHHsSIv', 'cEMoY8rOtD', 'RsroroUM0M', 'zQCoJxsFlZ', 'JFuYVNscs4', 'kmLYNPNFP3', 'XEtYCOxa3a', 'qn4Yyy6EYN', 'x05YBMY8D5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, XpOWKj9AUfhiB883bx.csHigh entropy of concatenated method names: 'ommWTkMnF', 'BHu53l7Q0', 'V7Qw7Lrq0', 'OvTdWqRdX', 'hOnj1dnfS', 'z2g3fCkfA', 'l40ID9aNCGBNcpaiKt', 'TpcyXR3bEPnEEwBm67', 'wwZ7CyD2l', 'gVQf2cP3W'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, RUmI4MNnoe3hw9LtV7.csHigh entropy of concatenated method names: 'FfhhnIdtDV', 'kmchtkCpVJ', 'ToString', 'NEWhlgswr4', 'tDchHccke8', 'pXrhbp33Hc', 'zsOhYi4Iu5', 'SHohoPvi2N', 'vZ1hrVCEhW', 'SIThJg9nFm'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, Wf4kesqoACHAE2XEBm.csHigh entropy of concatenated method names: 'BBcrPRZylc', 'EwErm8DnUd', 'XwPrWZ3Vga', 'cqer58qBu1', 'rTlrZLWxUR', 'xvKrwfkruL', 'JrLrdb49IH', 'DrprKH5ZgF', 'F2urjqHpuh', 'pQ7r31H3v8'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, dAsYu2USK2159UQ6ET.csHigh entropy of concatenated method names: 'Kl1hym0xFh', 'IUXhXgr69a', 'kby7IBTQoG', 'PrV7OTHgP2', 'pZEhiHavLj', 'KZHh4xp3qU', 'lGGhxITytH', 'oHahR4XIPo', 'zQrhuVBajw', 'xfJhFwfJtB'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, CFlKvelphoBZvK4hXgV.csHigh entropy of concatenated method names: 'klCQPskB0t', 'jbcQm8R5aF', 'aYVQWHtQCZ', 'NwrQ5nRD1X', 'XrJQZQ70ML', 'VutQw8CRrG', 'dcrQdWFXvl', 'CqZQKFmwca', 'EVqQj65cQQ', 'CAsQ3TuV5Z'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, KAMcFOG423RXbKqhOW.csHigh entropy of concatenated method names: 'ODiDKx1fLr', 'mXqDjbi15c', 'MgZD9p337e', 'jRtDLihBvf', 'd1eDp7ohvy', 'HEODq6X20D', 'HR9DEi3VNZ', 'P7jDMgFY7F', 'Uj8DTbHO1r', 'BjqDiR4vDY'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, TAQYtDBT26ov40cDwc.csHigh entropy of concatenated method names: 'XoEOrsnfRJ', 'CBDOJvWC9D', 'Y6LOn6UhQX', 'YZ5OtDqKvW', 'UKkO8YbQnQ', 'It7OU2m23G', 'K66p21qbf7PPHbyGXE', 'thJShxC4dorDkZLDMb', 'hNBOOeFvo5', 'M8OOsjvXj5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, zvnvEjou1LWx6J2FCc.csHigh entropy of concatenated method names: 'Dispose', 'imoOB4wB27', 'Qp30Lh8uGg', 'Ah4ee9VFe7', 'U5TOXviPBt', 'R1IOzZqcn3', 'ProcessDialogKey', 'st30IY1sf3', 'bNe0OjMX5n', 'wQg00oCUQA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, vmprtQzxvSgJjUwOlW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'X5wQDnc22N', 'H9MQ85bpu8', 'fG3QUxs5SK', 'QHBQhAM1QE', 'SarQ7sacBx', 'SSFQQL8nir', 'IcLQf3O3x5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.6af0000.4.raw.unpack, LuG0j34VKrxiUTTP4k.csHigh entropy of concatenated method names: 'zpm8T2qBBL', 'Dfi845Uo9S', 'Bku8RwRbw5', 'hK08uVyAMy', 'SOe8L2KLCf', 'mog81lp1D9', 'FsN8pZCs2o', 'orF8qCEccZ', 'MQu8GFbSdS', 'u3H8EvhaJA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, wvyFp5lEMaXfIDvbM4g.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'z0rfRsnEaV', 'MKbfuxmesF', 'TbtfFKRq03', 'e7RfvuQXWh', 'rNFfVcO9SM', 'QsffNHS43N', 'RoVfC7IVAq'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, o35qSosUGnefXxGkm9.csHigh entropy of concatenated method names: 'UuGb5WCYBm', 'xoqbw0fbZU', 'BP5bKaabiZ', 'tpubj4VTdK', 'pO3b8uA9T4', 'V4SbUPCYxs', 'niGbhbRc5E', 'Ehob7Xj9WN', 'mDVbQRTNbF', 'R2GbfjEV7O'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, CpNlZy8hqofMdFNKt0.csHigh entropy of concatenated method names: 'PMNrljTqKm', 'fDarbgK2Y2', 'jR1roYPXgO', 's58oXpgiW5', 'eLdozBduPo', 'U0ErIecsxZ', 'i26rOTGfIF', 'pSDr0Lk5xu', 'qcGrsfqedj', 'KhSrS5TtBQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, E4uZqFOLhSMef7LqQC.csHigh entropy of concatenated method names: 'Cr8s6QHGZr', 'IdysldHUlT', 'CeysH1PWUs', 'ujnsbiRM3W', 'zgusYoJG0s', 'RXRsoIDI8v', 'tbxsr7GPVq', 'pOksJNpFFp', 'bcQskAB0vC', 'KposnOXEvH'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, IeoGratBW3O1qvysQn.csHigh entropy of concatenated method names: 'xG67laWdWb', 'byE7Hig4n0', 'A8l7bwSRK2', 'dOK7YGeQIC', 'HV87oimJfK', 'Kri7ryrxkk', 'c2b7J2thxb', 'v9S7k75glI', 'UaS7nyNObm', 'Chg7t3GPff'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, AFVuE3FDqBXyamboG8.csHigh entropy of concatenated method names: 'Q2j79Twmg9', 'MFQ7L1yaNs', 'fuH71h1YZ4', 'OLU7pCSkFv', 'Wxm7Re04ZH', 'xyG7qTAxXj', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, xlIEYBw9yIGE6JMOWQ.csHigh entropy of concatenated method names: 'ob5HREyBPI', 'j9CHua8Usu', 'JdkHFVob9F', 'ecnHv2SMHo', 'kRMHVoc0bC', 'GSAHNsEk8Q', 'hWWHCeMZpu', 'vT9HyG2gf8', 'eYdHBp5M5a', 'E9EHXAtrbs'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, FXj55bXUxxvboVoahD.csHigh entropy of concatenated method names: 'UIoQOsiAni', 'fuQQsCGNUZ', 'vXgQSwBFf5', 'jQQQlnLy9w', 'Rt0QHiQFMD', 'MWYQYIy2ml', 'LPyQopGXqb', 'yTW7C61ldj', 'avo7yGTMiP', 'Utw7BEAoO9'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, EmYPgEMBQCWZ9A4T72.csHigh entropy of concatenated method names: 'hWho6rZDfl', 'LRtoHHsSIv', 'cEMoY8rOtD', 'RsroroUM0M', 'zQCoJxsFlZ', 'JFuYVNscs4', 'kmLYNPNFP3', 'XEtYCOxa3a', 'qn4Yyy6EYN', 'x05YBMY8D5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, XpOWKj9AUfhiB883bx.csHigh entropy of concatenated method names: 'ommWTkMnF', 'BHu53l7Q0', 'V7Qw7Lrq0', 'OvTdWqRdX', 'hOnj1dnfS', 'z2g3fCkfA', 'l40ID9aNCGBNcpaiKt', 'TpcyXR3bEPnEEwBm67', 'wwZ7CyD2l', 'gVQf2cP3W'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, RUmI4MNnoe3hw9LtV7.csHigh entropy of concatenated method names: 'FfhhnIdtDV', 'kmchtkCpVJ', 'ToString', 'NEWhlgswr4', 'tDchHccke8', 'pXrhbp33Hc', 'zsOhYi4Iu5', 'SHohoPvi2N', 'vZ1hrVCEhW', 'SIThJg9nFm'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, Wf4kesqoACHAE2XEBm.csHigh entropy of concatenated method names: 'BBcrPRZylc', 'EwErm8DnUd', 'XwPrWZ3Vga', 'cqer58qBu1', 'rTlrZLWxUR', 'xvKrwfkruL', 'JrLrdb49IH', 'DrprKH5ZgF', 'F2urjqHpuh', 'pQ7r31H3v8'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, dAsYu2USK2159UQ6ET.csHigh entropy of concatenated method names: 'Kl1hym0xFh', 'IUXhXgr69a', 'kby7IBTQoG', 'PrV7OTHgP2', 'pZEhiHavLj', 'KZHh4xp3qU', 'lGGhxITytH', 'oHahR4XIPo', 'zQrhuVBajw', 'xfJhFwfJtB'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, CFlKvelphoBZvK4hXgV.csHigh entropy of concatenated method names: 'klCQPskB0t', 'jbcQm8R5aF', 'aYVQWHtQCZ', 'NwrQ5nRD1X', 'XrJQZQ70ML', 'VutQw8CRrG', 'dcrQdWFXvl', 'CqZQKFmwca', 'EVqQj65cQQ', 'CAsQ3TuV5Z'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, KAMcFOG423RXbKqhOW.csHigh entropy of concatenated method names: 'ODiDKx1fLr', 'mXqDjbi15c', 'MgZD9p337e', 'jRtDLihBvf', 'd1eDp7ohvy', 'HEODq6X20D', 'HR9DEi3VNZ', 'P7jDMgFY7F', 'Uj8DTbHO1r', 'BjqDiR4vDY'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, TAQYtDBT26ov40cDwc.csHigh entropy of concatenated method names: 'XoEOrsnfRJ', 'CBDOJvWC9D', 'Y6LOn6UhQX', 'YZ5OtDqKvW', 'UKkO8YbQnQ', 'It7OU2m23G', 'K66p21qbf7PPHbyGXE', 'thJShxC4dorDkZLDMb', 'hNBOOeFvo5', 'M8OOsjvXj5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, zvnvEjou1LWx6J2FCc.csHigh entropy of concatenated method names: 'Dispose', 'imoOB4wB27', 'Qp30Lh8uGg', 'Ah4ee9VFe7', 'U5TOXviPBt', 'R1IOzZqcn3', 'ProcessDialogKey', 'st30IY1sf3', 'bNe0OjMX5n', 'wQg00oCUQA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, vmprtQzxvSgJjUwOlW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'X5wQDnc22N', 'H9MQ85bpu8', 'fG3QUxs5SK', 'QHBQhAM1QE', 'SarQ7sacBx', 'SSFQQL8nir', 'IcLQf3O3x5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.3704520.1.raw.unpack, LuG0j34VKrxiUTTP4k.csHigh entropy of concatenated method names: 'zpm8T2qBBL', 'Dfi845Uo9S', 'Bku8RwRbw5', 'hK08uVyAMy', 'SOe8L2KLCf', 'mog81lp1D9', 'FsN8pZCs2o', 'orF8qCEccZ', 'MQu8GFbSdS', 'u3H8EvhaJA'

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe PID: 7460, type: MEMORYSTR
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeRDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeRDTSC instruction interceptor: First address: 409B6E second address: 409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeMemory allocated: B00000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeMemory allocated: 24A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeMemory allocated: 44A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeMemory allocated: 8560000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeMemory allocated: 9560000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeMemory allocated: 9760000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeMemory allocated: A760000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_00409AA0 rdtsc 7_2_00409AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6410Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3266Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeAPI coverage: 0.6 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe TID: 7496Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7844Thread sleep time: -3689348814741908s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_00409AA0 rdtsc 7_2_00409AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_01142BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AA118 mov ecx, dword ptr fs:[00000030h]7_2_011AA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AA118 mov eax, dword ptr fs:[00000030h]7_2_011AA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AA118 mov eax, dword ptr fs:[00000030h]7_2_011AA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AA118 mov eax, dword ptr fs:[00000030h]7_2_011AA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C0115 mov eax, dword ptr fs:[00000030h]7_2_011C0115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE10E mov eax, dword ptr fs:[00000030h]7_2_011AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE10E mov ecx, dword ptr fs:[00000030h]7_2_011AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE10E mov eax, dword ptr fs:[00000030h]7_2_011AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE10E mov eax, dword ptr fs:[00000030h]7_2_011AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE10E mov ecx, dword ptr fs:[00000030h]7_2_011AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE10E mov eax, dword ptr fs:[00000030h]7_2_011AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE10E mov eax, dword ptr fs:[00000030h]7_2_011AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE10E mov ecx, dword ptr fs:[00000030h]7_2_011AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE10E mov eax, dword ptr fs:[00000030h]7_2_011AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE10E mov ecx, dword ptr fs:[00000030h]7_2_011AE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01130124 mov eax, dword ptr fs:[00000030h]7_2_01130124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01198158 mov eax, dword ptr fs:[00000030h]7_2_01198158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01106154 mov eax, dword ptr fs:[00000030h]7_2_01106154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01106154 mov eax, dword ptr fs:[00000030h]7_2_01106154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FC156 mov eax, dword ptr fs:[00000030h]7_2_010FC156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01194144 mov eax, dword ptr fs:[00000030h]7_2_01194144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01194144 mov eax, dword ptr fs:[00000030h]7_2_01194144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01194144 mov ecx, dword ptr fs:[00000030h]7_2_01194144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01194144 mov eax, dword ptr fs:[00000030h]7_2_01194144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01194144 mov eax, dword ptr fs:[00000030h]7_2_01194144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118019F mov eax, dword ptr fs:[00000030h]7_2_0118019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118019F mov eax, dword ptr fs:[00000030h]7_2_0118019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118019F mov eax, dword ptr fs:[00000030h]7_2_0118019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118019F mov eax, dword ptr fs:[00000030h]7_2_0118019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01140185 mov eax, dword ptr fs:[00000030h]7_2_01140185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011BC188 mov eax, dword ptr fs:[00000030h]7_2_011BC188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011BC188 mov eax, dword ptr fs:[00000030h]7_2_011BC188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FA197 mov eax, dword ptr fs:[00000030h]7_2_010FA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FA197 mov eax, dword ptr fs:[00000030h]7_2_010FA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FA197 mov eax, dword ptr fs:[00000030h]7_2_010FA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A4180 mov eax, dword ptr fs:[00000030h]7_2_011A4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A4180 mov eax, dword ptr fs:[00000030h]7_2_011A4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E1D0 mov eax, dword ptr fs:[00000030h]7_2_0117E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E1D0 mov eax, dword ptr fs:[00000030h]7_2_0117E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E1D0 mov ecx, dword ptr fs:[00000030h]7_2_0117E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E1D0 mov eax, dword ptr fs:[00000030h]7_2_0117E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E1D0 mov eax, dword ptr fs:[00000030h]7_2_0117E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C61C3 mov eax, dword ptr fs:[00000030h]7_2_011C61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C61C3 mov eax, dword ptr fs:[00000030h]7_2_011C61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011301F8 mov eax, dword ptr fs:[00000030h]7_2_011301F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D61E5 mov eax, dword ptr fs:[00000030h]7_2_011D61E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111E016 mov eax, dword ptr fs:[00000030h]7_2_0111E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111E016 mov eax, dword ptr fs:[00000030h]7_2_0111E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111E016 mov eax, dword ptr fs:[00000030h]7_2_0111E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111E016 mov eax, dword ptr fs:[00000030h]7_2_0111E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01184000 mov ecx, dword ptr fs:[00000030h]7_2_01184000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A2000 mov eax, dword ptr fs:[00000030h]7_2_011A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A2000 mov eax, dword ptr fs:[00000030h]7_2_011A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A2000 mov eax, dword ptr fs:[00000030h]7_2_011A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A2000 mov eax, dword ptr fs:[00000030h]7_2_011A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A2000 mov eax, dword ptr fs:[00000030h]7_2_011A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A2000 mov eax, dword ptr fs:[00000030h]7_2_011A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A2000 mov eax, dword ptr fs:[00000030h]7_2_011A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A2000 mov eax, dword ptr fs:[00000030h]7_2_011A2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01196030 mov eax, dword ptr fs:[00000030h]7_2_01196030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FA020 mov eax, dword ptr fs:[00000030h]7_2_010FA020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FC020 mov eax, dword ptr fs:[00000030h]7_2_010FC020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01102050 mov eax, dword ptr fs:[00000030h]7_2_01102050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01186050 mov eax, dword ptr fs:[00000030h]7_2_01186050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112C073 mov eax, dword ptr fs:[00000030h]7_2_0112C073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110208A mov eax, dword ptr fs:[00000030h]7_2_0110208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C60B8 mov eax, dword ptr fs:[00000030h]7_2_011C60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C60B8 mov ecx, dword ptr fs:[00000030h]7_2_011C60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011980A8 mov eax, dword ptr fs:[00000030h]7_2_011980A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011820DE mov eax, dword ptr fs:[00000030h]7_2_011820DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011420F0 mov ecx, dword ptr fs:[00000030h]7_2_011420F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FA0E3 mov ecx, dword ptr fs:[00000030h]7_2_010FA0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011860E0 mov eax, dword ptr fs:[00000030h]7_2_011860E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011080E9 mov eax, dword ptr fs:[00000030h]7_2_011080E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FC0F0 mov eax, dword ptr fs:[00000030h]7_2_010FC0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01120310 mov ecx, dword ptr fs:[00000030h]7_2_01120310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A30B mov eax, dword ptr fs:[00000030h]7_2_0113A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A30B mov eax, dword ptr fs:[00000030h]7_2_0113A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A30B mov eax, dword ptr fs:[00000030h]7_2_0113A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FC310 mov ecx, dword ptr fs:[00000030h]7_2_010FC310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118035C mov eax, dword ptr fs:[00000030h]7_2_0118035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118035C mov eax, dword ptr fs:[00000030h]7_2_0118035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118035C mov eax, dword ptr fs:[00000030h]7_2_0118035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118035C mov ecx, dword ptr fs:[00000030h]7_2_0118035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118035C mov eax, dword ptr fs:[00000030h]7_2_0118035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118035C mov eax, dword ptr fs:[00000030h]7_2_0118035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A8350 mov ecx, dword ptr fs:[00000030h]7_2_011A8350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CA352 mov eax, dword ptr fs:[00000030h]7_2_011CA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01182349 mov eax, dword ptr fs:[00000030h]7_2_01182349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A437C mov eax, dword ptr fs:[00000030h]7_2_011A437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FE388 mov eax, dword ptr fs:[00000030h]7_2_010FE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FE388 mov eax, dword ptr fs:[00000030h]7_2_010FE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FE388 mov eax, dword ptr fs:[00000030h]7_2_010FE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010F8397 mov eax, dword ptr fs:[00000030h]7_2_010F8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010F8397 mov eax, dword ptr fs:[00000030h]7_2_010F8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010F8397 mov eax, dword ptr fs:[00000030h]7_2_010F8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112438F mov eax, dword ptr fs:[00000030h]7_2_0112438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112438F mov eax, dword ptr fs:[00000030h]7_2_0112438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE3DB mov eax, dword ptr fs:[00000030h]7_2_011AE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE3DB mov eax, dword ptr fs:[00000030h]7_2_011AE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE3DB mov ecx, dword ptr fs:[00000030h]7_2_011AE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AE3DB mov eax, dword ptr fs:[00000030h]7_2_011AE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A43D4 mov eax, dword ptr fs:[00000030h]7_2_011A43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A43D4 mov eax, dword ptr fs:[00000030h]7_2_011A43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A3C0 mov eax, dword ptr fs:[00000030h]7_2_0110A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A3C0 mov eax, dword ptr fs:[00000030h]7_2_0110A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A3C0 mov eax, dword ptr fs:[00000030h]7_2_0110A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A3C0 mov eax, dword ptr fs:[00000030h]7_2_0110A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A3C0 mov eax, dword ptr fs:[00000030h]7_2_0110A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A3C0 mov eax, dword ptr fs:[00000030h]7_2_0110A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011083C0 mov eax, dword ptr fs:[00000030h]7_2_011083C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011083C0 mov eax, dword ptr fs:[00000030h]7_2_011083C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011083C0 mov eax, dword ptr fs:[00000030h]7_2_011083C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011083C0 mov eax, dword ptr fs:[00000030h]7_2_011083C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011BC3CD mov eax, dword ptr fs:[00000030h]7_2_011BC3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011863C0 mov eax, dword ptr fs:[00000030h]7_2_011863C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111E3F0 mov eax, dword ptr fs:[00000030h]7_2_0111E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111E3F0 mov eax, dword ptr fs:[00000030h]7_2_0111E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111E3F0 mov eax, dword ptr fs:[00000030h]7_2_0111E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011363FF mov eax, dword ptr fs:[00000030h]7_2_011363FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011103E9 mov eax, dword ptr fs:[00000030h]7_2_011103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011103E9 mov eax, dword ptr fs:[00000030h]7_2_011103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011103E9 mov eax, dword ptr fs:[00000030h]7_2_011103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011103E9 mov eax, dword ptr fs:[00000030h]7_2_011103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011103E9 mov eax, dword ptr fs:[00000030h]7_2_011103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011103E9 mov eax, dword ptr fs:[00000030h]7_2_011103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011103E9 mov eax, dword ptr fs:[00000030h]7_2_011103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011103E9 mov eax, dword ptr fs:[00000030h]7_2_011103E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010F823B mov eax, dword ptr fs:[00000030h]7_2_010F823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01106259 mov eax, dword ptr fs:[00000030h]7_2_01106259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011BA250 mov eax, dword ptr fs:[00000030h]7_2_011BA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011BA250 mov eax, dword ptr fs:[00000030h]7_2_011BA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01188243 mov eax, dword ptr fs:[00000030h]7_2_01188243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01188243 mov ecx, dword ptr fs:[00000030h]7_2_01188243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FA250 mov eax, dword ptr fs:[00000030h]7_2_010FA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010F826B mov eax, dword ptr fs:[00000030h]7_2_010F826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B0274 mov eax, dword ptr fs:[00000030h]7_2_011B0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01104260 mov eax, dword ptr fs:[00000030h]7_2_01104260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01104260 mov eax, dword ptr fs:[00000030h]7_2_01104260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01104260 mov eax, dword ptr fs:[00000030h]7_2_01104260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E284 mov eax, dword ptr fs:[00000030h]7_2_0113E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E284 mov eax, dword ptr fs:[00000030h]7_2_0113E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01180283 mov eax, dword ptr fs:[00000030h]7_2_01180283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01180283 mov eax, dword ptr fs:[00000030h]7_2_01180283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01180283 mov eax, dword ptr fs:[00000030h]7_2_01180283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011102A0 mov eax, dword ptr fs:[00000030h]7_2_011102A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011102A0 mov eax, dword ptr fs:[00000030h]7_2_011102A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011962A0 mov eax, dword ptr fs:[00000030h]7_2_011962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011962A0 mov ecx, dword ptr fs:[00000030h]7_2_011962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011962A0 mov eax, dword ptr fs:[00000030h]7_2_011962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011962A0 mov eax, dword ptr fs:[00000030h]7_2_011962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011962A0 mov eax, dword ptr fs:[00000030h]7_2_011962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011962A0 mov eax, dword ptr fs:[00000030h]7_2_011962A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A2C3 mov eax, dword ptr fs:[00000030h]7_2_0110A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A2C3 mov eax, dword ptr fs:[00000030h]7_2_0110A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A2C3 mov eax, dword ptr fs:[00000030h]7_2_0110A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A2C3 mov eax, dword ptr fs:[00000030h]7_2_0110A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A2C3 mov eax, dword ptr fs:[00000030h]7_2_0110A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011102E1 mov eax, dword ptr fs:[00000030h]7_2_011102E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011102E1 mov eax, dword ptr fs:[00000030h]7_2_011102E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011102E1 mov eax, dword ptr fs:[00000030h]7_2_011102E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01196500 mov eax, dword ptr fs:[00000030h]7_2_01196500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D4500 mov eax, dword ptr fs:[00000030h]7_2_011D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D4500 mov eax, dword ptr fs:[00000030h]7_2_011D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D4500 mov eax, dword ptr fs:[00000030h]7_2_011D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D4500 mov eax, dword ptr fs:[00000030h]7_2_011D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D4500 mov eax, dword ptr fs:[00000030h]7_2_011D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D4500 mov eax, dword ptr fs:[00000030h]7_2_011D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D4500 mov eax, dword ptr fs:[00000030h]7_2_011D4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110535 mov eax, dword ptr fs:[00000030h]7_2_01110535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110535 mov eax, dword ptr fs:[00000030h]7_2_01110535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110535 mov eax, dword ptr fs:[00000030h]7_2_01110535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110535 mov eax, dword ptr fs:[00000030h]7_2_01110535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110535 mov eax, dword ptr fs:[00000030h]7_2_01110535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110535 mov eax, dword ptr fs:[00000030h]7_2_01110535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E53E mov eax, dword ptr fs:[00000030h]7_2_0112E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E53E mov eax, dword ptr fs:[00000030h]7_2_0112E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E53E mov eax, dword ptr fs:[00000030h]7_2_0112E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E53E mov eax, dword ptr fs:[00000030h]7_2_0112E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E53E mov eax, dword ptr fs:[00000030h]7_2_0112E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01108550 mov eax, dword ptr fs:[00000030h]7_2_01108550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01108550 mov eax, dword ptr fs:[00000030h]7_2_01108550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113656A mov eax, dword ptr fs:[00000030h]7_2_0113656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113656A mov eax, dword ptr fs:[00000030h]7_2_0113656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113656A mov eax, dword ptr fs:[00000030h]7_2_0113656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E59C mov eax, dword ptr fs:[00000030h]7_2_0113E59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01102582 mov eax, dword ptr fs:[00000030h]7_2_01102582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01102582 mov ecx, dword ptr fs:[00000030h]7_2_01102582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01134588 mov eax, dword ptr fs:[00000030h]7_2_01134588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011245B1 mov eax, dword ptr fs:[00000030h]7_2_011245B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011245B1 mov eax, dword ptr fs:[00000030h]7_2_011245B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011805A7 mov eax, dword ptr fs:[00000030h]7_2_011805A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011805A7 mov eax, dword ptr fs:[00000030h]7_2_011805A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011805A7 mov eax, dword ptr fs:[00000030h]7_2_011805A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011065D0 mov eax, dword ptr fs:[00000030h]7_2_011065D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A5D0 mov eax, dword ptr fs:[00000030h]7_2_0113A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A5D0 mov eax, dword ptr fs:[00000030h]7_2_0113A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E5CF mov eax, dword ptr fs:[00000030h]7_2_0113E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E5CF mov eax, dword ptr fs:[00000030h]7_2_0113E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011025E0 mov eax, dword ptr fs:[00000030h]7_2_011025E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E5E7 mov eax, dword ptr fs:[00000030h]7_2_0112E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E5E7 mov eax, dword ptr fs:[00000030h]7_2_0112E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E5E7 mov eax, dword ptr fs:[00000030h]7_2_0112E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E5E7 mov eax, dword ptr fs:[00000030h]7_2_0112E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E5E7 mov eax, dword ptr fs:[00000030h]7_2_0112E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E5E7 mov eax, dword ptr fs:[00000030h]7_2_0112E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E5E7 mov eax, dword ptr fs:[00000030h]7_2_0112E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E5E7 mov eax, dword ptr fs:[00000030h]7_2_0112E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113C5ED mov eax, dword ptr fs:[00000030h]7_2_0113C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113C5ED mov eax, dword ptr fs:[00000030h]7_2_0113C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01138402 mov eax, dword ptr fs:[00000030h]7_2_01138402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01138402 mov eax, dword ptr fs:[00000030h]7_2_01138402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01138402 mov eax, dword ptr fs:[00000030h]7_2_01138402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A430 mov eax, dword ptr fs:[00000030h]7_2_0113A430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FC427 mov eax, dword ptr fs:[00000030h]7_2_010FC427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FE420 mov eax, dword ptr fs:[00000030h]7_2_010FE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FE420 mov eax, dword ptr fs:[00000030h]7_2_010FE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FE420 mov eax, dword ptr fs:[00000030h]7_2_010FE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01186420 mov eax, dword ptr fs:[00000030h]7_2_01186420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01186420 mov eax, dword ptr fs:[00000030h]7_2_01186420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01186420 mov eax, dword ptr fs:[00000030h]7_2_01186420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01186420 mov eax, dword ptr fs:[00000030h]7_2_01186420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01186420 mov eax, dword ptr fs:[00000030h]7_2_01186420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01186420 mov eax, dword ptr fs:[00000030h]7_2_01186420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01186420 mov eax, dword ptr fs:[00000030h]7_2_01186420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112245A mov eax, dword ptr fs:[00000030h]7_2_0112245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011BA456 mov eax, dword ptr fs:[00000030h]7_2_011BA456
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E443 mov eax, dword ptr fs:[00000030h]7_2_0113E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E443 mov eax, dword ptr fs:[00000030h]7_2_0113E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E443 mov eax, dword ptr fs:[00000030h]7_2_0113E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E443 mov eax, dword ptr fs:[00000030h]7_2_0113E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E443 mov eax, dword ptr fs:[00000030h]7_2_0113E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E443 mov eax, dword ptr fs:[00000030h]7_2_0113E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E443 mov eax, dword ptr fs:[00000030h]7_2_0113E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113E443 mov eax, dword ptr fs:[00000030h]7_2_0113E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010F645D mov eax, dword ptr fs:[00000030h]7_2_010F645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112A470 mov eax, dword ptr fs:[00000030h]7_2_0112A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112A470 mov eax, dword ptr fs:[00000030h]7_2_0112A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112A470 mov eax, dword ptr fs:[00000030h]7_2_0112A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118C460 mov ecx, dword ptr fs:[00000030h]7_2_0118C460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011BA49A mov eax, dword ptr fs:[00000030h]7_2_011BA49A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011344B0 mov ecx, dword ptr fs:[00000030h]7_2_011344B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118A4B0 mov eax, dword ptr fs:[00000030h]7_2_0118A4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011064AB mov eax, dword ptr fs:[00000030h]7_2_011064AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011004E5 mov ecx, dword ptr fs:[00000030h]7_2_011004E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01100710 mov eax, dword ptr fs:[00000030h]7_2_01100710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01130710 mov eax, dword ptr fs:[00000030h]7_2_01130710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113C700 mov eax, dword ptr fs:[00000030h]7_2_0113C700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117C730 mov eax, dword ptr fs:[00000030h]7_2_0117C730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113273C mov eax, dword ptr fs:[00000030h]7_2_0113273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113273C mov ecx, dword ptr fs:[00000030h]7_2_0113273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113273C mov eax, dword ptr fs:[00000030h]7_2_0113273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113C720 mov eax, dword ptr fs:[00000030h]7_2_0113C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113C720 mov eax, dword ptr fs:[00000030h]7_2_0113C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01100750 mov eax, dword ptr fs:[00000030h]7_2_01100750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142750 mov eax, dword ptr fs:[00000030h]7_2_01142750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142750 mov eax, dword ptr fs:[00000030h]7_2_01142750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118E75D mov eax, dword ptr fs:[00000030h]7_2_0118E75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01184755 mov eax, dword ptr fs:[00000030h]7_2_01184755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113674D mov esi, dword ptr fs:[00000030h]7_2_0113674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113674D mov eax, dword ptr fs:[00000030h]7_2_0113674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113674D mov eax, dword ptr fs:[00000030h]7_2_0113674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01108770 mov eax, dword ptr fs:[00000030h]7_2_01108770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110770 mov eax, dword ptr fs:[00000030h]7_2_01110770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A678E mov eax, dword ptr fs:[00000030h]7_2_011A678E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B47A0 mov eax, dword ptr fs:[00000030h]7_2_011B47A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011007AF mov eax, dword ptr fs:[00000030h]7_2_011007AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110C7C0 mov eax, dword ptr fs:[00000030h]7_2_0110C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011807C3 mov eax, dword ptr fs:[00000030h]7_2_011807C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011047FB mov eax, dword ptr fs:[00000030h]7_2_011047FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011047FB mov eax, dword ptr fs:[00000030h]7_2_011047FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118E7E1 mov eax, dword ptr fs:[00000030h]7_2_0118E7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011227ED mov eax, dword ptr fs:[00000030h]7_2_011227ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011227ED mov eax, dword ptr fs:[00000030h]7_2_011227ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011227ED mov eax, dword ptr fs:[00000030h]7_2_011227ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01142619 mov eax, dword ptr fs:[00000030h]7_2_01142619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111260B mov eax, dword ptr fs:[00000030h]7_2_0111260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111260B mov eax, dword ptr fs:[00000030h]7_2_0111260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111260B mov eax, dword ptr fs:[00000030h]7_2_0111260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111260B mov eax, dword ptr fs:[00000030h]7_2_0111260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111260B mov eax, dword ptr fs:[00000030h]7_2_0111260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111260B mov eax, dword ptr fs:[00000030h]7_2_0111260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111260B mov eax, dword ptr fs:[00000030h]7_2_0111260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E609 mov eax, dword ptr fs:[00000030h]7_2_0117E609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01136620 mov eax, dword ptr fs:[00000030h]7_2_01136620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01138620 mov eax, dword ptr fs:[00000030h]7_2_01138620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111E627 mov eax, dword ptr fs:[00000030h]7_2_0111E627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110262C mov eax, dword ptr fs:[00000030h]7_2_0110262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111C640 mov eax, dword ptr fs:[00000030h]7_2_0111C640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01132674 mov eax, dword ptr fs:[00000030h]7_2_01132674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C866E mov eax, dword ptr fs:[00000030h]7_2_011C866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C866E mov eax, dword ptr fs:[00000030h]7_2_011C866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A660 mov eax, dword ptr fs:[00000030h]7_2_0113A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A660 mov eax, dword ptr fs:[00000030h]7_2_0113A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01104690 mov eax, dword ptr fs:[00000030h]7_2_01104690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01104690 mov eax, dword ptr fs:[00000030h]7_2_01104690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011366B0 mov eax, dword ptr fs:[00000030h]7_2_011366B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113C6A6 mov eax, dword ptr fs:[00000030h]7_2_0113C6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A6C7 mov ebx, dword ptr fs:[00000030h]7_2_0113A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A6C7 mov eax, dword ptr fs:[00000030h]7_2_0113A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E6F2 mov eax, dword ptr fs:[00000030h]7_2_0117E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E6F2 mov eax, dword ptr fs:[00000030h]7_2_0117E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E6F2 mov eax, dword ptr fs:[00000030h]7_2_0117E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E6F2 mov eax, dword ptr fs:[00000030h]7_2_0117E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011806F1 mov eax, dword ptr fs:[00000030h]7_2_011806F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011806F1 mov eax, dword ptr fs:[00000030h]7_2_011806F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118C912 mov eax, dword ptr fs:[00000030h]7_2_0118C912
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010F8918 mov eax, dword ptr fs:[00000030h]7_2_010F8918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010F8918 mov eax, dword ptr fs:[00000030h]7_2_010F8918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E908 mov eax, dword ptr fs:[00000030h]7_2_0117E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117E908 mov eax, dword ptr fs:[00000030h]7_2_0117E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118892A mov eax, dword ptr fs:[00000030h]7_2_0118892A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0119892B mov eax, dword ptr fs:[00000030h]7_2_0119892B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01180946 mov eax, dword ptr fs:[00000030h]7_2_01180946
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A4978 mov eax, dword ptr fs:[00000030h]7_2_011A4978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A4978 mov eax, dword ptr fs:[00000030h]7_2_011A4978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118C97C mov eax, dword ptr fs:[00000030h]7_2_0118C97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01126962 mov eax, dword ptr fs:[00000030h]7_2_01126962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01126962 mov eax, dword ptr fs:[00000030h]7_2_01126962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01126962 mov eax, dword ptr fs:[00000030h]7_2_01126962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0114096E mov eax, dword ptr fs:[00000030h]7_2_0114096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0114096E mov edx, dword ptr fs:[00000030h]7_2_0114096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0114096E mov eax, dword ptr fs:[00000030h]7_2_0114096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011889B3 mov esi, dword ptr fs:[00000030h]7_2_011889B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011889B3 mov eax, dword ptr fs:[00000030h]7_2_011889B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011889B3 mov eax, dword ptr fs:[00000030h]7_2_011889B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011129A0 mov eax, dword ptr fs:[00000030h]7_2_011129A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011009AD mov eax, dword ptr fs:[00000030h]7_2_011009AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011009AD mov eax, dword ptr fs:[00000030h]7_2_011009AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A9D0 mov eax, dword ptr fs:[00000030h]7_2_0110A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A9D0 mov eax, dword ptr fs:[00000030h]7_2_0110A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A9D0 mov eax, dword ptr fs:[00000030h]7_2_0110A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A9D0 mov eax, dword ptr fs:[00000030h]7_2_0110A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A9D0 mov eax, dword ptr fs:[00000030h]7_2_0110A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110A9D0 mov eax, dword ptr fs:[00000030h]7_2_0110A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011349D0 mov eax, dword ptr fs:[00000030h]7_2_011349D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CA9D3 mov eax, dword ptr fs:[00000030h]7_2_011CA9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011969C0 mov eax, dword ptr fs:[00000030h]7_2_011969C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011329F9 mov eax, dword ptr fs:[00000030h]7_2_011329F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011329F9 mov eax, dword ptr fs:[00000030h]7_2_011329F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118E9E0 mov eax, dword ptr fs:[00000030h]7_2_0118E9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118C810 mov eax, dword ptr fs:[00000030h]7_2_0118C810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A483A mov eax, dword ptr fs:[00000030h]7_2_011A483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A483A mov eax, dword ptr fs:[00000030h]7_2_011A483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113A830 mov eax, dword ptr fs:[00000030h]7_2_0113A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01122835 mov eax, dword ptr fs:[00000030h]7_2_01122835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01122835 mov eax, dword ptr fs:[00000030h]7_2_01122835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01122835 mov eax, dword ptr fs:[00000030h]7_2_01122835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01122835 mov ecx, dword ptr fs:[00000030h]7_2_01122835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01122835 mov eax, dword ptr fs:[00000030h]7_2_01122835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01122835 mov eax, dword ptr fs:[00000030h]7_2_01122835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01130854 mov eax, dword ptr fs:[00000030h]7_2_01130854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01104859 mov eax, dword ptr fs:[00000030h]7_2_01104859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01104859 mov eax, dword ptr fs:[00000030h]7_2_01104859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01112840 mov ecx, dword ptr fs:[00000030h]7_2_01112840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01196870 mov eax, dword ptr fs:[00000030h]7_2_01196870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01196870 mov eax, dword ptr fs:[00000030h]7_2_01196870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118E872 mov eax, dword ptr fs:[00000030h]7_2_0118E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118E872 mov eax, dword ptr fs:[00000030h]7_2_0118E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118C89D mov eax, dword ptr fs:[00000030h]7_2_0118C89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01100887 mov eax, dword ptr fs:[00000030h]7_2_01100887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112E8C0 mov eax, dword ptr fs:[00000030h]7_2_0112E8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113C8F9 mov eax, dword ptr fs:[00000030h]7_2_0113C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113C8F9 mov eax, dword ptr fs:[00000030h]7_2_0113C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CA8E4 mov eax, dword ptr fs:[00000030h]7_2_011CA8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117EB1D mov eax, dword ptr fs:[00000030h]7_2_0117EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117EB1D mov eax, dword ptr fs:[00000030h]7_2_0117EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117EB1D mov eax, dword ptr fs:[00000030h]7_2_0117EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117EB1D mov eax, dword ptr fs:[00000030h]7_2_0117EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117EB1D mov eax, dword ptr fs:[00000030h]7_2_0117EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117EB1D mov eax, dword ptr fs:[00000030h]7_2_0117EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117EB1D mov eax, dword ptr fs:[00000030h]7_2_0117EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117EB1D mov eax, dword ptr fs:[00000030h]7_2_0117EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117EB1D mov eax, dword ptr fs:[00000030h]7_2_0117EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112EB20 mov eax, dword ptr fs:[00000030h]7_2_0112EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112EB20 mov eax, dword ptr fs:[00000030h]7_2_0112EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C8B28 mov eax, dword ptr fs:[00000030h]7_2_011C8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011C8B28 mov eax, dword ptr fs:[00000030h]7_2_011C8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AEB50 mov eax, dword ptr fs:[00000030h]7_2_011AEB50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B4B4B mov eax, dword ptr fs:[00000030h]7_2_011B4B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B4B4B mov eax, dword ptr fs:[00000030h]7_2_011B4B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011A8B42 mov eax, dword ptr fs:[00000030h]7_2_011A8B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01196B40 mov eax, dword ptr fs:[00000030h]7_2_01196B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01196B40 mov eax, dword ptr fs:[00000030h]7_2_01196B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011CAB40 mov eax, dword ptr fs:[00000030h]7_2_011CAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010FCB7E mov eax, dword ptr fs:[00000030h]7_2_010FCB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B4BB0 mov eax, dword ptr fs:[00000030h]7_2_011B4BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B4BB0 mov eax, dword ptr fs:[00000030h]7_2_011B4BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110BBE mov eax, dword ptr fs:[00000030h]7_2_01110BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110BBE mov eax, dword ptr fs:[00000030h]7_2_01110BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AEBD0 mov eax, dword ptr fs:[00000030h]7_2_011AEBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01120BCB mov eax, dword ptr fs:[00000030h]7_2_01120BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01120BCB mov eax, dword ptr fs:[00000030h]7_2_01120BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01120BCB mov eax, dword ptr fs:[00000030h]7_2_01120BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01100BCD mov eax, dword ptr fs:[00000030h]7_2_01100BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01100BCD mov eax, dword ptr fs:[00000030h]7_2_01100BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01100BCD mov eax, dword ptr fs:[00000030h]7_2_01100BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01108BF0 mov eax, dword ptr fs:[00000030h]7_2_01108BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01108BF0 mov eax, dword ptr fs:[00000030h]7_2_01108BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01108BF0 mov eax, dword ptr fs:[00000030h]7_2_01108BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118CBF0 mov eax, dword ptr fs:[00000030h]7_2_0118CBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112EBFC mov eax, dword ptr fs:[00000030h]7_2_0112EBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0118CA11 mov eax, dword ptr fs:[00000030h]7_2_0118CA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01124A35 mov eax, dword ptr fs:[00000030h]7_2_01124A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01124A35 mov eax, dword ptr fs:[00000030h]7_2_01124A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113CA38 mov eax, dword ptr fs:[00000030h]7_2_0113CA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113CA24 mov eax, dword ptr fs:[00000030h]7_2_0113CA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0112EA2E mov eax, dword ptr fs:[00000030h]7_2_0112EA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01106A50 mov eax, dword ptr fs:[00000030h]7_2_01106A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01106A50 mov eax, dword ptr fs:[00000030h]7_2_01106A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01106A50 mov eax, dword ptr fs:[00000030h]7_2_01106A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01106A50 mov eax, dword ptr fs:[00000030h]7_2_01106A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01106A50 mov eax, dword ptr fs:[00000030h]7_2_01106A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01106A50 mov eax, dword ptr fs:[00000030h]7_2_01106A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01106A50 mov eax, dword ptr fs:[00000030h]7_2_01106A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110A5B mov eax, dword ptr fs:[00000030h]7_2_01110A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01110A5B mov eax, dword ptr fs:[00000030h]7_2_01110A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117CA72 mov eax, dword ptr fs:[00000030h]7_2_0117CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0117CA72 mov eax, dword ptr fs:[00000030h]7_2_0117CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011AEA60 mov eax, dword ptr fs:[00000030h]7_2_011AEA60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113CA6F mov eax, dword ptr fs:[00000030h]7_2_0113CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113CA6F mov eax, dword ptr fs:[00000030h]7_2_0113CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113CA6F mov eax, dword ptr fs:[00000030h]7_2_0113CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01138A90 mov edx, dword ptr fs:[00000030h]7_2_01138A90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110EA80 mov eax, dword ptr fs:[00000030h]7_2_0110EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110EA80 mov eax, dword ptr fs:[00000030h]7_2_0110EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110EA80 mov eax, dword ptr fs:[00000030h]7_2_0110EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110EA80 mov eax, dword ptr fs:[00000030h]7_2_0110EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110EA80 mov eax, dword ptr fs:[00000030h]7_2_0110EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110EA80 mov eax, dword ptr fs:[00000030h]7_2_0110EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110EA80 mov eax, dword ptr fs:[00000030h]7_2_0110EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110EA80 mov eax, dword ptr fs:[00000030h]7_2_0110EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0110EA80 mov eax, dword ptr fs:[00000030h]7_2_0110EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011D4A80 mov eax, dword ptr fs:[00000030h]7_2_011D4A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01108AA0 mov eax, dword ptr fs:[00000030h]7_2_01108AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01108AA0 mov eax, dword ptr fs:[00000030h]7_2_01108AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01156AA4 mov eax, dword ptr fs:[00000030h]7_2_01156AA4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01100AD0 mov eax, dword ptr fs:[00000030h]7_2_01100AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01134AD0 mov eax, dword ptr fs:[00000030h]7_2_01134AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01134AD0 mov eax, dword ptr fs:[00000030h]7_2_01134AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01156ACC mov eax, dword ptr fs:[00000030h]7_2_01156ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01156ACC mov eax, dword ptr fs:[00000030h]7_2_01156ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01156ACC mov eax, dword ptr fs:[00000030h]7_2_01156ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113AAEE mov eax, dword ptr fs:[00000030h]7_2_0113AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0113AAEE mov eax, dword ptr fs:[00000030h]7_2_0113AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B8D10 mov eax, dword ptr fs:[00000030h]7_2_011B8D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_011B8D10 mov eax, dword ptr fs:[00000030h]7_2_011B8D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_01134D1D mov eax, dword ptr fs:[00000030h]7_2_01134D1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111AD00 mov eax, dword ptr fs:[00000030h]7_2_0111AD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111AD00 mov eax, dword ptr fs:[00000030h]7_2_0111AD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_0111AD00 mov eax, dword ptr fs:[00000030h]7_2_0111AD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeCode function: 7_2_010F6D10 mov eax, dword ptr fs:[00000030h]7_2_010F6D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		11
          Process Injection          		1
          Masquerading          		OS Credential Dumping12
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		11
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable Media1
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive11
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
          Obfuscated Files or Information          		Cached Domain Credentials112
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe36%VirustotalBrowse
          SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
          https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          241.42.69.40.in-addr.arpa
          		unknown
          		unknowntrue
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            www.uggernauty.net/t94g/true
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe, 00000000.00000002.1354786354.00000000024A1000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.chiark.greenend.org.uk/~sgtatham/putty/0SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exefalse
              • URL Reputation: safe
              		unknown

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1528900
              Start date and time:2024-10-08 12:32:06 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 25s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:13
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@11/6@1/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 234
              • Number of non-executed functions: 264
              Cookbook Comments:
              • Found application associated with file extension: .exe

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtCreateKey calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              06:32:55API Interceptor1x Sleep call for process: SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe modified
              06:32:57API Interceptor11x Sleep call for process: powershell.exe modified

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.log

              Download File
              Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1216
              Entropy (8bit):5.34331486778365
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
              MD5:1330C80CAAC9A0FB172F202485E9B1E8
              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
              Malicious:true
              Reputation:high, very likely benign file
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:data
              Category:dropped
              Size (bytes):2232
              Entropy (8bit):5.379736180876081
              Encrypted:false
              SSDEEP:48:tWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//8PUyus:tLHyIFKL3IZ2KRH9Oug8s
              MD5:6826FE6ABAF3CE3CD345B5433F8715E5
              SHA1:FD4601A7FC9A41EBADE5E185DA0927E4D9A72FBF
              SHA-256:6C6BECB629E8CA772941CF328E222C3A5D3620B8683BA896395291589AF0DAE9
              SHA-512:9DA9FFCD5B8E1E774183485E99834F003F50B459B341E4211B5F9C408ECF260505A75CF08BFB41C23C310209A755FF2156A0A6E66999B0F36776AA1EF0E4B562
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cqz53mx0.fnv.ps1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Reputation:high, very likely benign file
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ixtqhfaq.xnb.psm1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ueeh2mli.5vx.psm1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xe3tlqns.qbm.ps1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.733290937893515
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
              • Win32 Executable (generic) a (10002005/4) 49.93%
              • Windows Screen Saver (13104/52) 0.07%
              • Generic Win/DOS Executable (2004/3) 0.01%
              • DOS Executable Generic (2002/1) 0.01%
              File name:SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
              File size:663'560 bytes
              MD5:cc42d6edd3fc5e953bcf59b67c31faed
              SHA1:291ab6d36c851cbb00d2c344c10abaea8c4f22c0
              SHA256:78b3e10f355de8a780c69cc622dd3bc529365ff5fa141eb291112ee7b2ef2a94
              SHA512:1c1da806e86a09b7f8a4370e30aa4446ec44328ab102a2e2a18a72c393387e7646b2a1ebfa856df05b1f5039d15e9d4794e5b6777ae1e624e1988077e485950a
              SSDEEP:12288:QnCkUsRlS2acxpYc9UeeXBeU8ni8nkZsqgElVRkycQqWy+SkcmEaglKkR:GFec7YcTFi4qhlWWy+ScEaq
              TLSH:79E4025C1744D603C959ABB41AB1F1B42B795EDEB501E307AFEC6CEFB5AAB108C04293
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. .......................@............@................................

              File Icon

              Icon Hash:00928e8e8686b000

              Static PE Info

              General

              Entrypoint:0x49fee6
              Entrypoint Section:.text
              Digitally signed:true
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0xD4049BCC [Sat Sep 19 19:30:20 2082 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Authenticode Signature

              Signature Valid:false
              Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
              Signature Validation Error:The digital signature of the object did not verify
              Error Number:-2146869232
              Not Before, Not After
              • 13/11/2018 00:00:00 08/11/2021 23:59:59
              Subject Chain
              • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
              Version:3
              Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
              Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
              Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
              Serial:7C1118CBBADC95DA3752C46E47A27438

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x9fe920x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xa00000x5dc.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x9ea000x3608
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xa20000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x9d8200x70.text
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000x9deec0x9e000269e839c594bf52695b47fbc949e9096False0.9039383900316456OpenPGP Public Key7.736784074386954IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xa00000x5dc0x6007cf3101c7976a623a03438e6dddfcbf8False0.4375data4.1750625803451475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xa20000xc0x20069beaf2e5ac138089354529148d58177False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0xa00900x34cdata0.43838862559241704
              RT_MANIFEST0xa03ec0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              Network Port Distribution

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 8, 2024 12:33:26.874712944 CEST5359640162.159.36.2192.168.2.9
              Oct 8, 2024 12:33:27.341933966 CEST5445653192.168.2.91.1.1.1
              Oct 8, 2024 12:33:27.349756956 CEST53544561.1.1.1192.168.2.9

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Oct 8, 2024 12:33:27.341933966 CEST192.168.2.91.1.1.10x8de4Standard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Oct 8, 2024 12:33:27.349756956 CEST1.1.1.1192.168.2.90x8de4Name error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:06:32:54
              Start date:08/10/2024
              Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
              Imagebase:0x130000
              File size:663'560 bytes
              MD5 hash:CC42D6EDD3FC5E953BCF59B67C31FAED
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.1358724042.000000000359C000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
              Reputation:low
              Has exited:true

              General

              Target ID:3
              Start time:06:32:55
              Start date:08/10/2024
              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
              Imagebase:0xa0000
              File size:433'152 bytes
              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:4
              Start time:06:32:56
              Start date:08/10/2024
              Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
              Wow64 process (32bit):false
              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
              Imagebase:0x290000
              File size:663'560 bytes
              MD5 hash:CC42D6EDD3FC5E953BCF59B67C31FAED
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:5
              Start time:06:32:56
              Start date:08/10/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff70f010000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:6
              Start time:06:32:56
              Start date:08/10/2024
              Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
              Wow64 process (32bit):false
              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
              Imagebase:0x210000
              File size:663'560 bytes
              MD5 hash:CC42D6EDD3FC5E953BCF59B67C31FAED
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:7
              Start time:06:32:56
              Start date:08/10/2024
              Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
              Imagebase:0x620000
              File size:663'560 bytes
              MD5 hash:CC42D6EDD3FC5E953BCF59B67C31FAED
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
              Reputation:low
              Has exited:true

              General

              Target ID:8
              Start time:06:32:57
              Start date:08/10/2024
              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
              Imagebase:0x7ff72d8c0000
              File size:496'640 bytes
              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
              Has elevated privileges:true
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:11.1%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:42
                Total number of Limit Nodes:3
                execution_graph 45048 b0d560 45049 b0d5a6 45048->45049 45053 b0d740 45049->45053 45056 b0d72f 45049->45056 45050 b0d693 45054 b0d76e 45053->45054 45059 b0d0fc 45053->45059 45054->45050 45057 b0d0fc DuplicateHandle 45056->45057 45058 b0d76e 45057->45058 45058->45050 45060 b0d7a8 DuplicateHandle 45059->45060 45061 b0d83e 45060->45061 45061->45054 45083 b0add0 45086 b0aeb8 45083->45086 45084 b0addf 45087 b0aefc 45086->45087 45088 b0aed9 45086->45088 45087->45084 45088->45087 45089 b0b100 GetModuleHandleW 45088->45089 45090 b0b12d 45089->45090 45090->45084 45091 6809ef0 45092 6809f1e 45091->45092 45094 6809fa9 45092->45094 45095 68088a8 45092->45095 45097 68088b3 45095->45097 45096 680a0b0 45096->45094 45097->45096 45099 68088d8 45097->45099 45100 680a200 SetTimer 45099->45100 45101 680a26c 45100->45101 45101->45096 45062 b04668 45063 b0467f 45062->45063 45064 b0468b 45063->45064 45066 b04788 45063->45066 45067 b047ad 45066->45067 45071 b04898 45067->45071 45075 b04888 45067->45075 45073 b048bf 45071->45073 45072 b0499c 45072->45072 45073->45072 45079 b04514 45073->45079 45076 b048bf 45075->45076 45077 b04514 CreateActCtxA 45076->45077 45078 b0499c 45076->45078 45077->45078 45080 b05928 CreateActCtxA 45079->45080 45082 b059eb 45080->45082

                Executed Functions

                Function 0680D3D4 Relevance: .9, Instructions: 931COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 253 680d3d4-680dd01 258 680df66-680e004 253->258 259 680dd07-680dd37 253->259 288 680e006-680e06b 258->288 289 680e077-680e092 258->289 266 680dee4-680def2 259->266 267 680dd3d-680dd50 call 680d414 call 680d424 259->267 273 680df40-680df60 266->273 274 680def4-680df37 266->274 279 680dd52-680dd69 call 680d434 267->279 280 680ddca-680de17 267->280 273->258 273->259 274->273 290 680dd97-680ddab 279->290 291 680dd6b-680dd7f 279->291 314 680de68-680de96 call 680d454 280->314 315 680de19-680de23 call 680d444 280->315 288->289 300 680e094-680e0a4 289->300 301 680e0a6-680e0a8 289->301 297 680ddb4-680ddc1 290->297 446 680dd82 call 680eeb0 291->446 447 680dd82 call 680eea3 291->447 297->280 302 680e0ae-680e0d3 300->302 301->302 310 680e0d5-680e0e5 302->310 311 680e0e7-680e0e9 302->311 305 680dd88-680dd91 305->290 313 680e0ef-680e221 310->313 311->313 353 680e227-680e242 313->353 354 680e46f-680e48a 313->354 332 680de9b-680de9d 314->332 320 680de40-680de4e 315->320 321 680de25-680de3e 315->321 325 680de57-680de64 320->325 321->325 325->314 332->273 334 680dea3-680dee2 call 680d454 332->334 334->273 353->354 357 680e248-680e46a 353->357 358 680e490-680e57f 354->358 359 680e584-680e59f 354->359 365 680e6b9-680e948 call 6808b00 357->365 358->365 363 680e5a5-680e6b5 359->363 364 680e6b7 359->364 363->365 364->365 414 680eab8-680eaca 365->414 415 680e94e-680eab6 365->415 418 680eacd-680eaf3 414->418 415->418 421 680eaf5-680eaf9 418->421 422 680eafa-680ebe3 418->422 421->422 436 680ebe5-680ebe9 422->436 437 680ebea-680ec1c 422->437 436->437 442 680ec34-680ec3b 437->442 443 680ec1e-680ec2f call 680d3e4 437->443 443->442 446->305 447->305
                Memory Dump Source
                • Source File: 00000000.00000002.1361764297.0000000006800000.00000040.00000800.00020000.00000000.sdmp, Offset: 06800000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6800000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b7902da804e5747d49695e1f8b4942bb19e0f035702dae6bf707c34fb0460d0
                • Instruction ID: aa617a78d376bcb996a48e26a7dd515aae8c73bfb875427983a5074f0999a204
                • Opcode Fuzzy Hash: 2b7902da804e5747d49695e1f8b4942bb19e0f035702dae6bf707c34fb0460d0
                • Instruction Fuzzy Hash: DEA21731E002198FDB55DF68CC946EDB7B2FF89300F1486A9D90AA7251EB74AE85CF41
                Function 06801248 Relevance: .7, Instructions: 739COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361764297.0000000006800000.00000040.00000800.00020000.00000000.sdmp, Offset: 06800000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6800000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51aa2b783274efc4bb372febd895a4c4ba9ce84413d3e528e8efd4a9aaccd032
                • Instruction ID: 413f1e594c24a8817f875572d7c006dcee0cfc6fdd97c8a909ea0336ecfce71b
                • Opcode Fuzzy Hash: 51aa2b783274efc4bb372febd895a4c4ba9ce84413d3e528e8efd4a9aaccd032
                • Instruction Fuzzy Hash: E9523934B01200CFEB989FB8C85866D77E2BF89315B1488BDD657DB7A0DB719845CB42
                Function 06803A50 Relevance: .5, Instructions: 471COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361764297.0000000006800000.00000040.00000800.00020000.00000000.sdmp, Offset: 06800000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6800000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 19901b984af1479c82a9ea246ffc0e58cf974ffb50e4c37f01a293f1912b41a3
                • Instruction ID: e7426fffdc3fd909ef226f6fd9eab255da4e8c54fa2d6f4b9140a16f652e0479
                • Opcode Fuzzy Hash: 19901b984af1479c82a9ea246ffc0e58cf974ffb50e4c37f01a293f1912b41a3
                • Instruction Fuzzy Hash: 2F226830A10619CFDB94DF68C884A9DB7B2FF89300F11C5A9E909AB265DB70ED85CF51
                Function 0684BBA0 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 940d08a4c8d36fe3ca005a8cf31238b0e61c3ae90bbb1d950abad595fab1a537
                • Instruction ID: b5cec8ce1633e12aadb7bd7cca35afa24c8a1a660d32be2b768e3a2a12b62536
                • Opcode Fuzzy Hash: 940d08a4c8d36fe3ca005a8cf31238b0e61c3ae90bbb1d950abad595fab1a537
                • Instruction Fuzzy Hash: 722127B0D056198FEB58DFA6C8143EEFBF6AFC9314F14C16AC409A62A4DB740946CF90
                Function 0684BBB0 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 651c4801d1691a6aebe48a95fc9d6eb455569644235cab95faf81b56b1331f16
                • Instruction ID: 71e9d1f21cd65bd5c4476e075fec3a8c432eae21127f36dd5ab4e906b2b88105
                • Opcode Fuzzy Hash: 651c4801d1691a6aebe48a95fc9d6eb455569644235cab95faf81b56b1331f16
                • Instruction Fuzzy Hash: 9621E4B0D0461D8BEB58DF97C8457EEFAFAAFC8304F04C02AC509A6254DB7409458F90
                Function 00B0AEB8 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 0 b0aeb8-b0aed7 1 b0af03-b0af07 0->1 2 b0aed9-b0aee6 call b0a240 0->2 4 b0af09-b0af13 1->4 5 b0af1b-b0af5c 1->5 9 b0aee8 2->9 10 b0aefc 2->10 4->5 11 b0af69-b0af77 5->11 12 b0af5e-b0af66 5->12 55 b0aeee call b0b160 9->55 56 b0aeee call b0b150 9->56 10->1 13 b0af79-b0af7e 11->13 14 b0af9b-b0af9d 11->14 12->11 16 b0af80-b0af87 call b0a24c 13->16 17 b0af89 13->17 19 b0afa0-b0afa7 14->19 15 b0aef4-b0aef6 15->10 18 b0b038-b0b0f8 15->18 21 b0af8b-b0af99 16->21 17->21 50 b0b100-b0b12b GetModuleHandleW 18->50 51 b0b0fa-b0b0fd 18->51 22 b0afb4-b0afbb 19->22 23 b0afa9-b0afb1 19->23 21->19 24 b0afc8-b0afd1 call b0a25c 22->24 25 b0afbd-b0afc5 22->25 23->22 31 b0afd3-b0afdb 24->31 32 b0afde-b0afe3 24->32 25->24 31->32 33 b0b001-b0b00e 32->33 34 b0afe5-b0afec 32->34 40 b0b010-b0b02e 33->40 41 b0b031-b0b037 33->41 34->33 36 b0afee-b0affe call b0a26c call b0a27c 34->36 36->33 40->41 52 b0b134-b0b148 50->52 53 b0b12d-b0b133 50->53 51->50 53->52 55->15 56->15
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00B0B11E
                Memory Dump Source
                • Source File: 00000000.00000002.1354335992.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b00000_SecuriteInfo.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: a84473d1acc10c76f60bba9b4551bc45bbcba515969d75a07c3d51d7316070f5
                • Instruction ID: 6e46fb960f0f916a1e3bca48bf13cb21308cb8042c1df59d3b3015cd00a706d2
                • Opcode Fuzzy Hash: a84473d1acc10c76f60bba9b4551bc45bbcba515969d75a07c3d51d7316070f5
                • Instruction Fuzzy Hash: A68144B0A00B458FDB24CF29D44475ABBF1FF88304F008A6DE48ADBA90DB75E845CB91
                Function 00B0591C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 57 b0591c-b059e9 CreateActCtxA 59 b059f2-b05a4c 57->59 60 b059eb-b059f1 57->60 67 b05a5b-b05a5f 59->67 68 b05a4e-b05a51 59->68 60->59 69 b05a70 67->69 70 b05a61-b05a6d 67->70 68->67 72 b05a71 69->72 70->69 72->72
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00B059D9
                Memory Dump Source
                • Source File: 00000000.00000002.1354335992.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b00000_SecuriteInfo.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: c027d7134d943c56f9a7f2a9dbe5c42db67d139bccfa0a6b7ad89b24b97c53b8
                • Instruction ID: a69f20853f45afd24a63ed08972221747781615671898ad910250e8c51c82d63
                • Opcode Fuzzy Hash: c027d7134d943c56f9a7f2a9dbe5c42db67d139bccfa0a6b7ad89b24b97c53b8
                • Instruction Fuzzy Hash: 7B41C2B1D00719CBEB24CFA9C88479EBBF5BF49314F2081AAD409AB291DB756945CF50
                Function 00B05A94 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 73 b05a94-b05b24
                Memory Dump Source
                • Source File: 00000000.00000002.1354335992.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b00000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889849876236d51e385f605605828679536dc88643f176441a3e5cfd40f0fcb8
                • Instruction ID: f21e13c3732246db6e194fd097d0fb0c3a5158d645f694f0f396bcafb27ac8de
                • Opcode Fuzzy Hash: 889849876236d51e385f605605828679536dc88643f176441a3e5cfd40f0fcb8
                • Instruction Fuzzy Hash: C7318B75904658CFEB20CFA8D84479EBFF0EF55324F208289C0196B6A1C775A946CF41
                Function 00B04514 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 76 b04514-b059e9 CreateActCtxA 79 b059f2-b05a4c 76->79 80 b059eb-b059f1 76->80 87 b05a5b-b05a5f 79->87 88 b05a4e-b05a51 79->88 80->79 89 b05a70 87->89 90 b05a61-b05a6d 87->90 88->87 92 b05a71 89->92 90->89 92->92
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00B059D9
                Memory Dump Source
                • Source File: 00000000.00000002.1354335992.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b00000_SecuriteInfo.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: f16b38065d5389888ce8e305f1453f1c6cd108e369ddee1e1e686c1e4a94b649
                • Instruction ID: b21890611d03191463a874ab78897609b8ac5ef065010fcf6d7a3f74389b5e76
                • Opcode Fuzzy Hash: f16b38065d5389888ce8e305f1453f1c6cd108e369ddee1e1e686c1e4a94b649
                • Instruction Fuzzy Hash: F741B271D0071DCBEB24CFA9C884B9EBBF5BF48314F2081AAD409AB291D7756945CF90
                Function 00B0D0FC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 93 b0d0fc-b0d83c DuplicateHandle 95 b0d845-b0d862 93->95 96 b0d83e-b0d844 93->96 96->95
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00B0D76E,?,?,?,?,?), ref: 00B0D82F
                Memory Dump Source
                • Source File: 00000000.00000002.1354335992.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b00000_SecuriteInfo.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: a5df81f6033f6c3173b3ff7f0ee34ada432dba71273c804bad1da03128abcdb5
                • Instruction ID: be09b1d8dfdd3240f44a846a6bf217ac499049b0c8e4d8e89fd5eda02ba66cf6
                • Opcode Fuzzy Hash: a5df81f6033f6c3173b3ff7f0ee34ada432dba71273c804bad1da03128abcdb5
                • Instruction Fuzzy Hash: 3C21E5B5900348DFDB10CF9AD484ADEBBF4FB48310F14806AE918A7350D374A950CFA5
                Function 00B0D7A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 99 b0d7a0-b0d83c DuplicateHandle 100 b0d845-b0d862 99->100 101 b0d83e-b0d844 99->101 101->100
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00B0D76E,?,?,?,?,?), ref: 00B0D82F
                Memory Dump Source
                • Source File: 00000000.00000002.1354335992.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b00000_SecuriteInfo.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: ff3334b757c54d4484c64a21248b93e8e2a230f985b08a5d8020b9fa454e8563
                • Instruction ID: 91b588a72007c8033d61c28683181d24638bc84a14f8181b4e5336ff4105b9d8
                • Opcode Fuzzy Hash: ff3334b757c54d4484c64a21248b93e8e2a230f985b08a5d8020b9fa454e8563
                • Instruction Fuzzy Hash: 4921DFB5900348DFDB10CFAAD984AEEBFF5EB48310F14806AE958A7350D375A954CFA4
                Function 068088D8 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 110 68088d8-680a26a SetTimer 112 680a273-680a287 110->112 113 680a26c-680a272 110->113 113->112
                APIs
                • SetTimer.USER32(?,00B76428,?,?,?,?,?,?,0680A0B0,00000000,00000000,?), ref: 0680A25D
                Memory Dump Source
                • Source File: 00000000.00000002.1361764297.0000000006800000.00000040.00000800.00020000.00000000.sdmp, Offset: 06800000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6800000_SecuriteInfo.jbxd
                Similarity
                • API ID: Timer
                • String ID:
                • API String ID: 2870079774-0
                • Opcode ID: 664169e5305f004c66bb52a4350fbe0934a65871f74942eb929d70cb0c4b3e2d
                • Instruction ID: ab11a34c9e380c81772b492b74e996433673e9374ef6a3383f386297ba53ce3c
                • Opcode Fuzzy Hash: 664169e5305f004c66bb52a4350fbe0934a65871f74942eb929d70cb0c4b3e2d
                • Instruction Fuzzy Hash: 351125B5800348DFEB50DF9AC884BDEBBF8EB48310F10842AE518A7241D375A984CFA4
                Function 00B0B0B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 104 b0b0b8-b0b0f8 105 b0b100-b0b12b GetModuleHandleW 104->105 106 b0b0fa-b0b0fd 104->106 107 b0b134-b0b148 105->107 108 b0b12d-b0b133 105->108 106->105 108->107
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00B0B11E
                Memory Dump Source
                • Source File: 00000000.00000002.1354335992.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b00000_SecuriteInfo.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 4d1e0b365d81cf2274fca8a26953751e40c62e8a237f6902f88197fa045101aa
                • Instruction ID: 94c6183d5c2483432ebcf9f44ea954480c4e31ca01a74948e5dbbb52709e2e4f
                • Opcode Fuzzy Hash: 4d1e0b365d81cf2274fca8a26953751e40c62e8a237f6902f88197fa045101aa
                • Instruction Fuzzy Hash: 3D110FB6C002498FDB10CF9AD844BDEFBF4EB88324F14846AD429B7640D375A545CFA1
                Function 0680A1F8 Relevance: 1.5, APIs: 1, Instructions: 46timeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 115 680a1f8-680a26a SetTimer 117 680a273-680a287 115->117 118 680a26c-680a272 115->118 118->117
                APIs
                • SetTimer.USER32(?,00B76428,?,?,?,?,?,?,0680A0B0,00000000,00000000,?), ref: 0680A25D
                Memory Dump Source
                • Source File: 00000000.00000002.1361764297.0000000006800000.00000040.00000800.00020000.00000000.sdmp, Offset: 06800000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6800000_SecuriteInfo.jbxd
                Similarity
                • API ID: Timer
                • String ID:
                • API String ID: 2870079774-0
                • Opcode ID: 52646ebc1649c3bd8d988ecb837ba1c21d4da6fbcd6b7d95a42837e4ebc8d622
                • Instruction ID: 98ad123b859e183cae347be6028c793cd4e0e9ed04baa5e76f8af997eb302485
                • Opcode Fuzzy Hash: 52646ebc1649c3bd8d988ecb837ba1c21d4da6fbcd6b7d95a42837e4ebc8d622
                • Instruction Fuzzy Hash: 1E11F5B5800349DFDB50CF9AD845BDEBBF8FB48324F10841AE958A7240D375A584CFA5
                Function 06844F1B Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 120 6844f1b-6844f91 126 6844f99-6844f9f 120->126 151 6844fa2 call 6845190 126->151 152 6844fa2 call 6844b51 126->152 153 6844fa2 call 684514e 126->153 154 6844fa2 call 6844af8 126->154 155 6844fa2 call 6844be8 126->155 156 6844fa2 call 6848138 126->156 127 6844fa8-6845144 call 6844ae4 151->127 152->127 153->127 154->127 155->127 156->127
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: %*&/)(#$^@!~-_
                • API String ID: 0-3325533558
                • Opcode ID: cda17866797781727ef09c71dea0db3e3e86171ac4c76b955c4dd33688c043cd
                • Instruction ID: 11588bbb4098d409ab673b1c1b4c03ec3a84fa8d124006fc99cbc77870295469
                • Opcode Fuzzy Hash: cda17866797781727ef09c71dea0db3e3e86171ac4c76b955c4dd33688c043cd
                • Instruction Fuzzy Hash: 3B51B135B002549FD704AFB8D4456AEBBB2BF89300F14C5A9D991AB386CF316E49CBD1
                Function 06844F28 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 157 6844f28-6844f9f 188 6844fa2 call 6845190 157->188 189 6844fa2 call 6844b51 157->189 190 6844fa2 call 684514e 157->190 191 6844fa2 call 6844af8 157->191 192 6844fa2 call 6844be8 157->192 193 6844fa2 call 6848138 157->193 164 6844fa8-6845144 call 6844ae4 188->164 189->164 190->164 191->164 192->164 193->164
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: %*&/)(#$^@!~-_
                • API String ID: 0-3325533558
                • Opcode ID: f6ec331a59360202741756258c8b34d9227866310af33869a4a88add40517cde
                • Instruction ID: 185f484c15f5a36716a472f661194870312c511f673e1e0f1a11987bdd57d188
                • Opcode Fuzzy Hash: f6ec331a59360202741756258c8b34d9227866310af33869a4a88add40517cde
                • Instruction Fuzzy Hash: 1A518F35B002149FD704AFB8D4456AEBBB2BF89300F14C5A9D9956B386CF316E45CBD1
                Function 067FBB68 Relevance: .5, Instructions: 523COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f3d92e806af5ad9570f4a368f27a05a9d443fe0704395b0bda2fa9bdf967a48
                • Instruction ID: fde837a460d6c1a6270d24a57e775360399d03d79a812bb587553351d13472f9
                • Opcode Fuzzy Hash: 2f3d92e806af5ad9570f4a368f27a05a9d443fe0704395b0bda2fa9bdf967a48
                • Instruction Fuzzy Hash: 3E42D630D1061DCFCB55EFA8C844AECBBB1BF49300F518699D5497B265EB30AA99CF81
                Function 067F5471 Relevance: .5, Instructions: 467COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14a4ec1318a89bbe0adc6ea5515643d9db0922a568d609c4a86a01b49345958a
                • Instruction ID: 001459c6b6f47e57cfba1a50ddabd6ef1f0420a0d6f487187c5a87c7c557346a
                • Opcode Fuzzy Hash: 14a4ec1318a89bbe0adc6ea5515643d9db0922a568d609c4a86a01b49345958a
                • Instruction Fuzzy Hash: 0FE1B030B2070087DB96AF7E8CA162D67939FD5220394D87D9606AF39BDE75DC080BD1
                Function 067F5480 Relevance: .5, Instructions: 464COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7fefd07b7a6958b50e687be5ae381719fde3bd8a258df425cde2bb0e5ef3269b
                • Instruction ID: 550f853814974ef114425f3687d014dd29d59727e6ae5e536643f3095c6ff1da
                • Opcode Fuzzy Hash: 7fefd07b7a6958b50e687be5ae381719fde3bd8a258df425cde2bb0e5ef3269b
                • Instruction Fuzzy Hash: 40E1B020B2070087DB96AF7E8CA162D67939FD9220394D87D9606AF39BDE75DC080BD1
                Function 067F2C88 Relevance: .4, Instructions: 374COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab431786cf776850a96aa2270c1e042f859ebb2b89a9cb0837de286cf0bb9fd1
                • Instruction ID: 0dbb75418d91951dd9f0a8e2881d94d61346e3a718efa5f374ab453165f061c5
                • Opcode Fuzzy Hash: ab431786cf776850a96aa2270c1e042f859ebb2b89a9cb0837de286cf0bb9fd1
                • Instruction Fuzzy Hash: DFE18F34A003588FDB15DF79C854AAEBBB6FF88300F1485AEE549A7351EB309D46CB91
                Function 0684F958 Relevance: .4, Instructions: 368COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d30f4f2dfd830c843ff5410ff571031af8c2e3b7adfa416c55d8750258c657bb
                • Instruction ID: 202cddd81f3c36e4f4a29c2d335e38d358fd0861232d567bc2552630a2110995
                • Opcode Fuzzy Hash: d30f4f2dfd830c843ff5410ff571031af8c2e3b7adfa416c55d8750258c657bb
                • Instruction Fuzzy Hash: E4E13D34A0020DDFEF45EFA8D894BAEBBB2FB89300F148069D505AB365DB35AD41CB55
                Function 067F0260 Relevance: .4, Instructions: 360COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52fd01bc20e48e37edb84df65c30ba340f77cdad7719bf8a77b05762788fc0b9
                • Instruction ID: 4c1f0420c8341e80a6d26937459c3a59e6ef5afa1f5a679540bee23f3d721e79
                • Opcode Fuzzy Hash: 52fd01bc20e48e37edb84df65c30ba340f77cdad7719bf8a77b05762788fc0b9
                • Instruction Fuzzy Hash: F602A33191061ACFCF11DF68C954ADCB7B1FF59304F118699E959BB221EB30AA89CF90
                Function 067F8AD0 Relevance: .3, Instructions: 337COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b12c27db4dff941c77a9425ae2e237dda33d5e6a3121e278185de4cb80b40ccb
                • Instruction ID: f888202b9f554ed439d8e5e847e8898274896fb8a33e3409286c6cb2f428487c
                • Opcode Fuzzy Hash: b12c27db4dff941c77a9425ae2e237dda33d5e6a3121e278185de4cb80b40ccb
                • Instruction Fuzzy Hash: 84B1BF31E11308CFDB61DFA5C854AAEBBF6FF88300F204969C60AA7395DB319951CB52
                Function 068430F0 Relevance: .3, Instructions: 332COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f4a12666661af27ef2db3d40a9186a35f50208cefe1334a10a9b64c42f9648e5
                • Instruction ID: 96cf98a3f302ab5a1b369c17c89b48bfc12e02b0ae6307461a459f12e44dd9c0
                • Opcode Fuzzy Hash: f4a12666661af27ef2db3d40a9186a35f50208cefe1334a10a9b64c42f9648e5
                • Instruction Fuzzy Hash: ECF1B871D1061ACBCF14EFA8C954AEDB7B5FF48300F1186AAD519B7214EB70AA85CF90
                Function 067F0253 Relevance: .3, Instructions: 328COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed4f139baa5d89c058adbe75520b455c1db2e488707d284f874e432479500da7
                • Instruction ID: 232d3d2354e3024913668f1c31495144fa524bbecb9ed2f0b173636d512c2646
                • Opcode Fuzzy Hash: ed4f139baa5d89c058adbe75520b455c1db2e488707d284f874e432479500da7
                • Instruction Fuzzy Hash: 4AF1B231D1061ACFCF11EF68C850ADDB7B1BF59304F11869AD959B7221EB70AA89CF90
                Function 068430DF Relevance: .3, Instructions: 303COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96370147d30e0b3509c6974a72ee1241f4a4f57ca30ea2072384415b366d3c20
                • Instruction ID: 1e66a60ce2cbf21b73fdf26d4bdb81ecdb64b1d01a886956502ab771308cac25
                • Opcode Fuzzy Hash: 96370147d30e0b3509c6974a72ee1241f4a4f57ca30ea2072384415b366d3c20
                • Instruction Fuzzy Hash: 19E1D831D1061ACBCF54EFA8C954AEDB7B5FF48300F1186AAD519B7214EB70AA85CF90
                Function 067F1F90 Relevance: .2, Instructions: 232COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af516eaedd69289542f823fa5c96416edc832b3fb67666cb75de8d82c6349fd0
                • Instruction ID: 026bc294cddddde53bf194341d3baf0a439edfdd2d7c4be2de907018ae2a203e
                • Opcode Fuzzy Hash: af516eaedd69289542f823fa5c96416edc832b3fb67666cb75de8d82c6349fd0
                • Instruction Fuzzy Hash: 57917E31E10608DFCB45EBB8C8549EDB7B2FF89300F148699E615AB351EB70A981CB81
                Function 067FCC40 Relevance: .2, Instructions: 224COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 43e3c534ace34f252290c720e59d5dc3efcc037b71e35327fc7819c35ce81336
                • Instruction ID: a29735a47c9dc6f02f0c114bfcb9b8833d0206773d7b46bb072ff7a62242b925
                • Opcode Fuzzy Hash: 43e3c534ace34f252290c720e59d5dc3efcc037b71e35327fc7819c35ce81336
                • Instruction Fuzzy Hash: DDA1B175910619CFDB11EF68C840A99FBB1FF49304F05C699E949BB315EB30AA89CF90
                Function 067F2DB1 Relevance: .2, Instructions: 214COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a25984e8fbc9c99704ad89f270cb600907a30d56f5af2a7c56f216508267d6d
                • Instruction ID: 6f2c5d63ebd78fa663f5fe2dfd2fc83503a00c170d9400011124060dcf161d5a
                • Opcode Fuzzy Hash: 1a25984e8fbc9c99704ad89f270cb600907a30d56f5af2a7c56f216508267d6d
                • Instruction Fuzzy Hash: CBA13C34910758DFDB24DF64C840BAEBBB5FF89300F14819AE949A7211EB71AE85CF91
                Function 06840040 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af2cbb68c64b0efe364c71e99ba07f9ef20feffce93850a542ed98ae3acef154
                • Instruction ID: 21425560fc25b6fafe55a89bbe21b5151c4369051579b5fbed3cf0950d774739
                • Opcode Fuzzy Hash: af2cbb68c64b0efe364c71e99ba07f9ef20feffce93850a542ed98ae3acef154
                • Instruction Fuzzy Hash: 3271C131A003099FEB65EF65D854BAFB7E6EFC8200F108829E616D7290DF75D941CB91
                Function 067F79A0 Relevance: .2, Instructions: 211COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2344488bccda419fcb02999eb25c10de02c94aa13286ac5063eea6a9d9e48b4d
                • Instruction ID: 09d6bdeb0bdd577a7a65d00a09de23d6eba3067f9a2e11ca8afbf8b0283cbeeb
                • Opcode Fuzzy Hash: 2344488bccda419fcb02999eb25c10de02c94aa13286ac5063eea6a9d9e48b4d
                • Instruction Fuzzy Hash: D0910574A1020A9FDB55CF68D980AEEB7F6FF48310F148569E929E7350E730EA51CB50
                Function 067F8F90 Relevance: .2, Instructions: 210COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de1b1a30a55f12fc9f2a112513dc6d8874700ab3d23d2b778db5c34d04f47338
                • Instruction ID: 1f79682570f826e2f7db36205f7c558b22af39799471bc978004f193781e6b27
                • Opcode Fuzzy Hash: de1b1a30a55f12fc9f2a112513dc6d8874700ab3d23d2b778db5c34d04f47338
                • Instruction Fuzzy Hash: AA819331A20209DFCB44EFA4D854EEDBBB5FF89300F158569E602AB364DB71A945CF90
                Function 06842380 Relevance: .2, Instructions: 207COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 66dd35024471ac51fe112b97be28b47c3f03588493962be9066e38d4bded5935
                • Instruction ID: e11c26a7ed750a6398b66ec7d2e39cebd5123f19f279e3318c7d8e8879fe69a3
                • Opcode Fuzzy Hash: 66dd35024471ac51fe112b97be28b47c3f03588493962be9066e38d4bded5935
                • Instruction Fuzzy Hash: EC81B330E1421DDFDB90EF68D8686ADBBB0FF44350F114069E545E72A4EB30DA65CB81
                Function 067F0C40 Relevance: .2, Instructions: 204COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f31a983cf0462b8a0311008ec6fde2377af74da6f7843c352738479f6c4d5a24
                • Instruction ID: 8119af67baedfa0656ec98c9d8264af6d28c5cec61e60d8f9a937a903a81133e
                • Opcode Fuzzy Hash: f31a983cf0462b8a0311008ec6fde2377af74da6f7843c352738479f6c4d5a24
                • Instruction Fuzzy Hash: 94910931D10609CFDB50DF68C850AEDB7B1FF48300F1086A9D959AB361EB31AA85CF90
                Function 06847B5B Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: afa10c2c2ac8a4e639c6eacc6a3e80b73ef94d40551831b278360a0b10c315e7
                • Instruction ID: 566533de47615c3c33550a80f3c7913dc0a30b88d0669463c4b15b3f929cbf4e
                • Opcode Fuzzy Hash: afa10c2c2ac8a4e639c6eacc6a3e80b73ef94d40551831b278360a0b10c315e7
                • Instruction Fuzzy Hash: C9816C70A0465C8FDB50EFA5C490AAEBBF1BF44304F1486AAD565EB346D734DC42CB91
                Function 06847B68 Relevance: .2, Instructions: 191COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1bd1b62c3ae0752cc107df6949afd3522cc5f28d8f52a489d08ae57c7b3c9e41
                • Instruction ID: db31dda560c728605ad069630e8b46da7ecc2492eda03f034e1fa80731c1b8da
                • Opcode Fuzzy Hash: 1bd1b62c3ae0752cc107df6949afd3522cc5f28d8f52a489d08ae57c7b3c9e41
                • Instruction Fuzzy Hash: 76716C70A0465C8FDB50EFA5C480AAEBBF1BF44308F1486AAD565EB346D730EC42CB91
                Function 06847BE9 Relevance: .2, Instructions: 187COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d311aab599af2cae53b1cc2ea1f5760dfc18508908dd1e2eee12efddf0e218b
                • Instruction ID: 0ae494557e6ca8f82e30deddb42c911ed8ae130f598bd69cd1d5d8d22089a64c
                • Opcode Fuzzy Hash: 3d311aab599af2cae53b1cc2ea1f5760dfc18508908dd1e2eee12efddf0e218b
                • Instruction Fuzzy Hash: 11715A70A0465C8FDB50EFA4C4906AEBBF1BF45308F148696D165EB396D734DC42CB91
                Function 067F17B0 Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 142334e5ef8c924bb5592c58eb5d0481b2569e5814b4b8277f0ad8430f55695f
                • Instruction ID: 66da45f2c3a46a3b8a01546df168e5d1f076864d2ab6d215ed5576b81213f424
                • Opcode Fuzzy Hash: 142334e5ef8c924bb5592c58eb5d0481b2569e5814b4b8277f0ad8430f55695f
                • Instruction Fuzzy Hash: 2B71E275E10209AFDF41DFA9D980AEEBBF6FB48310F14852AEA15A3310D7359951CBA0
                Function 067FF1E0 Relevance: .2, Instructions: 180COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c42350204e55e152d55e6b77bdae8ca111f06539fa0dea0682ad79f0bf136534
                • Instruction ID: 338f049c853afbaf22e72a3198de3d914d16e9e9cfe63c0cd6257809c0a33faf
                • Opcode Fuzzy Hash: c42350204e55e152d55e6b77bdae8ca111f06539fa0dea0682ad79f0bf136534
                • Instruction Fuzzy Hash: B2810734A00344CFDB48DFA8C598998BBF1FF49304F1585A9D909AF36ADB75E949CB40
                Function 067FCC30 Relevance: .2, Instructions: 166COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16e15957dcc93ecdf463a5499408b35fdfbb55d87cbaa143990ce4b5d9eb95e9
                • Instruction ID: 0ab1d26c4adc93a42e305e01692f94ba950e51056cf6bde287829111fd642322
                • Opcode Fuzzy Hash: 16e15957dcc93ecdf463a5499408b35fdfbb55d87cbaa143990ce4b5d9eb95e9
                • Instruction Fuzzy Hash: E6713971910619CFDB51EF68C840AA9FBB1FF49314F05C699E549BB311EB30AA89CF90
                Function 068473F7 Relevance: .2, Instructions: 166COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e862eaa7786d033577e74b4a225ad04c7d020810320a92ad8fc0a12b3797b876
                • Instruction ID: 04851cfeea90def0a6637a27ca9b66b5e4b7a3d2dbbe498cdb69202219d1eaa0
                • Opcode Fuzzy Hash: e862eaa7786d033577e74b4a225ad04c7d020810320a92ad8fc0a12b3797b876
                • Instruction Fuzzy Hash: 2051A530E0420DDFEB54EFA9C8517BEBBB2BB84710F108126E961E7385DB349942CB91
                Function 067FE4B8 Relevance: .1, Instructions: 147COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 81ee7a308114b18002ae6ec959072183219c26d16cb1e498630fa94798756900
                • Instruction ID: 0c61d2037010a538c60ac7936952f605ebb8160eed354a4095c4228a33fe877e
                • Opcode Fuzzy Hash: 81ee7a308114b18002ae6ec959072183219c26d16cb1e498630fa94798756900
                • Instruction Fuzzy Hash: 78511A34E106099FCF44EFA8C8948ADF7B5FF89310B109669E616B7310EB34E985CB51
                Function 067F81F0 Relevance: .1, Instructions: 146COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e96c4b746f1b50f0c933bd90450ea606bb300d212b2064fdbc54f6ca53983f8
                • Instruction ID: 5187e5f46ba7d5c8b9694cb662c84a1b48a05a4f3289b350b71bf461ef0ba2d7
                • Opcode Fuzzy Hash: 6e96c4b746f1b50f0c933bd90450ea606bb300d212b2064fdbc54f6ca53983f8
                • Instruction Fuzzy Hash: 1E41A1317047408BEB69AB798821A3E77E7AFC9244718487CD612CB7D0EF29DC02C756
                Function 06840338 Relevance: .1, Instructions: 145COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba3e95a4acc021ab01d7d7fab73732326f1bfa837cb6c1700946c241b9eaea3a
                • Instruction ID: 11f05bbb1428ac83386da5ffa9a73388ba66873f4a332f110396ce7f3a3fd234
                • Opcode Fuzzy Hash: ba3e95a4acc021ab01d7d7fab73732326f1bfa837cb6c1700946c241b9eaea3a
                • Instruction Fuzzy Hash: D9514C30E10208DFDB65EF68D458A9EBBF2AF89215F1480A9D605EB361CB35DC82CB50
                Function 06846B1C Relevance: .1, Instructions: 142COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2259e12662affd2022442e6293751d50d6a3d1a3108f70249ebed40298fed8aa
                • Instruction ID: e7ebce68fa70ef16b231d18d899e4197960731ce955a5490f3ec85badcb66d3a
                • Opcode Fuzzy Hash: 2259e12662affd2022442e6293751d50d6a3d1a3108f70249ebed40298fed8aa
                • Instruction Fuzzy Hash: 6D51CF74F0421E9FEB50EF94D445ABEBBB2EF46705F088066E502EB295E734C981CB91
                Function 068441C8 Relevance: .1, Instructions: 132COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 11811dc813376dc1ae4906600018512dce3498521a49b6bba296a65b56538c2a
                • Instruction ID: 89cd62e4ce5c8281e16152a7c2d7994e85af64a10e3d8133804df240f5a29522
                • Opcode Fuzzy Hash: 11811dc813376dc1ae4906600018512dce3498521a49b6bba296a65b56538c2a
                • Instruction Fuzzy Hash: CA419D34B11219DFEBA8EBA8D814BAEB7F2FF89205F108169D616D7350DE30D841CB91
                Function 06843E68 Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 78e705d47505318f011fb66b52144c80d70a53d2737bc81bd4e51f4c10d75fa0
                • Instruction ID: 08c6f7fe78dc457c6cc6d2b0539ddbdc533585fccc88e3594f70dcf2a0a968f3
                • Opcode Fuzzy Hash: 78e705d47505318f011fb66b52144c80d70a53d2737bc81bd4e51f4c10d75fa0
                • Instruction Fuzzy Hash: 0B519531E10609DFCB00EFA8D8809EDF7B5FF89304F00856AE515AB365EB70A945CB91
                Function 067FE4A8 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 264d3b1bda0cf4b930c41a5f7cdc27d62bf62b01ce847d9399b6c497f88781a8
                • Instruction ID: 2a83bc231efad9922b620f7d62929da68594c169abe1658e75428ffa83421ac3
                • Opcode Fuzzy Hash: 264d3b1bda0cf4b930c41a5f7cdc27d62bf62b01ce847d9399b6c497f88781a8
                • Instruction Fuzzy Hash: 6B413D35E10609DFCF50DFA8C8908ADF7B1FF89310B149669E616A7321EB34E985CB91
                Function 067F1640 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a82451fd35d4018e1f3f4ba24d39d4b3f65f1b9d3251ef61b22e4cf0cc51fe4b
                • Instruction ID: d32c9990b4ce75135230c1b43637c601097d6fe33c93c92825bb487c5443d496
                • Opcode Fuzzy Hash: a82451fd35d4018e1f3f4ba24d39d4b3f65f1b9d3251ef61b22e4cf0cc51fe4b
                • Instruction Fuzzy Hash: 0D41D231A006158FDB40EB6DC844AAEBBF6EFC5310F15856AD109DB361DB749D81CB91
                Function 067FB15C Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef48d82e3abb143ca5125c53b189e867c0f15ab2760125efc0365ad0bb8922cc
                • Instruction ID: b57598dfb2b6296fd3550f732d1514f09460b946a10889a06155bbeaca590086
                • Opcode Fuzzy Hash: ef48d82e3abb143ca5125c53b189e867c0f15ab2760125efc0365ad0bb8922cc
                • Instruction Fuzzy Hash: 9641B271E3411ADFDB81EFA5C859EAA7BF0AB44B40F108466D642E7394EA34CA10CAD1
                Function 067FB150 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 294313a5c7cfcb8501cc87db186775ac5d58b859bd0593fd9f566b6c090eb39d
                • Instruction ID: c413fec1af1fa114ddbca31a39c6bf4a10c93c97b7c71728d6399e4526ad1391
                • Opcode Fuzzy Hash: 294313a5c7cfcb8501cc87db186775ac5d58b859bd0593fd9f566b6c090eb39d
                • Instruction Fuzzy Hash: AF41D970E34216DFDB81FF65C859EFA7BF1AF45B40F108456D642A7395EA308A10CAD1
                Function 067FEF70 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15fb1f495c2ba5855412b140e66892f4fb494e20ea6d4bb06a89eaba0d604d60
                • Instruction ID: 2e65b8fb7f7e6dcbdfc17370fe52171e7aadee63725bf790cf611d3431850173
                • Opcode Fuzzy Hash: 15fb1f495c2ba5855412b140e66892f4fb494e20ea6d4bb06a89eaba0d604d60
                • Instruction Fuzzy Hash: CA41F270A212059FEB94DF28D944A6EBBF2BF89200F2480A9EA05DB351DF75CD01CB91
                Function 06842170 Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7967d58b12f8393d44573f7ce1474f0e0b38d6cee2576ad3ad06212d7f058442
                • Instruction ID: 745a31c8d80d809232f32c17e9ec90a3dbc7cfc5710234e24d6c5066096e9516
                • Opcode Fuzzy Hash: 7967d58b12f8393d44573f7ce1474f0e0b38d6cee2576ad3ad06212d7f058442
                • Instruction Fuzzy Hash: 78414930A152199FDB44EFA8D864AADFBF2AF89310F148569E501FB3A0DF309D41CB50
                Function 067FB947 Relevance: .1, Instructions: 117COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 982ef50845f941f6ac90fa0ef9ec4014e6cd3a0b66a2355f063be1fdc5ce10d2
                • Instruction ID: b2af2ba49e565f2c4d24aeaf672eac4274a62b3e733f6768e43655aef310b394
                • Opcode Fuzzy Hash: 982ef50845f941f6ac90fa0ef9ec4014e6cd3a0b66a2355f063be1fdc5ce10d2
                • Instruction Fuzzy Hash: 6D41E770E24216DFDB81EFA5C849EBA7BF1AF54B40F108466D641A7395FA308A10CBD1
                Function 06840328 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 688465dd5ccb913c9dfbdf97d70d2a990062b0745903a30ec097f9700cc20b21
                • Instruction ID: 9f5fa4a750ae32747433395042c15339160240a79d40f1c30499d33b1fef72e7
                • Opcode Fuzzy Hash: 688465dd5ccb913c9dfbdf97d70d2a990062b0745903a30ec097f9700cc20b21
                • Instruction Fuzzy Hash: C4414E30F102089FDB64DF69C558A9EBBF2AF88315F248069DA05EB361DB35DC41CB50
                Function 06842180 Relevance: .1, Instructions: 115COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f41bed79e927a1c56c5eb7a12a6bf5fe9e0fc2d0c0ee731c0bbe0be0a2130ba5
                • Instruction ID: 9324263da7a735af18dba5522000ea7fae6652bea523acc3025ef07a940cc742
                • Opcode Fuzzy Hash: f41bed79e927a1c56c5eb7a12a6bf5fe9e0fc2d0c0ee731c0bbe0be0a2130ba5
                • Instruction Fuzzy Hash: F9414B30A152189FDB44EFA8D854AADFBF6AF89310F158569E501FB3A0DF30E941CB90
                Function 067F0C31 Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cf0d3ad95d3aded92aadf0e06ad72ef1243c0ab2d6c944176d7f051c172fe411
                • Instruction ID: a02ec9d130706c660f2990de70b7a1112c7a5e930c598d1db58b09e5b8a39c59
                • Opcode Fuzzy Hash: cf0d3ad95d3aded92aadf0e06ad72ef1243c0ab2d6c944176d7f051c172fe411
                • Instruction Fuzzy Hash: ED414B31D1021ACFDB50DF68C850AE9B7B5FF88310F14C6A9D959AB351EB70A989CF90
                Function 067FA988 Relevance: .1, Instructions: 103COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c7f1c319c9a532448f50b2b0d05a169ea874da218bef106b5bfa48c648457f9
                • Instruction ID: 9abf655ebcab6bc8d74de9af32a8e9cf7475371b78ed6d77a9f9e0ea3f7bed4b
                • Opcode Fuzzy Hash: 1c7f1c319c9a532448f50b2b0d05a169ea874da218bef106b5bfa48c648457f9
                • Instruction Fuzzy Hash: BD416730E04218DFEB219FA5D9889ADFFB2FF84300F228159D6557B296CB3198A0CF45
                Function 067FF000 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f680d3a9d119cee95c38971d6be2a8c70bc340ec0f28788d7add90e5b603c1f1
                • Instruction ID: 67c47af38448dfa557e548b245c0e5d832bce5cc561a700e8ecca3ca8f693e33
                • Opcode Fuzzy Hash: f680d3a9d119cee95c38971d6be2a8c70bc340ec0f28788d7add90e5b603c1f1
                • Instruction Fuzzy Hash: 99319E34E21205DFEB64EB64E958AAEB7F6BF88200F148069E616E7350DF74D801CB91
                Function 067F1784 Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 905aa343c1cbf7b32b7df3a0b1ef91058952360b1d144a0c5577a87b14aad6a4
                • Instruction ID: c9a63350067af53c0d4cb5f3b84e3baea8e552f5ff44d418fe3357039c5ad343
                • Opcode Fuzzy Hash: 905aa343c1cbf7b32b7df3a0b1ef91058952360b1d144a0c5577a87b14aad6a4
                • Instruction Fuzzy Hash: 233159B5910348AFDB50DFAAD844A9EBFF9EF48320F10842AE519A7310D775A944CFA4
                Function 06844018 Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b5ac03aacba23327a722a8ea3945e46c2d64289316a73ce99b03bb08e0cd6c7
                • Instruction ID: f52ebba035bec171a6f788fafcf65c8ee1fdd9c5675844b4eb2256e366bbfb19
                • Opcode Fuzzy Hash: 4b5ac03aacba23327a722a8ea3945e46c2d64289316a73ce99b03bb08e0cd6c7
                • Instruction Fuzzy Hash: 26317231E10218DFDB94EFA8D844A9EB7F6FF84200F10816AE616E7320DB719D55CB91
                Function 068441A0 Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd8078769b3f4307b81490a4880f0dfe0ecfe2448b3311b7d320ba0f610a7935
                • Instruction ID: 4ed73d596213c33a1349caeea66429278b2fb72bdbfdae3cb15b019c82a6113f
                • Opcode Fuzzy Hash: fd8078769b3f4307b81490a4880f0dfe0ecfe2448b3311b7d320ba0f610a7935
                • Instruction Fuzzy Hash: BF310434A012199FEBA9EB74C814BAE7BF2FF8A300F1441A9D612D3351DE34C800CBA1
                Function 0684514E Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6bd02a7951ba25d422e56588d4a4398215597948f253f4514f5a52b33542943d
                • Instruction ID: d29f59674e6d2b83ff1039851229c0e8c1dd393f83e5f91a79490b2b59e8e56d
                • Opcode Fuzzy Hash: 6bd02a7951ba25d422e56588d4a4398215597948f253f4514f5a52b33542943d
                • Instruction Fuzzy Hash: 2231AD7170D3944FE7125BB5982836E3FF2EB86211F0940ABD546CB2D7DA388C06C762
                Function 06840013 Relevance: .1, Instructions: 98COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a04f361bcc1982531772d2abf39cd034c220659772e07bb99f73afa88d91a8eb
                • Instruction ID: f16257cafc1616031ae4197ed0558335976b1092850439a014ac7e49c692ca1e
                • Opcode Fuzzy Hash: a04f361bcc1982531772d2abf39cd034c220659772e07bb99f73afa88d91a8eb
                • Instruction Fuzzy Hash: AC31F230A00309EFDB55EF64C814BAEBBF5EF84204F24842EE655DB291DB74E845CBA0
                Function 067F1820 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e75e8326367d092f1cb9e33d3052442fb3b9d0d1282fb070fa9aa8d98e9c7a5
                • Instruction ID: 761acdd9c4a8aa130c4eb6bf3c015c8ecbd33707d2633d6a99d5ed24104a86b6
                • Opcode Fuzzy Hash: 6e75e8326367d092f1cb9e33d3052442fb3b9d0d1282fb070fa9aa8d98e9c7a5
                • Instruction Fuzzy Hash: 09315575904248EFDB51CFA9C880AEEBFF5FB48320F04802AF914A7320C735A954CBA4
                Function 067FB7F0 Relevance: .1, Instructions: 93COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c9cfeec52c131afbf00f0add030a65026720a0fed7de9e8b4020789463a131eb
                • Instruction ID: f5e130d15c7da538070ef87a8f88d0fc2929d6df0aeeab2df317071aed70b377
                • Opcode Fuzzy Hash: c9cfeec52c131afbf00f0add030a65026720a0fed7de9e8b4020789463a131eb
                • Instruction Fuzzy Hash: 4131C630914348CFCB51EF68C854A9EBBF1BF89300F1085AAE1556B361EB31A948CB91
                Function 067FA6C8 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5fc0a380db45dc07d3b4ff885cdd91ec7eff8e4a62cbe8efdebd188f33335ac5
                • Instruction ID: 5f61ad13a59661792fd272c190c336a8942574d257eaa3777d39ab67d96a882e
                • Opcode Fuzzy Hash: 5fc0a380db45dc07d3b4ff885cdd91ec7eff8e4a62cbe8efdebd188f33335ac5
                • Instruction Fuzzy Hash: 14311935A10108CFDB54DFA8C955EADB7F1EF49210F2441A9E609EB365DB359E40CB60
                Function 067F0929 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da95bcb464e7c01ec77b022e93a9f67a7aea64ee59eb6c3faab5c281a15318ab
                • Instruction ID: a7842f91857e14d8d9f3b27ee1b1f8b6fe1ec3a8ba9505d76a0f9eb083935e02
                • Opcode Fuzzy Hash: da95bcb464e7c01ec77b022e93a9f67a7aea64ee59eb6c3faab5c281a15318ab
                • Instruction Fuzzy Hash: F7310A35A106199FCF04EF68C894CDDBBB5FF89314B018699E505AB361EB70B94ACB90
                Function 067F0938 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8538ddcc988b5736f815d39e4988bf54c1d36e18932b30ed4709413a5ce9b01b
                • Instruction ID: f570a061185bcc8af2f9828a6d8011bf5f03a71c8a3d1b116a17549da06c4fa2
                • Opcode Fuzzy Hash: 8538ddcc988b5736f815d39e4988bf54c1d36e18932b30ed4709413a5ce9b01b
                • Instruction Fuzzy Hash: BB310A35A106199FCF04EF68C894CDDFBB5FF89314B018699E5056B321EB70B949CB90
                Function 067F36B8 Relevance: .1, Instructions: 85COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3727aa1fa8715152a790594a9bba9842f8d95df6f6cd6595649ecc096fc2307
                • Instruction ID: 92e91b18e6c00bd0ab0ee97a79e35aefca22db0d7201896e433e2ac405561278
                • Opcode Fuzzy Hash: a3727aa1fa8715152a790594a9bba9842f8d95df6f6cd6595649ecc096fc2307
                • Instruction Fuzzy Hash: DF31C2B6E10219AFCF41DFA8D9808EEBBB6FF4C210F14412AEA15A3310D73199519BA0
                Function 067F81E0 Relevance: .1, Instructions: 85COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d8a04d4c0bc38a2cb34586a5070cc6596e19f58a6c4f4acf987d0a5c614e90b
                • Instruction ID: baf5bafd336f1555d4cd7e30116ae1df2de158dbea0be9e73702ab3b940a7f65
                • Opcode Fuzzy Hash: 7d8a04d4c0bc38a2cb34586a5070cc6596e19f58a6c4f4acf987d0a5c614e90b
                • Instruction Fuzzy Hash: F1216031B11B409BE764AB75D81093AB3F6AFC8208B14887DD65687790EF32E806C711
                Function 06845190 Relevance: .1, Instructions: 85COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 48ad653bff7bae965a31633da3127a2ffc7d201116d9d2dc08cc09f139e2b84a
                • Instruction ID: 9a8cd0de9b8ff162b48ff2e3ca7f357bfd20adc016f200b27ade046752e81b30
                • Opcode Fuzzy Hash: 48ad653bff7bae965a31633da3127a2ffc7d201116d9d2dc08cc09f139e2b84a
                • Instruction Fuzzy Hash: 142192357083188FE7546BB9D45872E3BE6EBC9211F14856BE507C7386DE398C02CB62
                Function 0684E116 Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 736041a8efb938d58f4a9d456c430d2d8bfda2f6d09e4ea09942951bf2dc994c
                • Instruction ID: 7d8d09755a164e256632fac9a865c0dc07fda7cbff97c229615dc15d7554f5e9
                • Opcode Fuzzy Hash: 736041a8efb938d58f4a9d456c430d2d8bfda2f6d09e4ea09942951bf2dc994c
                • Instruction Fuzzy Hash: AE316F7494122ACFEB60DFA4D848B9CBBB6FB49301F00C6A6D60AEB354DA304D85CF55
                Function 06844AF8 Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9982e830d071aa727e3c3369cee07fead433ed3fe1d28f62a5634e72ab9a8e00
                • Instruction ID: da9d4c4d703ba6aaf44007232e6d3c3a6520230780c3c91f482ac0fb70b0e70c
                • Opcode Fuzzy Hash: 9982e830d071aa727e3c3369cee07fead433ed3fe1d28f62a5634e72ab9a8e00
                • Instruction Fuzzy Hash: 3221B2317093288FE7546BB9D45833E3BE6EBC9211F04846BE506CB386DE398C01C7A2
                Function 067F8F81 Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1612bff1861da6495e5c1f6b76be3d87f7c92d637698d6c7372b122c4ddf58b
                • Instruction ID: 925a6f82614915fd0f8ebb4820cd952c83ddf26a321b0790ac4071d9bfbd1402
                • Opcode Fuzzy Hash: d1612bff1861da6495e5c1f6b76be3d87f7c92d637698d6c7372b122c4ddf58b
                • Instruction Fuzzy Hash: 1731B630A20605DFDB04EF64C854EEDBFB5FF85304F048169E611AB360EBB1A946CB90
                Function 067F7460 Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cf817d9503505a2ff05ed311403b62d821bce56d06b9f7f7042de56e22ba4f7a
                • Instruction ID: 62b7021eaac60edb2aad3fe0747b0fbd03b9f164ba496fce5fffb5e603ae3cb1
                • Opcode Fuzzy Hash: cf817d9503505a2ff05ed311403b62d821bce56d06b9f7f7042de56e22ba4f7a
                • Instruction Fuzzy Hash: 1F21B676B206105FEB788F29D881A7F77E6EB84320F248469E246D3754D734ED81C751
                Function 067F7548 Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dd9f4c472a5c8ebe17429465e05a7d8e147ae2e73ccf0519c6a48215a6eeb1ab
                • Instruction ID: 3375a43cec3b091d6e08b3815cfa72db93c01b72ec376c70c396bfc055283fb7
                • Opcode Fuzzy Hash: dd9f4c472a5c8ebe17429465e05a7d8e147ae2e73ccf0519c6a48215a6eeb1ab
                • Instruction Fuzzy Hash: 14213D32B106118FCB25EB68E880CBEBBF6EFC5310F24456AE205D7351D730A951C7A2
                Function 0684E01E Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c87b6c534fc02b3685e5b369c44f6d3c70e63798041c6e8fc766d7e580a31436
                • Instruction ID: 8675e611fb3ec0840f0b8d40e98df87567d01ddf520bc2185c7a73e035b547ca
                • Opcode Fuzzy Hash: c87b6c534fc02b3685e5b369c44f6d3c70e63798041c6e8fc766d7e580a31436
                • Instruction Fuzzy Hash: 4B318D74A0021ECFE7A0EF68D849BAC7BB6BB49304F1086A5D60AE7355DE304D86CF45
                Function 06847FF8 Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 982f9b3a8d937550211195df86140b84a3e62e501d354d00e10aea0b1a3da92e
                • Instruction ID: 3248f74f8163158009c8fc9ffe614a140dc9671b8afb69d9ee032d0ce9d3b7aa
                • Opcode Fuzzy Hash: 982f9b3a8d937550211195df86140b84a3e62e501d354d00e10aea0b1a3da92e
                • Instruction Fuzzy Hash: C831FFB091A65CCFE3A09FA9CC4126EBBF0BF45204F00856BE6A6D7291D374D840C792
                Function 067FE79F Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e732ed6efdcecde9af3023a78b0760f490f60d2f5dcdb3a0c978a563e3757f4a
                • Instruction ID: d3d326bb5b68d78846e18637caa87562c37e2900ab948933e7f66b46f5d263b2
                • Opcode Fuzzy Hash: e732ed6efdcecde9af3023a78b0760f490f60d2f5dcdb3a0c978a563e3757f4a
                • Instruction Fuzzy Hash: 48317331A106099FCB05EFA8C894CEDBBB5FF89304F018699E5057B224FB30A949CB91
                Function 067FED80 Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ac77c6c6d7a5c15ac0a4fb75c2fd512c10c9a701dbbb4b16a7fcf5960e2ad41
                • Instruction ID: 37099082c87d31443fa2482660a9002e94a6308d8493a071ba3256eb90bcd17d
                • Opcode Fuzzy Hash: 1ac77c6c6d7a5c15ac0a4fb75c2fd512c10c9a701dbbb4b16a7fcf5960e2ad41
                • Instruction Fuzzy Hash: F4316F71E10619DFDB14DFA9E84899EBBB6FF88310F10812AE505A7330DB709845CF90
                Function 067F8AC0 Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 85a273ee79f85eef6733059a0609d8ece640e204630cdfc6b7cb728ee2778a32
                • Instruction ID: 7995a9aa1ad84b7ccd14ec900633ec9b7febd698ca757654325296439b6baf18
                • Opcode Fuzzy Hash: 85a273ee79f85eef6733059a0609d8ece640e204630cdfc6b7cb728ee2778a32
                • Instruction Fuzzy Hash: 7C21C430E20246DBDF52AB64C4949BABBB0EF41200F51897AC64EB7344EB36D911CBD1
                Function 0684C039 Relevance: .1, Instructions: 80COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6d8c1ca1dbe8132645a8176a1d42838da204b791c76aade70b3428a9b6efe4d6
                • Instruction ID: 2a0a859b8ac2a3fee8fe0c88f76bff5326d9391e1e1a13ff51f42e9643647f30
                • Opcode Fuzzy Hash: 6d8c1ca1dbe8132645a8176a1d42838da204b791c76aade70b3428a9b6efe4d6
                • Instruction Fuzzy Hash: 2041C178905229CFDBA5DF64C884BACBBB5FF49311F0081EAD909A7351D7319A81DF50
                Function 067FE6C0 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbcfffbc1c186812f65c592cb2883d35f91dfb8111b36db03bfb8f84cf4a80f3
                • Instruction ID: d1be9d4c97fb03be720a00ce29107ccb3027f75bc690b2c4603444d1981bce69
                • Opcode Fuzzy Hash: dbcfffbc1c186812f65c592cb2883d35f91dfb8111b36db03bfb8f84cf4a80f3
                • Instruction Fuzzy Hash: E4312C35E106099FCB40EFACD8459AEBBF5EF99300F10816AD655E7321EB30A945CB91
                Function 067F7470 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a358f025497e3cd397b9f6e045854074f2066d7d74ac23f6d1e2ff80e15e897
                • Instruction ID: 5c4bdfeb83b4cf59413427e9f2c0182a122406dfbb4f0064e4e0db55ef0a4065
                • Opcode Fuzzy Hash: 4a358f025497e3cd397b9f6e045854074f2066d7d74ac23f6d1e2ff80e15e897
                • Instruction Fuzzy Hash: 3D21C676B206104FEB28CB65D88197E77E6EBC4221F288469E247D37A4DB34ED81C761
                Function 067FE7B0 Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8b4737db08a8fc92cebb97dd9e08a3628e43186b76211e9cc014aebc603b0ca
                • Instruction ID: 162cbf9cad2db8228c08571ae0907b91c740f78a6764d4862bf807d87ee2cd51
                • Opcode Fuzzy Hash: e8b4737db08a8fc92cebb97dd9e08a3628e43186b76211e9cc014aebc603b0ca
                • Instruction Fuzzy Hash: 30311231A106099FCB04EFA8C894CEDBBB5FF89314F018699E5056B224FB70A949CB91
                Function 067F183C Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0fe42286090f69720fd29c66aa3dd6238981e9d3c4c2aed48bf4babc30eb102c
                • Instruction ID: 263d1714f4b722e330e7d93d9eb89e3619cf65481bab3e45dbaf901f09e5af63
                • Opcode Fuzzy Hash: 0fe42286090f69720fd29c66aa3dd6238981e9d3c4c2aed48bf4babc30eb102c
                • Instruction Fuzzy Hash: AD31D275900248EFDB51CF99D884AEEBBF5FB48320F148429F914A7350D775A950CFA0
                Function 067FDE30 Relevance: .1, Instructions: 76COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9d1eb7e8cb93e5dd7f2b7a8cdce25c611ee8d201c216222e7191fe1dc90725e
                • Instruction ID: d2640707c8c996a850cec602dab9513e41b8e55ab406a5d024de910236217cb1
                • Opcode Fuzzy Hash: f9d1eb7e8cb93e5dd7f2b7a8cdce25c611ee8d201c216222e7191fe1dc90725e
                • Instruction Fuzzy Hash: 14215C31E106198FCB51EFA8C444ABEF7F4FF98211F00426AE519E7350EB309A45CB92
                Function 067F4658 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb7d4ee65f46e3d4e4a03e0ce3caa1524eff5439e130b9ae9b4188a09527189e
                • Instruction ID: ae13e47292e6d09103af700bc13e1dc30d5eb1ac6fce1528d0b0793dd53a8538
                • Opcode Fuzzy Hash: bb7d4ee65f46e3d4e4a03e0ce3caa1524eff5439e130b9ae9b4188a09527189e
                • Instruction Fuzzy Hash: 65218D30B00615CFDB40EB69C448AAEBBF6EF89310F14415AE6199B361DB70ED80CBD1
                Function 067F8984 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0bc5884c2473d7b55877be7324d73473c99ba3192f2f16446ab4b10aca02ef3c
                • Instruction ID: 0d511bc65d2fe2613aa82857d915a3ae43642cccc400ef8364940941a4ccf19c
                • Opcode Fuzzy Hash: 0bc5884c2473d7b55877be7324d73473c99ba3192f2f16446ab4b10aca02ef3c
                • Instruction Fuzzy Hash: 5821F231A00205DFDB64EF6AC440BBAB7B2FF84315F10C429DA195B350DB35E984CB90
                Function 06842F4B Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2669df4c291608ccba5702e8b2b1c78088743cc14d1e60296082ef0dd53c94d1
                • Instruction ID: cbe49c032b5024beafa6afa9f8c3e2dda091c09c2cfd3378324b50e00c12b3ed
                • Opcode Fuzzy Hash: 2669df4c291608ccba5702e8b2b1c78088743cc14d1e60296082ef0dd53c94d1
                • Instruction Fuzzy Hash: 74217174A042098FDB44EF69C8908AEFBF5FF89200B518569E906E7351EB30ED45CBA0
                Function 009AD01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1354004741.00000000009AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9ad000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 248a597ab6d482a10a6ac0ad06bc804f16c9e5602cfae1b94fc27c0d6c02786f
                • Instruction ID: dea64070495edaf4d6e168717bfd2e2b2b7e5e85667f1b6b3b2eaf2e1b4d8053
                • Opcode Fuzzy Hash: 248a597ab6d482a10a6ac0ad06bc804f16c9e5602cfae1b94fc27c0d6c02786f
                • Instruction Fuzzy Hash: 46213471604340DFDB14DF20D9C0B26BB65FB89314F20C96DE80A4B682C33AD847CAA2
                Function 009AD1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1354004741.00000000009AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9ad000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6df7463d3c6979d4dc408ef78c342e000319158d83b8a4f0b60afd993757032a
                • Instruction ID: 8f275dde3a09dbeaa31864e87689db9e928dfc5b85a1a23bfc3bf404883125bb
                • Opcode Fuzzy Hash: 6df7463d3c6979d4dc408ef78c342e000319158d83b8a4f0b60afd993757032a
                • Instruction Fuzzy Hash: 48212671905344EFEB05DF10D9C0B26BBA5FB85314F20C96DEC1A4B692C33AD846CBA2
                Function 067F8A30 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e328ae6efaeda4f612511b0a0bcf49a6452da131e7020d1e7d62dcd53e1a280
                • Instruction ID: ed8150a0296a8a76e8df581e57b9d5c2edb9cd6d27e3f997838ba684f24c5bef
                • Opcode Fuzzy Hash: 0e328ae6efaeda4f612511b0a0bcf49a6452da131e7020d1e7d62dcd53e1a280
                • Instruction Fuzzy Hash: 892125B1D01349DFDB10CF99D884BEEBBF4EB48314F14842AE619A7300D375A944CBA5
                Function 06846140 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29e73f75239034a6ab54215ac8ff23f1a069669fa6a3d2a5a10c182a36aa1b1f
                • Instruction ID: b67c2eb01fa2cfb83ac044cb1ed4c185f2b6e4591cc66e1b01c64460aaca9599
                • Opcode Fuzzy Hash: 29e73f75239034a6ab54215ac8ff23f1a069669fa6a3d2a5a10c182a36aa1b1f
                • Instruction Fuzzy Hash: 4F212434B0021CDFF794AE689805A2E77E7ABCD611B10443AD607E7382FE30DD818BA1
                Function 06842F58 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1334592640ce7c110b0ae52e97a39275f117ae1e09db3859e7b6b44842799dea
                • Instruction ID: b50467ef0023c6a6be392a940aaf852bc309b299272f801749be1cec4ed57037
                • Opcode Fuzzy Hash: 1334592640ce7c110b0ae52e97a39275f117ae1e09db3859e7b6b44842799dea
                • Instruction Fuzzy Hash: 87211075E102098FDF44EF69C8908AEF7B5FF89200B518669E905F7351EB70EA45CBA0
                Function 0684AD4B Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e32083c96e86f2c055ab31a23fb5ad15e2f9a19f10285b7b3af35b4152890a2
                • Instruction ID: 7acbbfce697162b221cb194776b1837246fe97bac69b608bcd3579f6ee008b4f
                • Opcode Fuzzy Hash: 5e32083c96e86f2c055ab31a23fb5ad15e2f9a19f10285b7b3af35b4152890a2
                • Instruction Fuzzy Hash: 71319174E0021DCFDB08DFE9C8849EDBBB5BB89305F10812AD929AB255D7316905CF50
                Function 067F4F17 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4b55c688999243ba484d94af6e712190825e9d63746dae1acd5871c645d58fd
                • Instruction ID: 91878ebb21285a60f159af586b364625c18d5818200b882cdd89e6a39be30efe
                • Opcode Fuzzy Hash: c4b55c688999243ba484d94af6e712190825e9d63746dae1acd5871c645d58fd
                • Instruction Fuzzy Hash: 2B213B75A002099FDB40CF59D8409AFBBF9FB88360B14842AF918D7341D731AD41CBA1
                Function 067F2780 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9dc1a013e42160d01da196b235640c23c76cef69156a3be0c8d15aac75e0313f
                • Instruction ID: 797e806289dc0039ebd020840a8000c9697ae77798d526bf8c71f9d2778ac1d2
                • Opcode Fuzzy Hash: 9dc1a013e42160d01da196b235640c23c76cef69156a3be0c8d15aac75e0313f
                • Instruction Fuzzy Hash: FA1119307206508FDB99F7398818A7D3296AFC9619B1444BDD20ACB3A0DE36DC42CB95
                Function 06846130 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dd313f82bdeeb79d030139a3e086f88d161b0884841c96bcf163ff5df0234fe7
                • Instruction ID: a0484ef5a2de0c1c2a8c244d6c18153a62370836374f90bd4744a8d8d9f18d24
                • Opcode Fuzzy Hash: dd313f82bdeeb79d030139a3e086f88d161b0884841c96bcf163ff5df0234fe7
                • Instruction Fuzzy Hash: C9113A34B04218DFE794AF789805A6D7BB6EB8E205B14443AD607E7342FB30CE418792
                Function 06848188 Relevance: .1, Instructions: 67COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 32084feef615b4d62a900eacfcc4b10ddb696ea43d4c7b95d37a069cb5bad960
                • Instruction ID: ae013cd8d2be1fd5b314246bf71e90083ac12b58dc890e800e21aedadf0bd838
                • Opcode Fuzzy Hash: 32084feef615b4d62a900eacfcc4b10ddb696ea43d4c7b95d37a069cb5bad960
                • Instruction Fuzzy Hash: B421C0B1A0471ECFE794AFA9DD4177EFBB0BB85304F00012BA226E6181D634D954C796
                Function 06844BE8 Relevance: .1, Instructions: 67COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 60de1494ac8bb3792e1cded687396a5d0d341a1be43856eaaa2e36c60a07489b
                • Instruction ID: 82abf7e9f41667546c3c713f211860d022e4e365506feadf606b7a78b5f11f4c
                • Opcode Fuzzy Hash: 60de1494ac8bb3792e1cded687396a5d0d341a1be43856eaaa2e36c60a07489b
                • Instruction Fuzzy Hash: 611190317082288FEB546BB5D45933E37D2EB88216F14856BE507C73CADE398C02CB62
                Function 06844B51 Relevance: .1, Instructions: 67COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 592d541e503c0664bf59daf83e1bc3473c027b270c4c8b94c1524e7b0b277067
                • Instruction ID: 4c75f5febc0a159ca68d94741bf5dd8138171924be34c8b96354a01170e5daa0
                • Opcode Fuzzy Hash: 592d541e503c0664bf59daf83e1bc3473c027b270c4c8b94c1524e7b0b277067
                • Instruction Fuzzy Hash: D61172357042288FE7546AB5D41933E37D2EB88212F14856BE507C73CADF398C01CB62
                Function 067F89D4 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 80709569f272d36fa0d8a1450d5a1e8ee8a613abc6ef4eeb59ac05450bcbe728
                • Instruction ID: 868932da76516244ad425285f27d873bff3ac66c1f584d419450a4c6dd1fddb6
                • Opcode Fuzzy Hash: 80709569f272d36fa0d8a1450d5a1e8ee8a613abc6ef4eeb59ac05450bcbe728
                • Instruction Fuzzy Hash: 3E21F2B5D013499FDB10CF9AD884BEEFBF4EB48214F14842EEA19A7340D375A944CBA4
                Function 067F9598 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a787598c4a8b33e3c12dff50e1fbd2fa295ece638d01c2fe39baba997f67dea4
                • Instruction ID: de9913d289939a3ab3970796aed9e9b2812943d07f0f4770b77d6643dcb060c2
                • Opcode Fuzzy Hash: a787598c4a8b33e3c12dff50e1fbd2fa295ece638d01c2fe39baba997f67dea4
                • Instruction Fuzzy Hash: 6321FEB5D013499FDB10CF9AD884BEEFBF4EB48214F24842EE919A7700D375A944CBA5
                Function 067F8AB0 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a92ac7357d09ab03f86acc8813e9eb29e82eb9e400099a0ed81a5b28534320b
                • Instruction ID: 8a16d99e62fb3b44b69d71fe793acfd5a5faa73304f08361709c8ca69970e1eb
                • Opcode Fuzzy Hash: 4a92ac7357d09ab03f86acc8813e9eb29e82eb9e400099a0ed81a5b28534320b
                • Instruction Fuzzy Hash: 3111B231F14146EFCB926B95D9449FD7FB0EB41300B2088A5C64EB3384E27085318B95
                Function 067F9868 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bf80e2f5a1000b5abb04f315f006e3ded6ea1d5d450fc39ea2eeec49252341dd
                • Instruction ID: f92c6cb26e22165d6e2e8f6acd05e365db2b885b8f857b5f6cd869d6486bea9e
                • Opcode Fuzzy Hash: bf80e2f5a1000b5abb04f315f006e3ded6ea1d5d450fc39ea2eeec49252341dd
                • Instruction Fuzzy Hash: 091190717106048FC780EB78D844E6EB7EAEF89214B10496DE546DB360EB30EC45CB91
                Function 0684C940 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 66fdba6b61510448d0fd8444e294d963ac0259ec562249cd36cfb642aab7d143
                • Instruction ID: 83115707b1584bcbabcb77c758f9d5b758d4c42b5a0d91c50ad6eaddb6499d99
                • Opcode Fuzzy Hash: 66fdba6b61510448d0fd8444e294d963ac0259ec562249cd36cfb642aab7d143
                • Instruction Fuzzy Hash: 07118B7094F24CEFE780EF54C8015BDBFFDAF8A20DF14A695D499A6252D3324A41DB80
                Function 06848179 Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49a89e49cc4c04b4460af7c168868cebcc33e1fd105a0b070feae4636de2d080
                • Instruction ID: ab41cdb532753fcc480ef1d4d54d34cd9113fa1ac9eee0d65215b6e200da9808
                • Opcode Fuzzy Hash: 49a89e49cc4c04b4460af7c168868cebcc33e1fd105a0b070feae4636de2d080
                • Instruction Fuzzy Hash: E611DFB190462D8FE794AFA9CC8167EBBB1FB84304F000127E625E6281D234C954C7D2
                Function 067F9878 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e3e8174da40439531569395369d9f32e8ba4c27b386ea38820b068be557f03a3
                • Instruction ID: e5acd38525a8d9f539a085b3e4297576a0e229a9b573ff8b9128a064dbd8932e
                • Opcode Fuzzy Hash: e3e8174da40439531569395369d9f32e8ba4c27b386ea38820b068be557f03a3
                • Instruction Fuzzy Hash: A0119E357106008FC784EB7CD848E6EB7EAEF89610B14456AE606DB360DF31EC05CB91
                Function 0684F498 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6df61e56cf77a055d9820202379d2c32139fc4942dfa6be2a75f94fc09e3b10e
                • Instruction ID: 39e2ce33ab6a646172607019af6b409ee20b1152f9683059d28533d9016e61ad
                • Opcode Fuzzy Hash: 6df61e56cf77a055d9820202379d2c32139fc4942dfa6be2a75f94fc09e3b10e
                • Instruction Fuzzy Hash: 8D118F30F0020C9FEBA4AE79A91477F76A2ABC4650F15812DAB06D7350EA348901CBD0
                Function 067F9670 Relevance: .1, Instructions: 60COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9bd7960d9f5b692327e1960b2fc236eed4081d8ddf6be30418786789637ae3ba
                • Instruction ID: eaaf472f7b644a099d820031b2af66091c84a6e48d768b20a7e47512b19ec601
                • Opcode Fuzzy Hash: 9bd7960d9f5b692327e1960b2fc236eed4081d8ddf6be30418786789637ae3ba
                • Instruction Fuzzy Hash: B101D4337146104FE36097B9A880F6AB7D6EBC426A715447AF709C7360EE21DC02C3E1
                Function 06843700 Relevance: .1, Instructions: 60COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8c00834d9f8fa89a03d065025cdb35ae3b33e6e62c035dddf580c9adf0ff455c
                • Instruction ID: f388de8412d071e555d4573ec55e63f32a608cc2f5af05378be83da075794898
                • Opcode Fuzzy Hash: 8c00834d9f8fa89a03d065025cdb35ae3b33e6e62c035dddf580c9adf0ff455c
                • Instruction Fuzzy Hash: 5711AC32B043048BDB24BA79E85469EBBA6EFD5260B10493ED606E7240EF35DD468791
                Function 0684AC60 Relevance: .1, Instructions: 60COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 74f33d39cd6a25df8fe13a607cf9fd0de8db5233f049515a14ad6c43e4826a39
                • Instruction ID: e4460f56da2be16347c188bbfa2b60a0c968236d3accd7e66a38c9128efbd40e
                • Opcode Fuzzy Hash: 74f33d39cd6a25df8fe13a607cf9fd0de8db5233f049515a14ad6c43e4826a39
                • Instruction Fuzzy Hash: FE214D70D0475D8BEB58DFA6C85429EFBF6AFC9314F04C02AC815AB394EB740846CB91
                Function 009AD006 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1354004741.00000000009AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9ad000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3242f3cb1000b080ab6e6081e6327fd48361ff15cd3326563f3c48ebcdfd77cf
                • Instruction ID: 3efdd403392591261e15542a91afd8482ac222cdc65d99ef23d87d28693f9040
                • Opcode Fuzzy Hash: 3242f3cb1000b080ab6e6081e6327fd48361ff15cd3326563f3c48ebcdfd77cf
                • Instruction Fuzzy Hash: F021A1755093808FDB16CF20D994715BF71EB46314F28C5AAD8498B697C33A980ACBA2
                Function 0684C028 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 63bc87a8863203df81c7a530f0fe522b9b28978fd8c6fac4eeff932a503d3b1a
                • Instruction ID: 179f9b9db445273a4fc161082d446ec87bda79a8ae41e594dab3c15ccddd3af7
                • Opcode Fuzzy Hash: 63bc87a8863203df81c7a530f0fe522b9b28978fd8c6fac4eeff932a503d3b1a
                • Instruction Fuzzy Hash: D421D334A0921CCFDB90EF94D581AECB7BABB59310F50A695D409F7215C730E880CFA4
                Function 067F17C0 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e3ff454dacc2c49ddb8b24ddb33a289fc7ae66e7e2d30aee39f24fe9e34f986
                • Instruction ID: 955b684d748a37c8cb56e36ae8131ac5fcc74a426befa6c4d74a5b61930f4398
                • Opcode Fuzzy Hash: 9e3ff454dacc2c49ddb8b24ddb33a289fc7ae66e7e2d30aee39f24fe9e34f986
                • Instruction Fuzzy Hash: 8021F2B59003499FDB10CFAAD884ADEBBF4EB48320F14842AE919A7300C375A954CFA5
                Function 067F6A13 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b3a4aba1a4e9aef7cd2957b4f03116ecece898c870e3e87ef575da6ec92e516
                • Instruction ID: 71788ff9ed5ae59f70caefb743e1e94d941f29dc578d1524202c5d45a5eea676
                • Opcode Fuzzy Hash: 6b3a4aba1a4e9aef7cd2957b4f03116ecece898c870e3e87ef575da6ec92e516
                • Instruction Fuzzy Hash: 17118B75A003989FEB11DBA4CC40ABFBBF6EF89204F00846AD559A7351E7349905CBA2
                Function 068454B9 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 038f789f25ab99ca52dc885ba4cfbace1c07bf69176d9b7f3655920192894b86
                • Instruction ID: e601b6062951f621e3c34dc276362bd99659e3c001f65ccc754db58056b9357f
                • Opcode Fuzzy Hash: 038f789f25ab99ca52dc885ba4cfbace1c07bf69176d9b7f3655920192894b86
                • Instruction Fuzzy Hash: 5901457260C26C9FD3709B6CE88173EBFE9FB46251F164563E155CF582D228C9A1C3A2
                Function 067F75B0 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04727eec53ee2a1d1a0294901ba448a32ecb8fc195f9a197f12db650cb4c0451
                • Instruction ID: 88801489e72e2c45d6614ce18a7a1bad77d17a728422c538ec3d9d8a1fdeb467
                • Opcode Fuzzy Hash: 04727eec53ee2a1d1a0294901ba448a32ecb8fc195f9a197f12db650cb4c0451
                • Instruction Fuzzy Hash: C91199B5E0061A9FCB44DFADC4449AEFBF1FF88310B10816AE958E7315E7359A11CB90
                Function 067F2B08 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8ce2be33f21b303fc6e60c1a36558adbb3ac123d14a01121a98136df2a884d7
                • Instruction ID: d0a4fa9d425b9baab4f54d8c977b3c3a604f0e335e94ac5bd45d1e70c5df3d00
                • Opcode Fuzzy Hash: b8ce2be33f21b303fc6e60c1a36558adbb3ac123d14a01121a98136df2a884d7
                • Instruction Fuzzy Hash: 641149349006199BEB50DBA8C8407FFB7F6FF88314F004829D569A7250E7349941CB92
                Function 0684C620 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b2af1ad35897ec1edbe244c5ffd90e7c20cea1ceaf431b1a64982999add30e2
                • Instruction ID: bae7d553273c22b1ec7ad1c21a56b8489ad9ea4b0892ebfd5603d00177d1811d
                • Opcode Fuzzy Hash: 4b2af1ad35897ec1edbe244c5ffd90e7c20cea1ceaf431b1a64982999add30e2
                • Instruction Fuzzy Hash: 351114B4D0620ECFEB44DFA9C4455BEBBBABF89304F10D169D608A7215C7349981CF90
                Function 0684AC70 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c2c5537fc5f06a265a820f7f0a6bf2d926759a26f029b81f73d528649c72ddb
                • Instruction ID: e78c99bb7b2fd83af16bc5f5372e5851b40c3476937840d872043ad6bd6c45d3
                • Opcode Fuzzy Hash: 3c2c5537fc5f06a265a820f7f0a6bf2d926759a26f029b81f73d528649c72ddb
                • Instruction Fuzzy Hash: 2F110774D0065C8BEB58DFAAC8452DEFBF6AFC8304F04C02AD419AB358EB701806CB91
                Function 06848290 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 883dc01ee403c5b495e5e66c50aa024360fb7fb6b81fb1fb6ad8620f8c908780
                • Instruction ID: 29eb0e75eca6459870b090368519e525ecf233db059ad6bb756feaeab64c3cdb
                • Opcode Fuzzy Hash: 883dc01ee403c5b495e5e66c50aa024360fb7fb6b81fb1fb6ad8620f8c908780
                • Instruction Fuzzy Hash: 5901D2B0B80619EFE3646B658805B3E7397AFC8B10F51806AE602DF395CDB1D8418B86
                Function 009AD1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1354004741.00000000009AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_9ad000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 06b47feca94270b740618d68776718196dc6443b68f0699b06cace4f2b94ebc2
                • Instruction ID: 64ef936178bdf1ccf1fe8fadd4c18e615a3bbac3f4f592d35718ba2c4eaecf36
                • Opcode Fuzzy Hash: 06b47feca94270b740618d68776718196dc6443b68f0699b06cace4f2b94ebc2
                • Instruction Fuzzy Hash: 2011BB75504280DFDB16CF10C5C4B15BBA1FB85314F24C6AADC4A4B6A6C33AD84ACBA1
                Function 067F75C0 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 596212710cb78965f54bed90e06c2c57a0c63ad97f99a65b02e1a4999f13f24f
                • Instruction ID: 220dcb931233a7c916be5a73bfa5367677b69de608051522d64fb2d7fb0bd6b8
                • Opcode Fuzzy Hash: 596212710cb78965f54bed90e06c2c57a0c63ad97f99a65b02e1a4999f13f24f
                • Instruction Fuzzy Hash: 98119BB5E0051A9F8B44DFADC9449AEFBF5FF8C310B10816AE919E7315E7309911CBA0
                Function 0684C5CB Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a8066fb803d48c9c365b649907d6ab325bdc40802dcda063f45c6f9f852602b
                • Instruction ID: b0dc18a58256f14d91a3be49ea323e08b9913cfb90c851aae2145565ba9e2e51
                • Opcode Fuzzy Hash: 7a8066fb803d48c9c365b649907d6ab325bdc40802dcda063f45c6f9f852602b
                • Instruction Fuzzy Hash: 231158B0D09309CFDB54DFAAC9405AEBBFAAF89314F10C16AC158E7251D3348941CF90
                Function 0684C08A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09872c08e8647206fa31fe92b4d4892790bd2a26a52170a97b39a39112c539c1
                • Instruction ID: 986809590df8ae779f160740aa1216151cae6e2b3304313c36b3e650c55e2876
                • Opcode Fuzzy Hash: 09872c08e8647206fa31fe92b4d4892790bd2a26a52170a97b39a39112c539c1
                • Instruction Fuzzy Hash: D9113A34A0821DCFDB90EF94C481AFDB7BABF89310F00E195D40AA7215CB30A944CF90
                Function 067F6A20 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cde38f9a0ebbb451de9da4f6b33a6dbf77353930958cf60dbdd934b6f14d5821
                • Instruction ID: 162ac8b92d4225e395135d70d12e68032b1719c003f8b6ca4581c7d54f9f1c71
                • Opcode Fuzzy Hash: cde38f9a0ebbb451de9da4f6b33a6dbf77353930958cf60dbdd934b6f14d5821
                • Instruction Fuzzy Hash: 36117074A006589BEB10DBA5C840BBFB7F6EFC8304F008429D519A7350E7349906CB92
                Function 067F2B18 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 91259671df86d3308c15e58db8861014248aab57c6160194aeec809490b1f647
                • Instruction ID: 487ecbcf39368a6a97a5870122734f47151d84c3c9ed47c3e01358e35b5a8471
                • Opcode Fuzzy Hash: 91259671df86d3308c15e58db8861014248aab57c6160194aeec809490b1f647
                • Instruction Fuzzy Hash: 5D115A34A006189BEB10DBA9C8407FFB7F6FF88311F004828D969A7350E7349941CBA2
                Function 067FA7F0 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29b664d234b9204317169ca03a95a438f23d69a701fa7e37884ab6a1d257b811
                • Instruction ID: 689f208b3dbd79586da4ca3d23ff06a613ed87854dc9f2df4f2c2556ca631125
                • Opcode Fuzzy Hash: 29b664d234b9204317169ca03a95a438f23d69a701fa7e37884ab6a1d257b811
                • Instruction Fuzzy Hash: D601F971F18256EFD7936BA5D944AE97BF0DB81310F148865CA8EE3380E3B08516CBD4
                Function 068425F7 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da95b5be02ebaec30a301036541832fc3bda3aaf5a4c2b8e5cf5c68ed48edac9
                • Instruction ID: 1a8987d7e39c8dc2b5db7aae1f30ab79cbb649389bd92eb483a3d6ec03711196
                • Opcode Fuzzy Hash: da95b5be02ebaec30a301036541832fc3bda3aaf5a4c2b8e5cf5c68ed48edac9
                • Instruction Fuzzy Hash: 25118E70E1461A8FEB84EF68C8116AEBBF1AF44314F108529D615F7350EB749A05CB85
                Function 068481A7 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b7e9dae8175a59b7877f8fadac8cfb06ee6a8bd92aa4f09f9274ec13df3aa18
                • Instruction ID: 8d8a661e2ae7b546c78da7df1a11497b6a92abf912fe2c1be8ea8edb647e6c91
                • Opcode Fuzzy Hash: 7b7e9dae8175a59b7877f8fadac8cfb06ee6a8bd92aa4f09f9274ec13df3aa18
                • Instruction Fuzzy Hash: 3A018CB1E0462ECBE784AFA8DD8177EF2B1FB88309F004123A626E6181E634D950C795
                Function 0684C9B8 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a504a087f62f7c4f67f2f7a9ee09f493f32d053066335704a0ba13879e0be00
                • Instruction ID: 4129db4a78ee057f67ffa0de1f2b5f600279b94c4c3136fdd5ed93cfef0bc488
                • Opcode Fuzzy Hash: 3a504a087f62f7c4f67f2f7a9ee09f493f32d053066335704a0ba13879e0be00
                • Instruction Fuzzy Hash: 2F018C74A09148EFDB40EFA8CA55AADBFF9AF49304F15C095D549AB352D6308E00DB80
                Function 067FCAF0 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 571f999b6a27d6798b4f9353d4aa22270d2fdc8fcbc1c35c05c67bf761e0c3ea
                • Instruction ID: 28971cb6420c338142e854711b79a139083ee5f1b85a21b11ac62218e35756bd
                • Opcode Fuzzy Hash: 571f999b6a27d6798b4f9353d4aa22270d2fdc8fcbc1c35c05c67bf761e0c3ea
                • Instruction Fuzzy Hash: 83016276A105089EDB40FA58E8459EEF778EBC5211F408266D6146B204EB316A59C7A1
                Function 0099D745 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1353905323.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_99d000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af6ab18f5dff6c9bf34c6aace4c4f69faa128a42721c489e15a3d2d00a4cb376
                • Instruction ID: 540c223c47511b0b37429e31e27f7fcc3442afa0aa2189bea9f2998ba5d03fb3
                • Opcode Fuzzy Hash: af6ab18f5dff6c9bf34c6aace4c4f69faa128a42721c489e15a3d2d00a4cb376
                • Instruction Fuzzy Hash: 1C012BB10063809FFB104EA9CCC4B67BBDCDF41324F18C52AED094F282D2799840CAB2
                Function 067FBADB Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1407913003805330e0808f7099c84231b53b555b259b4bff50fc3642f4303954
                • Instruction ID: f376dbe598991c269872140c1755f1ab1127350bab02bec813d30dfa00285990
                • Opcode Fuzzy Hash: 1407913003805330e0808f7099c84231b53b555b259b4bff50fc3642f4303954
                • Instruction Fuzzy Hash: 0901D83291074A9FCB01AF74CC448DAFB75FF85304B11876AE14567211E770A599CB90
                Function 067FB218 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9164a110acc2f618eb726f91ec3c76cbdf3de836304da291fa971ef27d0f923
                • Instruction ID: 3b86e577d0ff1db9a8b26f395e36e4279f03315f1235182045077de7cef59a23
                • Opcode Fuzzy Hash: e9164a110acc2f618eb726f91ec3c76cbdf3de836304da291fa971ef27d0f923
                • Instruction Fuzzy Hash: 9E11D730220605DFE7A4DF28D484FA573E6BB05604F0099AAE29ACB331DF70B848CB91
                Function 067F0BB1 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 570ef0c0a6ffa19c412a81613bdce06aa9ec251bbe21cf311f8a684e0fba33ff
                • Instruction ID: 5610ab224eea52263170d61d05e81b98056593876e4bbdea69209c91045f7e40
                • Opcode Fuzzy Hash: 570ef0c0a6ffa19c412a81613bdce06aa9ec251bbe21cf311f8a684e0fba33ff
                • Instruction Fuzzy Hash: F01199B5D0061DAFCB40EFA8C9415EEBBF5FF48210F10855AE958A7210E7705A51CBA2
                Function 06843600 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5aeb452b37ce34321e78d4c0f99a5cde234c1f6e7a9772909a9ccfb8d348ceb4
                • Instruction ID: 82aefcbcb5c1f916f638021711626c21f611aa09cdd923450716ed64612ab106
                • Opcode Fuzzy Hash: 5aeb452b37ce34321e78d4c0f99a5cde234c1f6e7a9772909a9ccfb8d348ceb4
                • Instruction Fuzzy Hash: EC01DA72D1420E9FDF50DF99E9459EFBBB8EB48310F104126EA18F7240E730AA14DBA1
                Function 06842608 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e9ca2d6bf66a094717726e53399b228e0f058b9ca103a3a811b77ad9421f6e3
                • Instruction ID: 018e2b3dfbdc409f47a8514c7db7d581d95491989e12f2a98ebf89ea02d33c35
                • Opcode Fuzzy Hash: 8e9ca2d6bf66a094717726e53399b228e0f058b9ca103a3a811b77ad9421f6e3
                • Instruction Fuzzy Hash: D8018C70E1460E8FEB44EFA8C8116AEBBB0AF48344F008129D615F7394EB749615CBC1
                Function 0684C647 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed3e1f61fe697b5a59812be90c62c40c14069ad745f41f158e7acf03a378863e
                • Instruction ID: 5c36ef92a78fe7d3e831c234274efb18a547ef7f3e67455c7f2bc083008bbb2c
                • Opcode Fuzzy Hash: ed3e1f61fe697b5a59812be90c62c40c14069ad745f41f158e7acf03a378863e
                • Instruction Fuzzy Hash: E8014BB0A0E20DDFE780EF58C5818FDBBBEBB5E215B11A185D609DB212C3319941CBA4
                Function 0684D870 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b4847f561e7f237e1da605bd31224820c2d14b67bd11e101d286139cc58548e2
                • Instruction ID: 12da55f12cd503dadd2dd49d94c51aeca353042d4612435d6cd39aeddbc7d57a
                • Opcode Fuzzy Hash: b4847f561e7f237e1da605bd31224820c2d14b67bd11e101d286139cc58548e2
                • Instruction Fuzzy Hash: F3113974D0025A9FCB90EFA8D8506AEBBF1BF48300F20859AD994E7381D3349A40CB91
                Function 067FCF63 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 54d079a91d5d70e279de4ca6621c8bf4d8160f66f92a74a0051aef5b09c04c7f
                • Instruction ID: 7f0e2fe960bed8fb88c3afc175868030eb7c9aea53e504c871fc23cd5d5ae9e0
                • Opcode Fuzzy Hash: 54d079a91d5d70e279de4ca6621c8bf4d8160f66f92a74a0051aef5b09c04c7f
                • Instruction Fuzzy Hash: 9301813130421AAFDB014F54DC1486EBFBAFB8C210710812AFE15C3321DB728C25DBA0
                Function 067F62B8 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7e70e164763776d24504c84b38523e5544370c0d7256e74bbecdc73b6879dc02
                • Instruction ID: 6bd536818d5ac409bfbaee650fa92186f2553ef0129d5498daa34ac4c3acf055
                • Opcode Fuzzy Hash: 7e70e164763776d24504c84b38523e5544370c0d7256e74bbecdc73b6879dc02
                • Instruction Fuzzy Hash: 89016D75B206018FEB58DF29C450E6A77E6EFC42257118469E646CB724DB31EC02CB50
                Function 067FE891 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cbd273ccbead144127a0195cb7c839d778d4166ba9d27172c14467d0315f893c
                • Instruction ID: 36e9b4336f2fded214b4f08af1de92fd933579f8689f093d2724505c4d9b608a
                • Opcode Fuzzy Hash: cbd273ccbead144127a0195cb7c839d778d4166ba9d27172c14467d0315f893c
                • Instruction Fuzzy Hash: E6111734210641DFD794CF38C484FA577E6BF46204F0588AAE29ACB372DF70A849CB91
                Function 067F99A0 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b9796fbeb0075352c0e48a08e78bacd6ca6d94ac4b0542140148be9a99c38cad
                • Instruction ID: 3ca498ad08d83488c4b9205736e0501694091172afa8c9dbe04569d4f19266b3
                • Opcode Fuzzy Hash: b9796fbeb0075352c0e48a08e78bacd6ca6d94ac4b0542140148be9a99c38cad
                • Instruction Fuzzy Hash: CBF04431F202204FDB549B7AD458F2ABBDAAFC5751B0680B6FA45DB3A1DD65CC408B90
                Function 068435F3 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 422089fc6002694e5e39daa8cde69c5805c6ce0fc3b9b777693b7c719a71512e
                • Instruction ID: 26d8eb2833b0cbeb6602105e79b10db8cb7758322f97dfac401bb46d12cc532c
                • Opcode Fuzzy Hash: 422089fc6002694e5e39daa8cde69c5805c6ce0fc3b9b777693b7c719a71512e
                • Instruction Fuzzy Hash: C7012C72D1420A9FCB11DFA5D8419EFBBB8EF08310F10412AEA44E3241D6346A148BA1
                Function 067F1FC0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f0e28c8b6426190257944686323da806eba8f12fdf3afff5b0ae970903cdedbf
                • Instruction ID: eb00faed6eed30c3e0f2ca5977762c91b8fd72c5bb89b243f340f765388dba53
                • Opcode Fuzzy Hash: f0e28c8b6426190257944686323da806eba8f12fdf3afff5b0ae970903cdedbf
                • Instruction Fuzzy Hash: 31018635A00604DBDB01EBA8D848CEEF7B9EFC9310F418659E90557350DB706941C6E1
                Function 067F62C8 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af63d328b9d146dcf8aab9f326c2e27358fc57c41f63b5f8c2cdb093d88c9d7f
                • Instruction ID: 096586a0d2fa51b294082afc3e023d4077c5beeccdbeb6b619af896224d0b571
                • Opcode Fuzzy Hash: af63d328b9d146dcf8aab9f326c2e27358fc57c41f63b5f8c2cdb093d88c9d7f
                • Instruction Fuzzy Hash: 64F08C35B206008FDB58EF3AC460D6E77E6AFC42207118069EA46CB324DF31EC028790
                Function 067F1568 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef0ff8c1a325b94a250251fa7bd170fd58bdfc80d405e36b5f35c7cc970f716a
                • Instruction ID: 6a7c2777a118ddb2fd61362fe8fdfcb0e516e777a054326a882fb9a1b8462dd8
                • Opcode Fuzzy Hash: ef0ff8c1a325b94a250251fa7bd170fd58bdfc80d405e36b5f35c7cc970f716a
                • Instruction Fuzzy Hash: FBF0FC30116390CFF352A77C9460BDB77A5EFC6214F0404AAC1568B342CE21E849C7D6
                Function 067FCB6B Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9449df5ce5f1fc9f3315f94150c40d24285c63d679570ddcf4232e6fcbd9a582
                • Instruction ID: 40b42720da072933319eb2524594a78bf468b5c20873a6e59577702d32125f6d
                • Opcode Fuzzy Hash: 9449df5ce5f1fc9f3315f94150c40d24285c63d679570ddcf4232e6fcbd9a582
                • Instruction Fuzzy Hash: 51012D32D107188FC711AB6CD414895BB79EF92315705867FD545EB200EB369858C7D0
                Function 067FBAE8 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f049751e5124d98353839908e24feb7bff8f4651344f99f1e3be5fcda828e4bd
                • Instruction ID: b956b6aea040a32a85fca8a08df6a5cd4a700950e37a1adcc37a692e6967ec89
                • Opcode Fuzzy Hash: f049751e5124d98353839908e24feb7bff8f4651344f99f1e3be5fcda828e4bd
                • Instruction Fuzzy Hash: D701813291060AEFCF10AFA5DC448DAFB76FFC9304F118B29E10567220EB70A599CB90
                Function 067FD2C8 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b6ee1037f6c267e7ba4b393f5ea520c42d28c65ff5df259e69d9fa1c27888c8
                • Instruction ID: e2880dea74cbfb752ece927c936c969558da022d516aeb4dadc9ee6241494d8e
                • Opcode Fuzzy Hash: 3b6ee1037f6c267e7ba4b393f5ea520c42d28c65ff5df259e69d9fa1c27888c8
                • Instruction Fuzzy Hash: 20F0F932200109BFDF069E95EC45CAB7FBEEB8C261B108015FA4689110C7728C66EBA1
                Function 067F0BC0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8795289646690bd54c1dedd694295fd8a0d1bd9375c6fdd3e6893044c514cc02
                • Instruction ID: 555abce7363886be233bc47d5aaa8f251c62bae97362bd908baeace7b0ee6068
                • Opcode Fuzzy Hash: 8795289646690bd54c1dedd694295fd8a0d1bd9375c6fdd3e6893044c514cc02
                • Instruction Fuzzy Hash: 3B0167B5D0061DAFCB41EFA8C9409EEBBF5EF48210F10855AE958A7310E7709A509BA1
                Function 06843680 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: beb2efba272c8fa4b897c8d8de698fa762f5882d21d1b0be9357352f6d8d680a
                • Instruction ID: e8a520fbb3e341dd8db6c6caaf70819e864201eb54784954cedd280d754a2678
                • Opcode Fuzzy Hash: beb2efba272c8fa4b897c8d8de698fa762f5882d21d1b0be9357352f6d8d680a
                • Instruction Fuzzy Hash: 22018631A0062E8BCF04FBA9DC148DDB3B5FF88210F018515DA1577250EF306A1587D1
                Function 0684C950 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 33df95159dd638ad5bed8fcda78500a5eb39f34cb0c05bd233bde8394e9cb792
                • Instruction ID: a391ed0bc09e9032776ebace953cd15e9155cea5c99dc5e61b283e5005715255
                • Opcode Fuzzy Hash: 33df95159dd638ad5bed8fcda78500a5eb39f34cb0c05bd233bde8394e9cb792
                • Instruction Fuzzy Hash: 11F03C7090F20CEFE784EF55C5419BDBBFDAB8A30CF14A1A59509AB212D7319A41DB84
                Function 067FF890 Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 374c5ad179ab92052161f58f3eec5135b4999ba51cee44b90cf9adb4621a7622
                • Instruction ID: 06039265b59835ccedbf4e2004594f7e833feb67183cef8760939630f3a77712
                • Opcode Fuzzy Hash: 374c5ad179ab92052161f58f3eec5135b4999ba51cee44b90cf9adb4621a7622
                • Instruction Fuzzy Hash: 0BF036367042419FD3659F59E408B5A7BA9EBD5761F10C03EE64ADB640CB35C816C7A0
                Function 06844649 Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8d69d97d52722d7bbda78167528f56d22e2bbf40c2c5846328ae878378bd2c3
                • Instruction ID: 9569924739e7301420602fbe3244792899fdd403c82acfea34d925b6282c5ceb
                • Opcode Fuzzy Hash: d8d69d97d52722d7bbda78167528f56d22e2bbf40c2c5846328ae878378bd2c3
                • Instruction Fuzzy Hash: C5F090363003045FD3A46F69E814B5A7BE5EBD5721F14C03AE659CB341CA31CD45CBA0
                Function 06843670 Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dfa194cf189b5db7b258815c9c917c5d0bed22c9f766a6b113b7fb9cb1c4faf4
                • Instruction ID: 689836ae4b026509f3d4388c4b9d1ed59fca3df7a2d77a3c3e27d22264be0b2c
                • Opcode Fuzzy Hash: dfa194cf189b5db7b258815c9c917c5d0bed22c9f766a6b113b7fb9cb1c4faf4
                • Instruction Fuzzy Hash: 36F0F032A006198BCF14BFA9C8045DEB7F5EF89310F018569DA46B3240FF30AA1586E1
                Function 0684DF8F Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 69973def7e5e8353d78bae24d87c631bc031b3884cab46c1b4fe4d17d1dc69c8
                • Instruction ID: dd91cfb6e1ca046890e250afc0ada260cc4945684af1ebe6d8e16abe819c29d0
                • Opcode Fuzzy Hash: 69973def7e5e8353d78bae24d87c631bc031b3884cab46c1b4fe4d17d1dc69c8
                • Instruction Fuzzy Hash: A501D17090824D8BE7B0BFB4D4087AD3FF9BF49305F009A29D6059A29ADE344946CB96
                Function 0684D880 Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad25be236a71232e11289221ea4c06a8374e2ae3cd30271600efd956c3d3e0d0
                • Instruction ID: d08cb6dd0756ef6b506c41f55224f55f94c53541a74f130b3d19bee545856ada
                • Opcode Fuzzy Hash: ad25be236a71232e11289221ea4c06a8374e2ae3cd30271600efd956c3d3e0d0
                • Instruction Fuzzy Hash: 5901A574D0025EEFCB90EFA8D580AAEBBF5BF48301F10859AE954E7341D7349A50DBA1
                Function 0099D744 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1353905323.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_99d000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb5ef5e7c7901ae3df3bd542441bb61cfd31abe26b7bafac2d0fee7d3fc80247
                • Instruction ID: b800b2a3f81138c94d10779442808847a12c40df2be2811ca92b42c7e466ca6a
                • Opcode Fuzzy Hash: eb5ef5e7c7901ae3df3bd542441bb61cfd31abe26b7bafac2d0fee7d3fc80247
                • Instruction Fuzzy Hash: F9F06271406344AEEB108E59CCC8B66FB9CEB91734F18C45AED495A286D2799844CBB1
                Function 067F6481 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0fdc3fa5405274512ed62c9fe8f048adf2e0fe8d9a85c535330692db9b742f09
                • Instruction ID: 995353be13035bc182f8755bb1d51f2a6492038a50c40de7a60fc4e400618b71
                • Opcode Fuzzy Hash: 0fdc3fa5405274512ed62c9fe8f048adf2e0fe8d9a85c535330692db9b742f09
                • Instruction Fuzzy Hash: 9CF090357002149FDBA4EB789814A7E37AADBC4314F14887DD15A9B381CE35A842CB95
                Function 067F321F Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 06eeb72285073433d8239d6012243b525035c10c53cdf729371224781907bad6
                • Instruction ID: 160db4d999864f1552dd6c8c4343dc4b051304591145048a9915c1bc874287ae
                • Opcode Fuzzy Hash: 06eeb72285073433d8239d6012243b525035c10c53cdf729371224781907bad6
                • Instruction Fuzzy Hash: 60F0B471510204BFDF48DF58DC41D9ABFFAEB04324F10816DE204D7320E631A941CB90
                Function 068436F0 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1db909a76cc4f3304f44b5e2bf4ba25ca5f79ffbb24220f9b79b74144a6504b2
                • Instruction ID: dbeaf1dad55dec22fccec75766704eead6de6eaf5bf5a68455883a25ee35181d
                • Opcode Fuzzy Hash: 1db909a76cc4f3304f44b5e2bf4ba25ca5f79ffbb24220f9b79b74144a6504b2
                • Instruction Fuzzy Hash: 17F0E232A083459FC724BA6A989085EBFBAFFD6220750457ED645CB201EF70E845C761
                Function 0684DFA0 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ea5036188137bd438e6d1f6ce2b324a5a01711167e7bdce028abb0483654c07
                • Instruction ID: 2180b28609bff619c0e0bfad87466a86e927da894faf85293fcc665a24eab21b
                • Opcode Fuzzy Hash: 5ea5036188137bd438e6d1f6ce2b324a5a01711167e7bdce028abb0483654c07
                • Instruction Fuzzy Hash: F4F0907090420ECFE7E0BBA8D5097AC7BF9BF49305F009A24D206DA355DE345846CB96
                Function 067FE6B0 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 21f46a05a8dc1a5ee9d9fdc68f313527b7274ff80a40d628a11394e31bd07282
                • Instruction ID: 174cd0ff74e9ea40e06f3ed0cfb690b4babc8d84aad2b4e0cb77d481b13935e3
                • Opcode Fuzzy Hash: 21f46a05a8dc1a5ee9d9fdc68f313527b7274ff80a40d628a11394e31bd07282
                • Instruction Fuzzy Hash: 04F03A32D112099FCB50EBAC99055AEBFF4EB95250F00422AE558E7200EA704A5ADB91
                Function 067F740E Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f192783b167eed7edd10923f17edc1cc9fcdfba4128d31eac7972aebd32d9f6c
                • Instruction ID: 74ae9f5641bc3d0a5e3cb39e66f28edc6b2e7075abb2d5a01acb30b19efa92b8
                • Opcode Fuzzy Hash: f192783b167eed7edd10923f17edc1cc9fcdfba4128d31eac7972aebd32d9f6c
                • Instruction Fuzzy Hash: BEF0272041A7845EE747A734DD119AE7F30DF07120B088B83D1829B293C614515BC362
                Function 067F6490 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c9a1005d1520e407e0bc3acc112396d3b9c07f79f9c049e311515e13dccb892
                • Instruction ID: ddbaf85bd34ed06987883dd39e54b336a5e14508e6d0c0eabdea2def7b15039d
                • Opcode Fuzzy Hash: 5c9a1005d1520e407e0bc3acc112396d3b9c07f79f9c049e311515e13dccb892
                • Instruction Fuzzy Hash: 1CF08231B002145FDFA8BB79D81063E77EADBC5310B108C3DD15A9B380DE35A8428B91
                Function 067FD2D8 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b2d33d32c2ebe67c67136556e967909439939a4957b34a132c8b26cb34400eb
                • Instruction ID: afd68d87b32880c1f9e2dbb3029a649bf1be50175a5017d56efc3e37bbfbfe8d
                • Opcode Fuzzy Hash: 6b2d33d32c2ebe67c67136556e967909439939a4957b34a132c8b26cb34400eb
                • Instruction Fuzzy Hash: 1AF07A76210119BF9F055E85EC44CAF7F6FEB8C2617108011FA05C6120CB728C75EBA1
                Function 067F3A98 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9181e3bd8ea583c4d4dd231b016a036bce205f93984b6728a8a5a584e723897a
                • Instruction ID: 55deb28cb30b2093fa58ab757801b79a917c5952f815510b7230af428fc1db8b
                • Opcode Fuzzy Hash: 9181e3bd8ea583c4d4dd231b016a036bce205f93984b6728a8a5a584e723897a
                • Instruction Fuzzy Hash: 73F0E7B0D0020AEFDB84DFA9C851AAFBBF9EF48220F108959D645E7201E77495458BE1
                Function 067F2961 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c30f095db0409c9d3de004848081ff28e98cbb3526eaf72998012b046b22df9
                • Instruction ID: 0802615b5cf4d5e83c5fe5a59642b61d8b8091b3ca207bc3d0b03b5a0055cc10
                • Opcode Fuzzy Hash: 2c30f095db0409c9d3de004848081ff28e98cbb3526eaf72998012b046b22df9
                • Instruction Fuzzy Hash: BCE09231B3031887CAD86BA8A81CB6A76DACBC86A0F144079E755C7341EDA14D0587E6
                Function 0684E317 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 86dcf46eb0d777e4490a1accb513c393085c9b764cbc18a366edc70b913491f5
                • Instruction ID: 26691c143981b492a8d90606d526db7fa0c1b514f7ffd4e2af748960ee9febe8
                • Opcode Fuzzy Hash: 86dcf46eb0d777e4490a1accb513c393085c9b764cbc18a366edc70b913491f5
                • Instruction Fuzzy Hash: 1CF0E774E0132ACFDF54DFA9E84559DBBB2FF89201B10852AE906E7314EB709842CF58
                Function 067F69B0 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a27f1592ab11ec8602aa4fff17209d83759d9ca503b5312b1e54920957f2c59
                • Instruction ID: 131b3e2e0e39082f27b58401f562a74a0ce1160f8bc6bb93b8c4ef2a9e55287e
                • Opcode Fuzzy Hash: 3a27f1592ab11ec8602aa4fff17209d83759d9ca503b5312b1e54920957f2c59
                • Instruction Fuzzy Hash: 11F0A9352523408BE364AB39C460BAAB3EAEBC5221F1448BCC69582280DE71BC46CB80
                Function 067F3AA8 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7cb81028dd698d46f7bf755d0004cded1ee70bce373a284739ac5abeb827e66d
                • Instruction ID: cf70803dacdab41bbc98cb98752b0af86fb4ca7f97af1a679702ddf64ca1d234
                • Opcode Fuzzy Hash: 7cb81028dd698d46f7bf755d0004cded1ee70bce373a284739ac5abeb827e66d
                • Instruction Fuzzy Hash: DBF03AB0E0020ADFDB44DFA9C801AAEBBF5EB48210F0089A9DA08E7300D7748500CBD0
                Function 067F8B08 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 55d132cb8414fe8641f4ab2fce1784ea7c0294fdc22ebed7a2bafe49206e76d8
                • Instruction ID: fa109dccbfbdc448ed70fbe39b47c643410d30ad08419ce31b35c89871b5b981
                • Opcode Fuzzy Hash: 55d132cb8414fe8641f4ab2fce1784ea7c0294fdc22ebed7a2bafe49206e76d8
                • Instruction Fuzzy Hash: 67F0A030609385CFD3569B3898549267BE5AE462003458CEEE15A8B362C632D885C752
                Function 067FAE01 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d93d0b72a1c6bbb5e3b611973f6b105c68a5d7f4d48a76161c543fb8b007576f
                • Instruction ID: 51ee9f1c1ef893741dcfc5d8affc621dd6959119d3bae84d7a2ab2eaa5e561fa
                • Opcode Fuzzy Hash: d93d0b72a1c6bbb5e3b611973f6b105c68a5d7f4d48a76161c543fb8b007576f
                • Instruction Fuzzy Hash: C3F02B31A00304CFC3A49F54E840955B7F5FB41325B10C8BED25D47751D332D880CB40
                Function 067F15A4 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 05418a7f426556090993f61b6d4579c1a6a07088d4addc251833c7786eb2d54e
                • Instruction ID: 9efc7d8aefef9726a4ef6a4d22c602da82b59d0b31dbaddb85bf092eaa84d5be
                • Opcode Fuzzy Hash: 05418a7f426556090993f61b6d4579c1a6a07088d4addc251833c7786eb2d54e
                • Instruction Fuzzy Hash: 2FE06D302563408BE354E73994A4FAA7396DBC5221F0048BDD61A87380DE72E845CA91
                Function 067F1584 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f0e6db0d2c474bbb96b103905c59dfb222081f6668e2f652be32e3564a30d24
                • Instruction ID: effb1ff926685d70e7c0aab3a5de7288546e7253eb5f66220cdaee301e569f78
                • Opcode Fuzzy Hash: 9f0e6db0d2c474bbb96b103905c59dfb222081f6668e2f652be32e3564a30d24
                • Instruction Fuzzy Hash: 73E06D30252350CBE365A6699444FEAB396EBC9321F000879D25A87380DE62E945C7D1
                Function 067F28C1 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ec46c56d3898c9a0aa5bccc95281e9e2997d6c12c787c182a904b777db38be38
                • Instruction ID: e872a9784d7600eb278842802c61406e59201548416fcf787bbd4f3e5e68ac06
                • Opcode Fuzzy Hash: ec46c56d3898c9a0aa5bccc95281e9e2997d6c12c787c182a904b777db38be38
                • Instruction Fuzzy Hash: 8FF03030211310CBE365EA69D440BDAB3E5EFC8325F10047DD59547240DE71AC81CB91
                Function 0684E08D Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c93fcd73b2c91010177d71c02d820471436a07fbd097634a42c45926b5b59c70
                • Instruction ID: 56547084a74172ef1004df4e23f06cb426923a5f00f3a3c3d520106ec6233f54
                • Opcode Fuzzy Hash: c93fcd73b2c91010177d71c02d820471436a07fbd097634a42c45926b5b59c70
                • Instruction Fuzzy Hash: 10F017B090424A8FDB50DFE8D84869DBFB6BB49310F208625E502EF7A9DA3058468B85
                Function 0684C47C Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aacaea7c9dea154010ffe5154583ddcd74e446dfe946c368a6e646190a5950a8
                • Instruction ID: f2c49570fd5a22e40ec6a81ab1dd9462275d620cfe4ace09ac5e5965f2c6f135
                • Opcode Fuzzy Hash: aacaea7c9dea154010ffe5154583ddcd74e446dfe946c368a6e646190a5950a8
                • Instruction Fuzzy Hash: 54F06734A0411DCFDBA0EF64C685BADB7B5BF98300F00D1868808E3211DA30AA84CFA0
                Function 067F1671 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cfe0f867285baae8ec99c1932b2f73a70b6a21d1c6552adc6dc1f534658c5a7
                • Instruction ID: 1d1fad4ac5ef6590bca89b7f0a6683caeedeea8c20ef46345ed52c780180c98d
                • Opcode Fuzzy Hash: 3cfe0f867285baae8ec99c1932b2f73a70b6a21d1c6552adc6dc1f534658c5a7
                • Instruction Fuzzy Hash: FAE07D3021D7609FD394136D1454BD77FCB9718130F04401EF36E83312DD42180541EA
                Function 067F4F28 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1e19ef1bc44866cf79180585fd59e188075f85a3ca9f42528b3841615185cf7
                • Instruction ID: 279f0e50288eb2f79002dd47e2505f0917eded6e213567d37fb7b816b27b0035
                • Opcode Fuzzy Hash: e1e19ef1bc44866cf79180585fd59e188075f85a3ca9f42528b3841615185cf7
                • Instruction Fuzzy Hash: 71E01A76505318AFDB108F96EC48CABBFBCEB89261B10802AF80493310C731AC11CAB0
                Function 067F8F39 Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fceb483cd239ec76f004655d8ceb846facfa9754648684c8cbfee194a0b4cf5b
                • Instruction ID: fdb498c974e69fbdfc9c44325f089d47cc681c300ccc7e68d6543cb8de44b985
                • Opcode Fuzzy Hash: fceb483cd239ec76f004655d8ceb846facfa9754648684c8cbfee194a0b4cf5b
                • Instruction Fuzzy Hash: 2DF03931924248DECB80EF78E9089A97FF5AF06216F04C5AAE55C9E112E632D2A4DF41
                Function 067FADB0 Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cab073b25610267114900a07a3b48bd9dd0d5e5264cdd22bfbd7b8804faef32b
                • Instruction ID: b134ebd7e41df7800bb8a6a64d5d9a80a81b45083f05c57fc275c169bb1ac51b
                • Opcode Fuzzy Hash: cab073b25610267114900a07a3b48bd9dd0d5e5264cdd22bfbd7b8804faef32b
                • Instruction Fuzzy Hash: 6DE08630A06750DBD792BFA4D840B5DFBDEAB85630F104824E1446BB08FB746C418BC6
                Function 0684DFCD Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 834e7f29363691d6d75d52800c97ed4e64b3042ef7b61a3a38ad1ac9f2334ba7
                • Instruction ID: 6943f0ad0c4973f89e5fbf7dc18233234efb05aa2da40389273854902bab0a13
                • Opcode Fuzzy Hash: 834e7f29363691d6d75d52800c97ed4e64b3042ef7b61a3a38ad1ac9f2334ba7
                • Instruction Fuzzy Hash: 48F0F834A4920ACFDB60DFA4D1895AC7BB6FB49205B209529D607E7216DA305881CF40
                Function 0684CC88 Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 756b088307cfc46acbbbaff530ee37fd69b21bb6c8ad5753f68e91fdd2a44c36
                • Instruction ID: 4b01411adf73decb5bf149e072b82d88c8fa58bfc08082364d77752c512d1154
                • Opcode Fuzzy Hash: 756b088307cfc46acbbbaff530ee37fd69b21bb6c8ad5753f68e91fdd2a44c36
                • Instruction Fuzzy Hash: 77F039B4D4120AAFD790EF78C90569EBFF0BF08200F118669D014EB312E77086028F81
                Function 067F2920 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2faad7fd435e210861405a6794829d75f86d2786b99a0258781a8921b89eecea
                • Instruction ID: 2c6c54476e74bf6d78bc3913a6b21642bc2ea83a9b866b3db9f03fc9b8eabe97
                • Opcode Fuzzy Hash: 2faad7fd435e210861405a6794829d75f86d2786b99a0258781a8921b89eecea
                • Instruction Fuzzy Hash: 2FE0CD302097245FC398562D5C083D2BAC7DB09228F14015EE6DDC2201EA561848829A
                Function 0684F438 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7968378c276866e725435373e16c7abbc1b9eaee0e3c6dcad3447279850c371a
                • Instruction ID: c5875fb09a4fb528df13fd14bef21aa29de1947efc780987b1d23bbf5fad6ec2
                • Opcode Fuzzy Hash: 7968378c276866e725435373e16c7abbc1b9eaee0e3c6dcad3447279850c371a
                • Instruction Fuzzy Hash: 2BF03974D0020CEBCB94EFA8D54869DBBB1EB88301F10C0AAEA18A7350D6345A50DF41
                Function 0684E460 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6dd1cb5ce8ea4820b065027d668c2b8200c4ab70074534c8e8f8e1edb9843e25
                • Instruction ID: 7a124030d6bb1c9d5f993bd975dbff2ca79c6d6a0cd267c386edda92a5dc21a7
                • Opcode Fuzzy Hash: 6dd1cb5ce8ea4820b065027d668c2b8200c4ab70074534c8e8f8e1edb9843e25
                • Instruction Fuzzy Hash: 03E04874A0410ECFEBA4FFA8D1496AC7FF9BF49305B109A24E106DB319DE3058468B49
                Function 067F160C Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b8d420d81bb936a54e315e3dc11ddca9d10748463f9fd4be9ce98e3f4d444a4
                • Instruction ID: ef6cec49fe9ac04310c63404fa6739b3ce4377d1c873cf29159f179723adab9e
                • Opcode Fuzzy Hash: 7b8d420d81bb936a54e315e3dc11ddca9d10748463f9fd4be9ce98e3f4d444a4
                • Instruction Fuzzy Hash: 82D0C23134D3605BD248526D1854796BACB9B49228F04446AB25EC3301D946180881AA
                Function 067F6378 Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 54b6ccca15f6731979e6f974b4e914ffc3230e9aaca9938acec2fc9bac276963
                • Instruction ID: bb03eee933b030ba19dfb9a7394a19dffb15fffc639aa701c88574bdd95a8f91
                • Opcode Fuzzy Hash: 54b6ccca15f6731979e6f974b4e914ffc3230e9aaca9938acec2fc9bac276963
                • Instruction Fuzzy Hash: BBD02B5671486026ADC633242C205BC075E4FC6514709045AD6158E6C1DD49192313DB
                Function 0684BCDC Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 84f92f4da46e64e274e4d12cc6e9c75fcb61d96bc062bcfb51cc3e220eae1319
                • Instruction ID: 4d33854611452e90a5ba064d635b884e5968199e3fb63c2ce817142378a1cdd8
                • Opcode Fuzzy Hash: 84f92f4da46e64e274e4d12cc6e9c75fcb61d96bc062bcfb51cc3e220eae1319
                • Instruction Fuzzy Hash: E5E0C23150A218CFC7509BA4E995AA87379FF8B216B00A0E3D60EDF262C7319950DFB1
                Function 0684AD0B Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e2cedf600e51600ea03a397a2bdb61a43ef9a0104840a6a15261cc8def6d8d0
                • Instruction ID: 7175b55587b4eac32e12ba96d48e0364210fc67da17885ff68910ab54c8582f3
                • Opcode Fuzzy Hash: 5e2cedf600e51600ea03a397a2bdb61a43ef9a0104840a6a15261cc8def6d8d0
                • Instruction Fuzzy Hash: 06E0C278D4425D8FDF44EFE8D4995ACBBB6BB58300B00401AA816AB349DB306806CF41
                Function 067FE669 Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bb58d5621ced310d5f31cf512308f75f040dea1e282732f7798b03080a750d
                • Instruction ID: 8a9da750a0164e8e03a34aab9948d9209ab8c8d7d0be58029d9ec21891afda8c
                • Opcode Fuzzy Hash: a4bb58d5621ced310d5f31cf512308f75f040dea1e282732f7798b03080a750d
                • Instruction Fuzzy Hash: E6E01A31824248EDCB91AF7489084AD3FA4AF16215B41C5AAE6889E110F630C2A8DB41
                Function 0684E6EE Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5c7b8f31449d972be0e199042997d3b61de067e70e7926dbf66bf2a9ebec6c6
                • Instruction ID: 4e164dc290b4f14583bee44fbce787728a385110b731b935e11653f8daea8490
                • Opcode Fuzzy Hash: f5c7b8f31449d972be0e199042997d3b61de067e70e7926dbf66bf2a9ebec6c6
                • Instruction Fuzzy Hash: FDE0EC7090524DCFEB50EBD8D945BAD7BBAFB44304F409620D106EF26ED6705909CB80
                Function 0684CC98 Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c681c21489d08da4dfff1d38340d74d65f1c70675c56474f88a0240d56ca92df
                • Instruction ID: acaca3295bad012741e6d548755a3e3694f0aed6009bb458022dceca40825cdd
                • Opcode Fuzzy Hash: c681c21489d08da4dfff1d38340d74d65f1c70675c56474f88a0240d56ca92df
                • Instruction Fuzzy Hash: 90E0B6B1D4020DDFD780EFB9C905A5EBBF4BF08604F1185A9D019E7311E7749A058F91
                Function 067FE678 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b30808ef6f13c8b864e2393718f0dfdde0612323d08628d76a4ec5c3520feac
                • Instruction ID: 4d3f35a5a3c8b74bb202210dad12342329f1ad3a10e7d7f58d5094563023755e
                • Opcode Fuzzy Hash: 6b30808ef6f13c8b864e2393718f0dfdde0612323d08628d76a4ec5c3520feac
                • Instruction Fuzzy Hash: CCE0123182060CEDCBD0EF78D9044AD7BE8AF15211F40C53AEA4CDA110F630D2A4DF81
                Function 067F8F48 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b30808ef6f13c8b864e2393718f0dfdde0612323d08628d76a4ec5c3520feac
                • Instruction ID: 4d9212f1d2aecd4c3f472e075d1ce7db4794e489dc0f29288b921bdd44054049
                • Opcode Fuzzy Hash: 6b30808ef6f13c8b864e2393718f0dfdde0612323d08628d76a4ec5c3520feac
                • Instruction Fuzzy Hash: 90E0EC3182060C9D8BD0EF79D9044AD7BF8AB15211F40C62AE91C9A100E630D2948F81
                Function 067F743B Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a0eb2964e2a245e3d6b733c74e19c0a0a2b1318adc5cb4d4092de5195d138596
                • Instruction ID: dfed2c56f91305c633e6c38715f44409efcd793c83e0c962f294952499d47844
                • Opcode Fuzzy Hash: a0eb2964e2a245e3d6b733c74e19c0a0a2b1318adc5cb4d4092de5195d138596
                • Instruction Fuzzy Hash: D2D01730109284AFC7029B24DC04D8ABF79EF16220B0980D6F9888B263C231E9158BA4
                Function 067F9560 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d2e089c1f9827e6d573fe75e019ebc998a0d2ddc02be3160251d55c808e40fe
                • Instruction ID: 731eacf6618b3aa1b0f38c92a24a0966b431e185edf20cefa7d1484a93a2da68
                • Opcode Fuzzy Hash: 3d2e089c1f9827e6d573fe75e019ebc998a0d2ddc02be3160251d55c808e40fe
                • Instruction Fuzzy Hash: A4D05E73540219BBCB81AF85D840EC2BBE8EF5A328B15845AE28847111EA32E9529BD1
                Function 067F6388 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dd663cb25745d1c109032a064f5be55a6ffb20fce607ea870473b849af3d6224
                • Instruction ID: 7469f8547d33fa1e9a5bd085aecfdded8d90d9e044a2666101ac855bd8287953
                • Opcode Fuzzy Hash: dd663cb25745d1c109032a064f5be55a6ffb20fce607ea870473b849af3d6224
                • Instruction Fuzzy Hash: D7C01222725C34236CD9336C6C2457C228D4FC1964B44086DD619873C1DE4E6D5312DF
                Function 0684C671 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49c65e1ed75243dac565891ae037d5524268cdaa6e60bbbbfa10d0df8b4f50fb
                • Instruction ID: 117996114de81d76a4a196edca4ac430e845c8ac93decc19f795363b5df94646
                • Opcode Fuzzy Hash: 49c65e1ed75243dac565891ae037d5524268cdaa6e60bbbbfa10d0df8b4f50fb
                • Instruction Fuzzy Hash: 86E0B6B4A09219DFDB44DF65C5418EE7BF9AF4D311B109054E609E7251D334D941CF90
                Function 067F8F00 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8ddd665c680cac919d4a58abf16b523c974d1ec331c30dcd48229aaec7de7e81
                • Instruction ID: a119659e4cc1e7a97781a1c3826e5c815c5318b08f55b1168d9321213ac95c77
                • Opcode Fuzzy Hash: 8ddd665c680cac919d4a58abf16b523c974d1ec331c30dcd48229aaec7de7e81
                • Instruction Fuzzy Hash: 5DE0EC31554941CFC300EF78D5859E47F60EF5A304B0901EAE0449B626EA22E4658A51
                Function 067FF199 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc12cd994ff70acdf57bfc0cf93c2afe9e3fc68108b759cc40e276e95443260e
                • Instruction ID: ff695bbbddbf5f5e6d935a3b321c259bdeee0634adc01a610c386a48d7794baa
                • Opcode Fuzzy Hash: cc12cd994ff70acdf57bfc0cf93c2afe9e3fc68108b759cc40e276e95443260e
                • Instruction Fuzzy Hash: F6E046709083824AD3598B2C9404340BE903B66314F1883EE91A5CF3C3F6A6D4C88BA6
                Function 0684C41B Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d2ba0ea0a5d9c88a2967ce96fe2babc5b2d55c78d123f5987e50be903e500741
                • Instruction ID: 8b3811ecc20e62ee34d98e1e48a40d8a0e594f2a00f2eae2dd17f286c360f3fb
                • Opcode Fuzzy Hash: d2ba0ea0a5d9c88a2967ce96fe2babc5b2d55c78d123f5987e50be903e500741
                • Instruction Fuzzy Hash: 00E046305186198FEBA0EF58C484A687379FF50300F0191E2C80AAB266CB30E940CFA1
                Function 067F3B48 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f88c91834b88acee042ea685d701800274aaca244521b352ddf329c39c1b8daf
                • Instruction ID: 5d97744bc3ba67cac760e1247a9593128841b251309005902f54445f2f08dc35
                • Opcode Fuzzy Hash: f88c91834b88acee042ea685d701800274aaca244521b352ddf329c39c1b8daf
                • Instruction Fuzzy Hash: 26D012321201089E5BC1EF95EC00C9277DCBF287107408472E608C7220E621F564D791
                Function 0684A561 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8ef2bb77ebd494cf269bc62d5fed0c49ae13a1512e7df43a52a6cde9409ef05f
                • Instruction ID: 7a2e697973df895ab12e272cebd30eda8a6e8a62d9e5abdd2e20f6f29758bab6
                • Opcode Fuzzy Hash: 8ef2bb77ebd494cf269bc62d5fed0c49ae13a1512e7df43a52a6cde9409ef05f
                • Instruction Fuzzy Hash: 17D05E3494620C8FDBA0DB48E8807ECBB79FB84214F0041E1D10C92124CB301A89CF42
                Function 0684E394 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 54bfde82d42927fb86b8a438d260fe5879448ba7b2a17e8446a095342c939d26
                • Instruction ID: 27f9d11104f0ec3fc8464764c120e818f5cfb969923115d18a1600c5e0a946f9
                • Opcode Fuzzy Hash: 54bfde82d42927fb86b8a438d260fe5879448ba7b2a17e8446a095342c939d26
                • Instruction Fuzzy Hash: E3E08C74C093858FE721DFB4C509318BFF0AB12221B09C18A8099CF1A2C7350446CF12
                Function 06848138 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a8969db4adb3c879c64b51a2ebf9d19ae26c48b6cb76686c0b3fb4f5bbaa72ab
                • Instruction ID: a1e80122f439a265629bf85debd47ae9da74b4ee05987347cf5eebccfcf29e70
                • Opcode Fuzzy Hash: a8969db4adb3c879c64b51a2ebf9d19ae26c48b6cb76686c0b3fb4f5bbaa72ab
                • Instruction Fuzzy Hash: 93D0A7D190C2D98FCBA217B044681587FA1AF17010F8D42EFC191DB153D5048602C712
                Function 067F9570 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ec9bb768004d6be45f44297ee74bbe7234a646e2b0b6123090173f9cb0430a4
                • Instruction ID: ce42a5b9140417d4343d85230bb4ab1bd29356dd60fecfa23f693a7bbb0d3d50
                • Opcode Fuzzy Hash: 3ec9bb768004d6be45f44297ee74bbe7234a646e2b0b6123090173f9cb0430a4
                • Instruction Fuzzy Hash: FBC012331000187B4A41AB85D804C86BBADAF49654305C056E6088B121D622E51297D5
                Function 067F8F10 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8b8fff78df5bf1206c680522f33cd23cc9369a458cf807a7546dbb7976fcc14
                • Instruction ID: 3e762ca42df58e52415c2edda42343bc6aba5618445acb641c1d51649a6f6f7b
                • Opcode Fuzzy Hash: f8b8fff78df5bf1206c680522f33cd23cc9369a458cf807a7546dbb7976fcc14
                • Instruction Fuzzy Hash: 8DD0C931554A048FC300EB6CD945864BBB8EF49604B450195E105AB221EB21F8548A41
                Function 06846E59 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e2063cd6ebcb78fda7cc8bbb6cf759cd3d56e4cfe27b9a6116c2a3c7fa1fcbea
                • Instruction ID: 3add917de5383980c38233c963b60a540a67d051407145a51a2a02fc677cd1f7
                • Opcode Fuzzy Hash: e2063cd6ebcb78fda7cc8bbb6cf759cd3d56e4cfe27b9a6116c2a3c7fa1fcbea
                • Instruction Fuzzy Hash: 17C08CBA418380CFF3820B209C03F827F606B32368F35049EC2C1900A3D6B88B61C322
                Function 0684A2C8 Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 040804a5fc289e152e4428fe20a9454704787ee149661adf2ab33445dcddfef8
                • Instruction ID: 96e6485f2ed9a2b0b6ae7daa55ad6c1a66bc9979cfc9973a46a377903d5a6cd7
                • Opcode Fuzzy Hash: 040804a5fc289e152e4428fe20a9454704787ee149661adf2ab33445dcddfef8
                • Instruction Fuzzy Hash: 8DC08C3008121A87E2747BA0F80C32876A95B0520BF008010EB0E518518BB00050D656
                Function 0684AE6A Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e774b21e782542bd8c4aa9906b14a0042dce2f003bf467582397b61b1e8fc421
                • Instruction ID: b10ae6254d4323445d9b5e73a357777a2f7daaf542f9f32e86445147c180ccbe
                • Opcode Fuzzy Hash: e774b21e782542bd8c4aa9906b14a0042dce2f003bf467582397b61b1e8fc421
                • Instruction Fuzzy Hash: CCD0CA3894432C8F9F44EFA8D8191ACBBB2BB99310B00012AA90AEB200DB211C008B01
                Function 067F7448 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                Function 0684565C Relevance: .0, Instructions: 8COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361908363.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6840000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e48058db3df106b0a412f112ccb42e913e6d2364f01ff32d1f77ed259d57002
                • Instruction ID: 61a2e6f1ef6d877da154b2fd027f5d42cb84aa867ea1c9d7a246c9bb483f5faf
                • Opcode Fuzzy Hash: 1e48058db3df106b0a412f112ccb42e913e6d2364f01ff32d1f77ed259d57002
                • Instruction Fuzzy Hash: 3AB092361A5248A6B6806260CC85A1B9641BBBAB44BA08C02330B900109461946591AB
                Function 067F6360 Relevance: .0, Instructions: 6COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1361726692.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_67f0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 85a6410e8e319552d13a2923ef2eec7a0d806b2ea8fc95d88fb2c27ebc159f4d
                • Instruction ID: b6dc7ab30e50897024c99c6e349c3352afd3b5b2058090e12b63686a89fc23ed
                • Opcode Fuzzy Hash: 85a6410e8e319552d13a2923ef2eec7a0d806b2ea8fc95d88fb2c27ebc159f4d
                • Instruction Fuzzy Hash: 9DB002F5C45345D7DED42E948D0535573D16BD5718FD0545DC0C010056BB681546D715

                Non-executed Functions

                Function 00B0F044 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.1354335992.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b00000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f7de075573d101e079306878b1138ac4adec0b5ca3c0a08712bc15946ba3805
                • Instruction ID: 454cc65038e6f9c87e1dbd7c897a81bf1a02d4d11c551aee93567ad0bc56d7bf
                • Opcode Fuzzy Hash: 2f7de075573d101e079306878b1138ac4adec0b5ca3c0a08712bc15946ba3805
                • Instruction Fuzzy Hash: 44A12E32B00216CFCF15DFA4C8445AEBBF2FF85300B1585BAE905AB6A5EB71D955CB80

                Execution Graph

                Execution Coverage:0.5%
                Dynamic/Decrypted Code Coverage:2.6%
                Signature Coverage:7.9%
                Total number of Nodes:190
                Total number of Limit Nodes:30
                execution_graph 96585 41f040 96588 41b930 96585->96588 96587 41f04b 96589 41b956 96588->96589 96594 409d30 96589->96594 96591 41b962 96593 41b975 96591->96593 96600 40c1b0 8 API calls 96591->96600 96593->96587 96597 409d3d 96594->96597 96601 409c80 96594->96601 96596 409d44 96596->96591 96597->96596 96608 40f170 NtClose 96597->96608 96599 409d55 96599->96591 96600->96593 96603 409c93 96601->96603 96602 409ca6 96602->96597 96603->96602 96609 41b270 96603->96609 96605 409ce3 96605->96602 96620 409aa0 96605->96620 96607 409d03 96607->96597 96608->96599 96610 41b289 96609->96610 96623 414a40 96610->96623 96612 41b2a1 96613 41b2aa 96612->96613 96652 41b0b0 96612->96652 96613->96605 96615 41b2be 96615->96613 96666 419ec0 96615->96666 96808 407ea0 96620->96808 96622 409aba 96622->96607 96624 414a54 96623->96624 96627 414b63 96623->96627 96624->96627 96673 41a320 96624->96673 96626 414ba7 96628 41bd80 RtlFreeHeap 96626->96628 96627->96612 96632 414bb3 96628->96632 96629 414d39 96631 41a450 NtClose 96629->96631 96630 414d4f 96722 414780 NtReadFile NtClose 96630->96722 96633 414d40 96631->96633 96632->96627 96632->96629 96632->96630 96636 414c42 96632->96636 96633->96612 96635 414d62 96635->96612 96637 414ca9 96636->96637 96638 414c51 96636->96638 96637->96629 96644 414cbc 96637->96644 96639 414c56 96638->96639 96640 414c6a 96638->96640 96718 414640 NtClose 96639->96718 96642 414c87 96640->96642 96643 414c6f 96640->96643 96642->96633 96686 414400 96642->96686 96676 4146e0 96643->96676 96719 41a450 96644->96719 96645 414c60 96645->96612 96647 414c7d 96647->96612 96650 414c9f 96650->96612 96651 414d28 96651->96612 96654 41b0c1 96652->96654 96653 41b0d3 96653->96615 96654->96653 96740 41bd00 96654->96740 96656 41b0f4 96743 414060 96656->96743 96658 41b140 96658->96615 96659 41b117 96659->96658 96660 414060 2 API calls 96659->96660 96662 41b139 96660->96662 96662->96658 96768 415380 96662->96768 96663 41b1ca 96778 419e80 96663->96778 96667 419edc 96666->96667 96802 1142c0a 96667->96802 96668 419ef7 96670 41bd80 96668->96670 96805 41a630 96670->96805 96672 41b319 96672->96605 96674 41a33c NtCreateFile 96673->96674 96723 41af20 96673->96723 96674->96626 96677 4146fc 96676->96677 96678 414724 96677->96678 96679 414738 96677->96679 96680 41a450 NtClose 96678->96680 96681 41a450 NtClose 96679->96681 96682 41472d 96680->96682 96683 414741 96681->96683 96682->96647 96725 41bf90 RtlAllocateHeap 96683->96725 96685 41474c 96685->96647 96687 41444b 96686->96687 96688 41447e 96686->96688 96689 41a450 NtClose 96687->96689 96691 41449a 96688->96691 96692 4145c9 96688->96692 96690 41446f 96689->96690 96690->96650 96693 4144d1 96691->96693 96694 4144bc 96691->96694 96698 41a450 NtClose 96692->96698 96696 4144d6 96693->96696 96697 4144ec 96693->96697 96695 41a450 NtClose 96694->96695 96699 4144c5 96695->96699 96700 41a450 NtClose 96696->96700 96706 4144f1 96697->96706 96726 41bf50 96697->96726 96701 414629 96698->96701 96699->96650 96702 4144df 96700->96702 96701->96650 96702->96650 96705 414557 96707 414575 96705->96707 96708 41458a 96705->96708 96711 414503 96706->96711 96729 41a3d0 96706->96729 96709 41a450 NtClose 96707->96709 96710 41a450 NtClose 96708->96710 96709->96711 96712 414593 96710->96712 96711->96650 96713 4145bf 96712->96713 96732 41bb50 96712->96732 96713->96650 96715 4145aa 96716 41bd80 RtlFreeHeap 96715->96716 96717 4145b3 96716->96717 96717->96650 96718->96645 96720 41af20 96719->96720 96721 41a46c NtClose 96720->96721 96721->96651 96722->96635 96724 41af30 96723->96724 96724->96674 96725->96685 96728 41bf68 96726->96728 96737 41a5f0 96726->96737 96728->96706 96730 41af20 96729->96730 96731 41a3ec NtReadFile 96730->96731 96731->96705 96733 41bb74 96732->96733 96734 41bb5d 96732->96734 96733->96715 96734->96733 96735 41bf50 RtlAllocateHeap 96734->96735 96736 41bb8b 96735->96736 96736->96715 96738 41af20 96737->96738 96739 41a60c RtlAllocateHeap 96738->96739 96739->96728 96741 41bd2d 96740->96741 96782 41a500 96740->96782 96741->96656 96744 414071 96743->96744 96745 414079 96743->96745 96744->96659 96767 41434c 96745->96767 96785 41cef0 96745->96785 96747 4140cd 96748 41cef0 RtlAllocateHeap 96747->96748 96752 4140d8 96748->96752 96749 414126 96751 41cef0 RtlAllocateHeap 96749->96751 96753 41413a 96751->96753 96752->96749 96790 41cf90 96752->96790 96754 41cef0 RtlAllocateHeap 96753->96754 96756 4141ad 96754->96756 96755 41cef0 RtlAllocateHeap 96764 4141f5 96755->96764 96756->96755 96758 414324 96797 41cf50 RtlFreeHeap 96758->96797 96760 41432e 96798 41cf50 RtlFreeHeap 96760->96798 96762 414338 96799 41cf50 RtlFreeHeap 96762->96799 96796 41cf50 RtlFreeHeap 96764->96796 96765 414342 96800 41cf50 RtlFreeHeap 96765->96800 96767->96659 96769 415391 96768->96769 96770 414a40 5 API calls 96769->96770 96772 4153a7 96770->96772 96771 4153fa 96771->96663 96772->96771 96773 4153e2 96772->96773 96774 4153f5 96772->96774 96775 41bd80 RtlFreeHeap 96773->96775 96776 41bd80 RtlFreeHeap 96774->96776 96777 4153e7 96775->96777 96776->96771 96777->96663 96779 419e9c 96778->96779 96801 1142df0 LdrInitializeThunk 96779->96801 96780 419eb3 96780->96615 96783 41af20 96782->96783 96784 41a51c NtAllocateVirtualMemory 96783->96784 96784->96741 96786 41cf00 96785->96786 96787 41cf06 96785->96787 96786->96747 96788 41bf50 RtlAllocateHeap 96787->96788 96789 41cf2c 96788->96789 96789->96747 96791 41cfb5 96790->96791 96792 41cfed 96790->96792 96793 41bf50 RtlAllocateHeap 96791->96793 96792->96752 96794 41cfca 96793->96794 96795 41bd80 RtlFreeHeap 96794->96795 96795->96792 96796->96758 96797->96760 96798->96762 96799->96765 96800->96767 96801->96780 96803 1142c11 96802->96803 96804 1142c1f LdrInitializeThunk 96802->96804 96803->96668 96804->96668 96806 41a639 96805->96806 96807 41a64c RtlFreeHeap 96806->96807 96807->96672 96809 407eb0 96808->96809 96810 407eab 96808->96810 96811 41bd00 NtAllocateVirtualMemory 96809->96811 96810->96622 96813 407ed5 96811->96813 96812 419e80 LdrInitializeThunk 96812->96813 96813->96812 96814 407f38 96813->96814 96815 41bd00 NtAllocateVirtualMemory 96813->96815 96814->96622 96815->96813 96816 1142bf0 LdrInitializeThunk

                Executed Functions

                Function 0041A3D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 0 41a3d0-41a419 call 41af20 NtReadFile
                APIs
                • NtReadFile.NTDLL(bMA,5EB65239,FFFFFFFF,?,?,?,bMA,?,!JA,FFFFFFFF,5EB65239,00414D62,?,00000000), ref: 0041A415
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: FileRead
                • String ID: !JA$bMA$bMA
                • API String ID: 2738559852-4222312340
                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                • Instruction ID: 54437c4e75339082d0912fbe7e6c9053912bd6928cda1a9760da43cab1c95c7d
                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                • Instruction Fuzzy Hash: C3F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241D630E8518BA4
                Function 0041A2DA Relevance: 1.6, APIs: 1, Instructions: 68filenativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 94 41a2da-41a2de 95 41a2e0-41a319 call 41af20 94->95 96 41a327-41a371 call 41af20 NtCreateFile 94->96
                APIs
                • NtCreateFile.NTDLL(00000060,00409CE3,?,00414BA7,00409CE3,FFFFFFFF,?,?,FFFFFFFF,00409CE3,00414BA7,?,00409CE3,00000060,00000000,00000000), ref: 0041A36D
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: CreateFile
                • String ID:
                • API String ID: 823142352-0
                • Opcode ID: 7c664c0e1cdefeca7aa2f7cdfb373164a786f2114ffd6b32d994fd8412118722
                • Instruction ID: 4df3e26c07a208048597edf0331744d7a01f7a6ae2ff358607535ad92e6f3b65
                • Opcode Fuzzy Hash: 7c664c0e1cdefeca7aa2f7cdfb373164a786f2114ffd6b32d994fd8412118722
                • Instruction Fuzzy Hash: 001107B2204208AFCB08DF99DC85DEB77ADEF8C714F04864DBA5DA7241D630E851CBA4
                Function 0041A31A Relevance: 1.5, APIs: 1, Instructions: 49filenativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 102 41a31a-41a31d 103 41a2d1-41a2d9 102->103 104 41a31f-41a336 102->104 105 41a33c-41a371 NtCreateFile 104->105 106 41a337 call 41af20 104->106 106->105
                APIs
                • NtCreateFile.NTDLL(00000060,00409CE3,?,00414BA7,00409CE3,FFFFFFFF,?,?,FFFFFFFF,00409CE3,00414BA7,?,00409CE3,00000060,00000000,00000000), ref: 0041A36D
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: CreateFile
                • String ID:
                • API String ID: 823142352-0
                • Opcode ID: a291695d26942b2b1f58cabb99613039bb8c65b12559f95cd2dfca9fd9d33d03
                • Instruction ID: fab74fe9494030ce515bb30447a9cb922f52978e69d15afc69ccf7c388ba55c4
                • Opcode Fuzzy Hash: a291695d26942b2b1f58cabb99613039bb8c65b12559f95cd2dfca9fd9d33d03
                • Instruction Fuzzy Hash: B601EEB2205208AFCB08CF98DC85EEB77A9EF8C354B14865DFA4D97251C630E851CBA4
                Function 0041A320 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 108 41a320-41a336 109 41a33c-41a371 NtCreateFile 108->109 110 41a337 call 41af20 108->110 110->109
                APIs
                • NtCreateFile.NTDLL(00000060,00409CE3,?,00414BA7,00409CE3,FFFFFFFF,?,?,FFFFFFFF,00409CE3,00414BA7,?,00409CE3,00000060,00000000,00000000), ref: 0041A36D
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: CreateFile
                • String ID:
                • API String ID: 823142352-0
                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                • Instruction ID: 30690d9e011530b668ed3b4ae7cc5c3fda29d367b226dbf4f68f65ca016a7565
                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                • Instruction Fuzzy Hash: FDF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                Function 0041A500 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 111 41a500-41a53d call 41af20 NtAllocateVirtualMemory
                APIs
                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B0F4,?,00000000,?,00003000,00000040,00000000,00000000,00409CE3), ref: 0041A539
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: AllocateMemoryVirtual
                • String ID:
                • API String ID: 2167126740-0
                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                • Instruction ID: c35769ceed384df61eeb5fc049e905e887b244236103aac277853e7772ac0dd9
                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                • Instruction Fuzzy Hash: 75F015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241C630F811CBA4
                Function 0041A450 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 127 41a450-41a479 call 41af20 NtClose
                APIs
                • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A475
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                • Instruction ID: e48275ca6f7768b9f0fd4fab79f6d7fda959a909e55c262f35bdb2090c9231ed
                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                • Instruction Fuzzy Hash: E5D01776200214ABD710EB99DC85EE77BADEF48764F15449ABA189B242C530FA1086E0
                Function 01142BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 134 1142bf0-1142bfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 7b02c75a4040c4524f1a2d0fe1e692690b05c1be279845e24bd38f9adf66a1f0
                • Instruction ID: 19e0a5e4c103cdd1bf491cafbe108d2ecde507841e7f36ec1b5082ddf955d0b4
                • Opcode Fuzzy Hash: 7b02c75a4040c4524f1a2d0fe1e692690b05c1be279845e24bd38f9adf66a1f0
                • Instruction Fuzzy Hash: D590023120140842D2C47159850464A000597D1301F95C015B4126654DCB158B597BA1
                Function 01142DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 135 1142df0-1142dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 3b1c48adf025244af7bc636abfddebca4b121fac4d8d8fad738348bce1348cb5
                • Instruction ID: e8523e5f539f76d97e6074d5a3e98f1b02a3e4efa5dbe39e5cf5af5196f756f2
                • Opcode Fuzzy Hash: 3b1c48adf025244af7bc636abfddebca4b121fac4d8d8fad738348bce1348cb5
                • Instruction Fuzzy Hash: B290023120140453D25571598604707000997D0241F95C412B4525558DD7568A52A621
                Function 00409AA0 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52314f94f59daf452594b101418944989ba10d402b895cad4abe47703a5ce96b
                • Instruction ID: 4f20240aff7f2371bb6e5cfcebb6b85206ba00274494e6c7b70a30fa46eb6871
                • Opcode Fuzzy Hash: 52314f94f59daf452594b101418944989ba10d402b895cad4abe47703a5ce96b
                • Instruction Fuzzy Hash: 48213CB2D4420957CB25D664AD52BFF737CAB54314F04007FE949A3182F638BF498BA6
                Function 0041A5F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 3 41a5f0-41a621 call 41af20 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(&EA,?,00414C9F,00414C9F,?,00414526,?,?,?,?,?,00000000,00409CE3,?), ref: 0041A61D
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID: &EA
                • API String ID: 1279760036-1330915590
                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                • Instruction ID: 65e1271fa0e6f293e5ca7d904ec396d69fb6d51de338ced040ab1bfa87458b74
                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                • Instruction Fuzzy Hash: 1DE012B2200208ABDB14EF99DC41EA777ADAF88668F118559BA085B242C630F9118AB0
                Function 0041A628 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 114 41a628-41a647 call 41af20 117 41a64c-41a661 RtlFreeHeap 114->117
                APIs
                • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A65D
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: deb6f3cbaddf8d1b30b0a2472657bc84d71fecb9dd31b164c26a6de248e953a1
                • Instruction ID: f99da4b6137faee64ccb0e76b5134edc706bbc64de05aa907415d65b5719ad40
                • Opcode Fuzzy Hash: deb6f3cbaddf8d1b30b0a2472657bc84d71fecb9dd31b164c26a6de248e953a1
                • Instruction Fuzzy Hash: 98E092B5200208ABC714DF94DC45EE7376DEF88354F048555FD1857341C631E814CBB1
                Function 0041A5B7 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 118 41a5b7-41a5b8 119 41a639-41a647 call 41af20 118->119 120 41a5ba-41a5bf 118->120 122 41a64c-41a661 RtlFreeHeap 119->122 120->119
                APIs
                • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A65D
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: 985bbc65c240b02002bb8b871147added6c3bd03496e8c1c679bf1631a8a4887
                • Instruction ID: 29a16ffb49d34e61192b1a92b5cea757803c751a33c01070247bbd93e82f6b5b
                • Opcode Fuzzy Hash: 985bbc65c240b02002bb8b871147added6c3bd03496e8c1c679bf1631a8a4887
                • Instruction Fuzzy Hash: FBE026B61001046FC720DF11DC49FD7376DEF44314F01424AFD0C57202C630E8228AB0
                Function 0041A630 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 123 41a630-41a661 call 41af20 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A65D
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                • Instruction ID: a31e03847b69acb9206512889bce5d114748d47cfafea9ced6338f279cce3475
                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                • Instruction Fuzzy Hash: 64E04FB12002046BD714DF59DC45EE777ADEF88754F014559FD0857241C630F910CAF0
                Function 01142C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 130 1142c0a-1142c0f 131 1142c11-1142c18 130->131 132 1142c1f-1142c26 LdrInitializeThunk 130->132
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: dba909999f6eedaa3c6d7c0f03c52461cd82fe67309f8eceeab1734e858887a3
                • Instruction ID: 51df5e1f68fe0b5a2ecdb307994e9fb93c240db987ca5410b4ebd93c8612a4fa
                • Opcode Fuzzy Hash: dba909999f6eedaa3c6d7c0f03c52461cd82fe67309f8eceeab1734e858887a3
                • Instruction Fuzzy Hash: 3EB09B719015C5C6DB55E7645708717790077D0701F25C061F2130641F4778C1D1E675

                Non-executed Functions

                Function 011B8D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                Download Yara Rule
                Strings
                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 011B8F2D
                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 011B8DB5
                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 011B8E86
                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 011B8E4B
                • read from, xrefs: 011B8F5D, 011B8F62
                • <unknown>, xrefs: 011B8D2E, 011B8D81, 011B8E00, 011B8E49, 011B8EC7, 011B8F3E
                • an invalid address, %p, xrefs: 011B8F7F
                • a NULL pointer, xrefs: 011B8F90
                • The resource is owned exclusively by thread %p, xrefs: 011B8E24
                • The instruction at %p tried to %s , xrefs: 011B8F66
                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 011B8F26
                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 011B8DD3
                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 011B8E3F
                • *** An Access Violation occurred in %ws:%s, xrefs: 011B8F3F
                • The critical section is owned by thread %p., xrefs: 011B8E69
                • This failed because of error %Ix., xrefs: 011B8EF6
                • write to, xrefs: 011B8F56
                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 011B8DA3
                • The instruction at %p referenced memory at %p., xrefs: 011B8EE2
                • Go determine why that thread has not released the critical section., xrefs: 011B8E75
                • *** Resource timeout (%p) in %ws:%s, xrefs: 011B8E02
                • *** Inpage error in %ws:%s, xrefs: 011B8EC8
                • The resource is owned shared by %d threads, xrefs: 011B8E2E
                • *** enter .cxr %p for the context, xrefs: 011B8FBD
                • *** then kb to get the faulting stack, xrefs: 011B8FCC
                • *** enter .exr %p for the exception record, xrefs: 011B8FA1
                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 011B8D8C
                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 011B8DC4
                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 011B8FEF
                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 011B8F34
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                • API String ID: 0-108210295
                • Opcode ID: 95de616855b6fa8739a49b6a1b1622a9e4e7df64141fcbeae531c8c37828469a
                • Instruction ID: 90f0518722365dc8e53145a417c63f199267b6bf1d3a1a0097a6e57eb57b2fb0
                • Opcode Fuzzy Hash: 95de616855b6fa8739a49b6a1b1622a9e4e7df64141fcbeae531c8c37828469a
                • Instruction Fuzzy Hash: 8881F575A40215BFDB1DAA19CC8AEAB3F3AEF56B64F05404CF7086F152E375C412CA62
                Function 01182349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: 7a3a4d6a68cb176733b82a9fe0219aef92aee87dd1f7bc591adefc347a8de12d
                • Instruction ID: c74f28e9324c2d48f8f058eb236482a8236ed9433850122b3e912be90f3f9a0f
                • Opcode Fuzzy Hash: 7a3a4d6a68cb176733b82a9fe0219aef92aee87dd1f7bc591adefc347a8de12d
                • Instruction Fuzzy Hash: EC928071604742AFE72AEF19C840B6BBBE8BB84754F04892DFA95D7250D770E844CF92
                Function 01138620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                Download Yara Rule
                Strings
                • 8, xrefs: 011752E3
                • Thread is in a state in which it cannot own a critical section, xrefs: 01175543
                • Critical section address., xrefs: 01175502
                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0117540A, 01175496, 01175519
                • Critical section address, xrefs: 01175425, 011754BC, 01175534
                • undeleted critical section in freed memory, xrefs: 0117542B
                • Thread identifier, xrefs: 0117553A
                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011754E2
                • double initialized or corrupted critical section, xrefs: 01175508
                • Invalid debug info address of this critical section, xrefs: 011754B6
                • Critical section debug info address, xrefs: 0117541F, 0117552E
                • corrupted critical section, xrefs: 011754C2
                • Address of the debug info found in the active list., xrefs: 011754AE, 011754FA
                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011754CE
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                • API String ID: 0-2368682639
                • Opcode ID: dbfbdc1d62834fc8b2abfb9429bc21b548139ab6def3c6eb504c1f9139e50503
                • Instruction ID: 87c1c57de1ec13071f9f8b2afd0ffcc3489b52227d7cde1e81868d679e489d2a
                • Opcode Fuzzy Hash: dbfbdc1d62834fc8b2abfb9429bc21b548139ab6def3c6eb504c1f9139e50503
                • Instruction Fuzzy Hash: A181B1B1A40358EFDB68CF9AC845BAEBBF6FB48704F14811AF544BB690D371A940CB50
                Function 011329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                Download Yara Rule
                Strings
                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011725EB
                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01172412
                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01172602
                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01172506
                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011722E4
                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01172498
                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01172624
                • @, xrefs: 0117259B
                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011724C0
                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0117261F
                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01172409
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                • API String ID: 0-4009184096
                • Opcode ID: 8f94c29fed009465d2fb82066915d0d30da7209f75069077107f7cfa868c072e
                • Instruction ID: 0cdb13c0438db5ccb82bf3e4b1b754a6232439bde5de7975805dad90b2ec572e
                • Opcode Fuzzy Hash: 8f94c29fed009465d2fb82066915d0d30da7209f75069077107f7cfa868c072e
                • Instruction Fuzzy Hash: E3028EF1D002299FDB39DB54CC80BDAB7B8AB54704F0141EAA649A7241EB309F85CF99
                Function 011A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                • API String ID: 0-2515994595
                • Opcode ID: e9456fac12bf28b26eeb9f0d37f5f67c4adaa81bee39604064803961c1c262c1
                • Instruction ID: fa5d65193a7072ab729670868cde2359603bdf677ba117fdedb9863453b970eb
                • Opcode Fuzzy Hash: e9456fac12bf28b26eeb9f0d37f5f67c4adaa81bee39604064803961c1c262c1
                • Instruction Fuzzy Hash: DD51CD755083119BC32DDF18C844BABBFE8EF94649F94492EE998C7284E770D608CBD2
                Function 0111AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                • API String ID: 0-3197712848
                • Opcode ID: e6d293ee30d2d44a50a35dd4f6c2d768fe6e6fe329856c8763efe53ccaadfff1
                • Instruction ID: 9b247c73bd4d4b4aeb6648608dab90326a5d067a73e68231cac7187d6e996f69
                • Opcode Fuzzy Hash: e6d293ee30d2d44a50a35dd4f6c2d768fe6e6fe329856c8763efe53ccaadfff1
                • Instruction Fuzzy Hash: 2B12EE716093928FD32CDF28D440BAAFBE5BF84718F05492DF9858B299E730D944CB92
                Function 011B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: a2ae273c6e324c6524fb6163d2f9596774166f4592ae34925a4cd282e687755c
                • Instruction ID: ee75d759714772a57ecac2ddac0b850811a7f4ea45225d18bd0b073ddc8a6c52
                • Opcode Fuzzy Hash: a2ae273c6e324c6524fb6163d2f9596774166f4592ae34925a4cd282e687755c
                • Instruction Fuzzy Hash: 72D1FC31604A86DFDB2ADF68C481AEEBBF1FF4A714F18805DF5859BA52C7349981CB10
                Function 011889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                Download Yara Rule
                Strings
                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01188A3D
                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01188A67
                • AVRF: -*- final list of providers -*- , xrefs: 01188B8F
                • VerifierFlags, xrefs: 01188C50
                • VerifierDlls, xrefs: 01188CBD
                • VerifierDebug, xrefs: 01188CA5
                • HandleTraces, xrefs: 01188C8F
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                • API String ID: 0-3223716464
                • Opcode ID: 3c2327bd9caf76df4957809764e1c4631eabaaa5f8cdfcbe29a2090b3edc9890
                • Instruction ID: 4165861cc3f54f6437ac8ac57b2fee38bad01c551db5eb03a2199a3292d6babd
                • Opcode Fuzzy Hash: 3c2327bd9caf76df4957809764e1c4631eabaaa5f8cdfcbe29a2090b3edc9890
                • Instruction Fuzzy Hash: 4C914672641716EFD32DFF288880F6A7BE5AB94758F85852CFA40AB285C7309C45CF91
                Function 0110EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                • API String ID: 0-1109411897
                • Opcode ID: cab8013b49d2b5842ddd4102f20633f9351f755bb6aca06f388073a97edbb81c
                • Instruction ID: 3c3c13111c5e64e4058feb24028fe800ccb8aa1f7842a7d5341af349e23a7f88
                • Opcode Fuzzy Hash: cab8013b49d2b5842ddd4102f20633f9351f755bb6aca06f388073a97edbb81c
                • Instruction Fuzzy Hash: 7CA25770E0562ACFDB79CF19C8887A9BBB5AF49304F1442E9D90DA7690DB719E81CF01
                Function 011363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: 3ef4555fcfdd757692296e5b689304846083bf0035aa964b1dbc46e00a4dd8cd
                • Instruction ID: 2f477dc64db8d289606ef4ff4dcc1168c8f3e15d8ccc4ac22f744ecb5c7cd7ea
                • Opcode Fuzzy Hash: 3ef4555fcfdd757692296e5b689304846083bf0035aa964b1dbc46e00a4dd8cd
                • Instruction Fuzzy Hash: CC914830F01711ABEB2DEF18E844BAE7BB6BF81B58F14012CE9606B785D7709981C791
                Function 010F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                Download Yara Rule
                Strings
                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01159A01
                • LdrpInitShimEngine, xrefs: 011599F4, 01159A07, 01159A30
                • minkernel\ntdll\ldrinit.c, xrefs: 01159A11, 01159A3A
                • apphelp.dll, xrefs: 010F6496
                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011599ED
                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01159A2A
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: 8600f15b4ff490954977c1b1e6f3ca070f07a3a679b4a4536e462b017178bf54
                • Instruction ID: 0105d6a5b7afee8a44bf9b703e45c45d53e986014c31dc236679d648efa72888
                • Opcode Fuzzy Hash: 8600f15b4ff490954977c1b1e6f3ca070f07a3a679b4a4536e462b017178bf54
                • Instruction Fuzzy Hash: 2C519171218709DFE728DB24C846BAB77E9FB84748F04052DFAA59B150D731E944CBA3
                Function 01132674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011721BF
                • RtlGetAssemblyStorageRoot, xrefs: 01172160, 0117219A, 011721BA
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0117219F
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01172178
                • SXS: %s() passed the empty activation context, xrefs: 01172165
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01172180
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: 91341de77713065024127f48def8947872e50e0d650309a56ebd9f24ddd7eaca
                • Instruction ID: 4b803dbda3d26632e8035cce6cb245441c395455d49eb4ee860c9ab7f15d8b83
                • Opcode Fuzzy Hash: 91341de77713065024127f48def8947872e50e0d650309a56ebd9f24ddd7eaca
                • Instruction Fuzzy Hash: BC314B36F402117BF72AAA9A9C45F5B7B78FFE5A90F054059BB046B204D3709A02C7E1
                Function 0113C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • LdrpInitializeProcess, xrefs: 0113C6C4
                • minkernel\ntdll\ldrredirect.c, xrefs: 01178181, 011781F5
                • LdrpInitializeImportRedirection, xrefs: 01178177, 011781EB
                • Loading import redirection DLL: '%wZ', xrefs: 01178170
                • minkernel\ntdll\ldrinit.c, xrefs: 0113C6C3
                • Unable to build import redirection Table, Status = 0x%x, xrefs: 011781E5
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-475462383
                • Opcode ID: 5a9d4e1ed07c907d6c38554771211797a9a57838c2e9a91b8173336fdfee5dfe
                • Instruction ID: d89eca977d084c413ca2290f6bed91aecf97f7c28e7d046e48d1edc30582131c
                • Opcode Fuzzy Hash: 5a9d4e1ed07c907d6c38554771211797a9a57838c2e9a91b8173336fdfee5dfe
                • Instruction Fuzzy Hash: DD31F7716447469FC21CEF29D84AE1A7BE5EF94B54F04056CF9856B391DB20EC04C7A2
                Function 0114096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 01142DF0: LdrInitializeThunk.NTDLL ref: 01142DFA
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140BA3
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140BB6
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140D60
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140D74
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                • String ID:
                • API String ID: 1404860816-0
                • Opcode ID: c717cc1cbf402d1c37e0fd08505c0535d7e6cb697f6009eda8c739a77c887831
                • Instruction ID: 5f8a9fae589bea6fa889a8234bd27eea2d0d25a7ba87fa1c14510f41d55c7050
                • Opcode Fuzzy Hash: c717cc1cbf402d1c37e0fd08505c0535d7e6cb697f6009eda8c739a77c887831
                • Instruction Fuzzy Hash: 25426C71900719DFDB29CF28C840BEAB7F5BF48714F1445A9EA89EB241E770A984CF61
                Function 0110A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: 137ed1b1b4559b06d8ac901f47a618df4964f89f59c1220565a70541b24deb4b
                • Instruction ID: 8d9d59ed0fb216b578c021d27dcb41be6d6e679dc181d4c7953549c20ea109f8
                • Opcode Fuzzy Hash: 137ed1b1b4559b06d8ac901f47a618df4964f89f59c1220565a70541b24deb4b
                • Instruction Fuzzy Hash: 11C19B74908382CFD71ACF68D040B6AB7E4BF84704F05896AF995CB291E7B5C949CB53
                Function 01138402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                Download Yara Rule
                Strings
                • LdrpInitializeProcess, xrefs: 01138422
                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0113855E
                • @, xrefs: 01138591
                • minkernel\ntdll\ldrinit.c, xrefs: 01138421
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1918872054
                • Opcode ID: 4e8ba1fceae5eb6a269a61dca5daa7137c95f6ab92e0764292e5827f577b2456
                • Instruction ID: 8d90befcd33ba622f1d6cdbad24c0a63a841c611ff55f41ba053b74c08abe7c1
                • Opcode Fuzzy Hash: 4e8ba1fceae5eb6a269a61dca5daa7137c95f6ab92e0764292e5827f577b2456
                • Instruction Fuzzy Hash: 7B91BF71648345AFD72ADF65CC40FABBBE8BF84744F400A2EFA8496145E734D944CB62
                Function 0113273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011722B6
                • .Local, xrefs: 011328D8
                • SXS: %s() passed the empty activation context, xrefs: 011721DE
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011721D9, 011722B1
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: 554dc23cbe5ea9089c72dadc5f0aa521907d8d6d4eeea82f491467dac6daa2bd
                • Instruction ID: 19fa4677a29528a8e6955f3208eb65c8ed556f6551a5350811eec772d14d9b9e
                • Opcode Fuzzy Hash: 554dc23cbe5ea9089c72dadc5f0aa521907d8d6d4eeea82f491467dac6daa2bd
                • Instruction Fuzzy Hash: 80A1D031900229DFDB28DF68C884BA9B7B1BF98354F1541EAD948AB355E730DE81CF81
                Function 01134AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                Download Yara Rule
                Strings
                • RtlDeactivateActivationContext, xrefs: 01173425, 01173432, 01173451
                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0117342A
                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01173437
                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01173456
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                • API String ID: 0-1245972979
                • Opcode ID: 5a4668a8e0af4517d6f655b2f9c882b73feb0b178192bf051463407e265862c2
                • Instruction ID: 8eaa6104a3d1edb836d861cf2f0dc0e138e8bd7cfb7fa412702b01ba6379597f
                • Opcode Fuzzy Hash: 5a4668a8e0af4517d6f655b2f9c882b73feb0b178192bf051463407e265862c2
                • Instruction Fuzzy Hash: F56122366147029FD72ECF1DC841B2AB7E1BF80B64F158529E8A69B784CB30E801CB91
                Function 011064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                Download Yara Rule
                Strings
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011610AE
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01161028
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01160FE5
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0116106B
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: c54f6e17a1fb3beacf4a283a7a35f171365af6181bbe1ebd629df9661c7c283d
                • Instruction ID: ff80e41c19c789bfa8dae64999b6d208fe4cf64dc5aa752a307d4d3b98bac25c
                • Opcode Fuzzy Hash: c54f6e17a1fb3beacf4a283a7a35f171365af6181bbe1ebd629df9661c7c283d
                • Instruction Fuzzy Hash: D071F1719043459FCB25DF14C884F977FA8AF987A8F000468F9488B186D375D598CFD2
                Function 01134D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                Download Yara Rule
                Strings
                • LdrpFindDllActivationContext, xrefs: 01173636, 01173662
                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0117362F
                • Querying the active activation context failed with status 0x%08lx, xrefs: 0117365C
                • minkernel\ntdll\ldrsnap.c, xrefs: 01173640, 0117366C
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                • API String ID: 0-3779518884
                • Opcode ID: 64aef1ad17779052329217a5b879c8a58929ef63883aa69c1f1ba818210f6b79
                • Instruction ID: 33ad3fa417441d38e1125c11e8b127f236ce8defd6430ee19c3af53eed29c429
                • Opcode Fuzzy Hash: 64aef1ad17779052329217a5b879c8a58929ef63883aa69c1f1ba818210f6b79
                • Instruction Fuzzy Hash: 4B315B32900611EEEF3EEB0CC84CB3D7AB4FBA1754F06816AE51467A69D7A09C8087C5
                Function 0112245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • LdrpDynamicShimModule, xrefs: 0116A998
                • minkernel\ntdll\ldrinit.c, xrefs: 0116A9A2
                • apphelp.dll, xrefs: 01122462
                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0116A992
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-176724104
                • Opcode ID: a798aef0b444a009b73d7bff5dea67ce574210a5859cc1c43a1749d994e88fde
                • Instruction ID: 203210ef61ae1e5b50505bcff116300aca3bc382ee5c071ee7851424f8e2affb
                • Opcode Fuzzy Hash: a798aef0b444a009b73d7bff5dea67ce574210a5859cc1c43a1749d994e88fde
                • Instruction Fuzzy Hash: C6313B75600301ABD73D9F5DE845EAE77B9FF84704F26002EE52177245D7B15992CB80
                Function 011129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                Download Yara Rule
                Strings
                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0111327D
                • HEAP: , xrefs: 01113264
                • HEAP[%wZ]: , xrefs: 01113255
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                • API String ID: 0-617086771
                • Opcode ID: 6960e3ae1fa7d802744ea23e5a9d71c8f0d7e3ebe15e1eee1397da4e5babef34
                • Instruction ID: 5e5ec3c3e76dca513b3feb66b7b5665a4b06a85a5962c7cb24e8ecda19425522
                • Opcode Fuzzy Hash: 6960e3ae1fa7d802744ea23e5a9d71c8f0d7e3ebe15e1eee1397da4e5babef34
                • Instruction Fuzzy Hash: 8E92CC71A042499FDB29CF68C440BAEFBF1FF48314F288469E859AB399D734A941CF51
                Function 01110770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: b2a42a4e925baaf3afe3565a492494e2a9f0152a5888afb97249a4f68c469c71
                • Instruction ID: 02aab9af601e5ef88c3d83ab22dc17ed7249476d1b89c988054ed1044d913805
                • Opcode Fuzzy Hash: b2a42a4e925baaf3afe3565a492494e2a9f0152a5888afb97249a4f68c469c71
                • Instruction Fuzzy Hash: 0FF1AA30A00606DFEB2DCF68C894B6AFBB6FF48344F148168E5569B385D731E991CB91
                Function 00417D73 Relevance: 4.0, Strings: 3, Instructions: 297COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: =$www.$www.
                • API String ID: 0-3343787489
                • Opcode ID: ebac27a1472782b2c861e7fdff27ed5a147ed3f390c5b29674b7aef47c4aeb43
                • Instruction ID: 88a10a8cc3c162d7dd61c5f661a1585d479e293c48e09ecbe03fae884ae3fe47
                • Opcode Fuzzy Hash: ebac27a1472782b2c861e7fdff27ed5a147ed3f390c5b29674b7aef47c4aeb43
                • Instruction Fuzzy Hash: A5B1C672980348AACB14DBF0CCC1FDF777DAF44308F44455EB2595B182DA78A6848BA9
                Function 01126962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: $@
                • API String ID: 0-1077428164
                • Opcode ID: 7a82c829d0979ff9f14dd90c04523a12cced82af553861fa740a6ca4021ab94d
                • Instruction ID: c19774033a636c201ad0497e93d6cdae631fe7249bc1032b21d1e88c020a72c1
                • Opcode Fuzzy Hash: 7a82c829d0979ff9f14dd90c04523a12cced82af553861fa740a6ca4021ab94d
                • Instruction Fuzzy Hash: B5C290716083519FDB2DCF28C840BABBBE5AF98714F05892DE9C9C7281E735D815CB92
                Function 010FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: 9f7c34f27af5b20b78968093c22d2d9403229e01aa037bcba3d26e57ed8c2ed1
                • Instruction ID: a6815c8990f52e5e7abe8609a1e9c5c5b08a25bf098869b11f3fe662bc6e2b9e
                • Opcode Fuzzy Hash: 9f7c34f27af5b20b78968093c22d2d9403229e01aa037bcba3d26e57ed8c2ed1
                • Instruction Fuzzy Hash: 15A15A75901629DBDB75DF28CC88BEABBB8EF44714F1001E9EA18A7250D7359E84CF90
                Function 01120BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                Download Yara Rule
                Strings
                • Failed to allocated memory for shimmed module list, xrefs: 0116A10F
                • LdrpCheckModule, xrefs: 0116A117
                • minkernel\ntdll\ldrinit.c, xrefs: 0116A121
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                • API String ID: 0-161242083
                • Opcode ID: 2b21330b3f3b3db5c04cdb5238529bb84625dd272201dc6d901b85a5612f0695
                • Instruction ID: d0af74ea31169fc0389b3c491f52b6e089adac99a5798a1f44d45790dd3e8a4a
                • Opcode Fuzzy Hash: 2b21330b3f3b3db5c04cdb5238529bb84625dd272201dc6d901b85a5612f0695
                • Instruction Fuzzy Hash: D271F1B0A00205DFDB2DEF68C980AAEB7F4FF48304F15416DE912A7255E731ADA2CB51
                Function 01110A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-1334570610
                • Opcode ID: b5cf4223f25fc89f252b42ed3c5226945bf6228dad8c25d9437f404df1694971
                • Instruction ID: 7ec4390c2485292224b8c04fd0876dc88ad013c0ee89c29be23d27b64ed6f927
                • Opcode Fuzzy Hash: b5cf4223f25fc89f252b42ed3c5226945bf6228dad8c25d9437f404df1694971
                • Instruction Fuzzy Hash: 0F61A931A043019FDB2DCF28C440B6ABBA6FF48704F14856DE4998B286D771E891CB95
                Function 0113C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                Download Yara Rule
                Strings
                • Failed to reallocate the system dirs string !, xrefs: 011782D7
                • minkernel\ntdll\ldrinit.c, xrefs: 011782E8
                • LdrpInitializePerUserWindowsDirectory, xrefs: 011782DE
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1783798831
                • Opcode ID: 1ab8264c74e21f184c1f5946da8ade1b03c0e200086e8f04ec28549899b1499d
                • Instruction ID: 74cc8d37c76934fed1adeae42332d38eae7ad3b78a7dd01fd2348ee25768f837
                • Opcode Fuzzy Hash: 1ab8264c74e21f184c1f5946da8ade1b03c0e200086e8f04ec28549899b1499d
                • Instruction Fuzzy Hash: D8412072504701ABC72DEB28D845B5BBBF8AF84664F00493EF958E3294EB30D840CBD1
                Function 011BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • PreferredUILanguages, xrefs: 011BC212
                • @, xrefs: 011BC1F1
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 011BC1C5
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: 17b65584584d7c3e9c84ea27463022d03e38540fc1d1003ab99d1ca14e10a207
                • Instruction ID: f245a4544c09880a81b262fcef637492fff51f975b7064d0dcd0e8e56dcf73a6
                • Opcode Fuzzy Hash: 17b65584584d7c3e9c84ea27463022d03e38540fc1d1003ab99d1ca14e10a207
                • Instruction Fuzzy Hash: F5418671E00219EBEF19DFD8C881FEEBBB9AB14704F1440AAE609F7240D7749A45CB90
                Function 01194144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: f2f83971e868a4065bd90bc6c6945652cf2ead45a00ec8ea0a8822604c34e93f
                • Instruction ID: e4452f99105487729630bb480e5a18fee5af50e36c682408274b8b723d153d12
                • Opcode Fuzzy Hash: f2f83971e868a4065bd90bc6c6945652cf2ead45a00ec8ea0a8822604c34e93f
                • Instruction Fuzzy Hash: B5413671A002588BEF2EDBD8DA40BACBBB5FF55354F1400AAD921EBB81D7349902CB11
                Function 01184755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                • LdrpCheckRedirection, xrefs: 0118488F
                • minkernel\ntdll\ldrredirect.c, xrefs: 01184899
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01184888
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: 9d5943cb8a46caec800479073441ef2afb3f0baaacb39c0a2e7326584529bcb3
                • Instruction ID: 74012c8be688fefa2d488a450d4e54f52d06889da090507e874c0b468b35d214
                • Opcode Fuzzy Hash: 9d5943cb8a46caec800479073441ef2afb3f0baaacb39c0a2e7326584529bcb3
                • Instruction Fuzzy Hash: 7841C6326147529BCB29FF9CD440B267BE4BF4A650F06856DED9497B15EB30D800CF91
                Function 01110BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: 6c44718911bceb7695ed6152b7405dd5fb3c4c6aba5668d8a079fa91b6a2e9ab
                • Instruction ID: c5bbed57cb789d52d6abf77c0dfe4638689a27f595d17227756484e741a9319a
                • Opcode Fuzzy Hash: 6c44718911bceb7695ed6152b7405dd5fb3c4c6aba5668d8a079fa91b6a2e9ab
                • Instruction Fuzzy Hash: DB113330315102CFDB6DCA18C881B7AF3AAFF45619F1980ADF446CB255EB35D880C756
                Function 011820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • Process initialization failed with status 0x%08lx, xrefs: 011820F3
                • minkernel\ntdll\ldrinit.c, xrefs: 01182104
                • LdrpInitializationFailure, xrefs: 011820FA
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: d4e2b9f856df6bb82324818b57445c662ca7dfbbb498cec1a7cb949dd57c928e
                • Instruction ID: 2739ce66f1667d459695e1074f3142b82ee3d9a4daf6a30fdc11e3b056037d76
                • Opcode Fuzzy Hash: d4e2b9f856df6bb82324818b57445c662ca7dfbbb498cec1a7cb949dd57c928e
                • Instruction Fuzzy Hash: E9F0C275641708AFE72CE64DCD46F9937BCEB40B58F60406DF6506B681D7B0A940CA91
                Function 011103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: aed879fd29ab437cf356379b5998f724a70d335454a7759080dcb96ca79c367e
                • Instruction ID: 5d244d36874fcdb598fa842a89ac1ff24bffc655e70c8a29c297ce6a0e527f4f
                • Opcode Fuzzy Hash: aed879fd29ab437cf356379b5998f724a70d335454a7759080dcb96ca79c367e
                • Instruction Fuzzy Hash: 3B715971A0014A9FDB09DFA8C980BAEBBF8FF18744F154065E901E7655EB34ED41CBA1
                Function 0110A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                Download Yara Rule
                Strings
                • LdrResSearchResource Enter, xrefs: 0110AA13
                • LdrResSearchResource Exit, xrefs: 0110AA25
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                • API String ID: 0-4066393604
                • Opcode ID: fb61ac6f24d62b900d914b4cc9e4dbe440575517978c5701588499d64ec438a3
                • Instruction ID: bbb10179765715cf27783567e57f7796f8bf7e15b2be462cfc3f49a5bd9e2f91
                • Opcode Fuzzy Hash: fb61ac6f24d62b900d914b4cc9e4dbe440575517978c5701588499d64ec438a3
                • Instruction Fuzzy Hash: F9E19D71E00719EBEF2ECE98D980BAEBBB9BF44314F11442AE911E72C1D7B59940CB51
                Function 011CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: 7e9548397967897a5607d0cc589485d6415361d03a08d50725758eaf4bfab4e9
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: 81C1E73120434A9BE72ACF28D841B6BBBE5BFE4B18F084A2CF695C7290E775D505CB41
                Function 0117E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: ad716482f21f4979ac4b69c13d754ac86367df264332d3e902e55cb86dfafe75
                • Instruction ID: 777f4066d3406b579ed7854b11b2c449777d7833b26e018c53ca3f01fd83a2eb
                • Opcode Fuzzy Hash: ad716482f21f4979ac4b69c13d754ac86367df264332d3e902e55cb86dfafe75
                • Instruction Fuzzy Hash: 51614B71E016199FDB29DFA9C840BAEBBF9FB48704F1440ADE649EB391D731A940CB50
                Function 011A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: @$MUI
                • API String ID: 0-17815947
                • Opcode ID: 57e1938c27bde4d75730be99b672d073a6f9847702bef8aef184eafa21d4d085
                • Instruction ID: 04d31c477224af701fc8cd08e53178afc0106e2e20eb7dd0fff0371f845dfd2c
                • Opcode Fuzzy Hash: 57e1938c27bde4d75730be99b672d073a6f9847702bef8aef184eafa21d4d085
                • Instruction Fuzzy Hash: A8515875E0021DAFDB15DFA9DC80AEEBFB8EB04758F14052AEA10B7680D7709A45CB60
                Function 011004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                Download Yara Rule
                Strings
                • kLsE, xrefs: 01100540
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0110063D
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                • API String ID: 0-2547482624
                • Opcode ID: 0658d5aad5df068acf6e4e9e8c0fda63418f97c156f1a5fc40531ea478b4ebee
                • Instruction ID: 92bd8ea9fda9b67737d64f01ad8babae623409cef9a247588b67b75804334438
                • Opcode Fuzzy Hash: 0658d5aad5df068acf6e4e9e8c0fda63418f97c156f1a5fc40531ea478b4ebee
                • Instruction Fuzzy Hash: BA51B1719047428FD72AEF68C8407A7B7E5AF88344F10483EFAE987281E7B5D545CB92
                Function 0110A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Exit, xrefs: 0110A309
                • RtlpResUltimateFallbackInfo Enter, xrefs: 0110A2FB
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: 5ccc9953a8129bc7c5f19903c9eb654e7463607fdaa26067647f292840429f24
                • Instruction ID: 7e5972a6d5783d9e9f2316382dd6677c88898fd573fbc265d8dbaa048975a146
                • Opcode Fuzzy Hash: 5ccc9953a8129bc7c5f19903c9eb654e7463607fdaa26067647f292840429f24
                • Instruction Fuzzy Hash: 6241AC31E08745CBDB1A8F59D840BA9BBB4FF94314F148065E910DB291E7B5D900CB41
                Function 0113A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: 00c744059969314ae524181fa60c0a08f83d966688a6f4baa12fac5f2e068f3b
                • Instruction ID: 5a2b8ccc956ab1646bbba2be6a11931a8868290bdbd84a3c61fe5059e43a0661
                • Opcode Fuzzy Hash: 00c744059969314ae524181fa60c0a08f83d966688a6f4baa12fac5f2e068f3b
                • Instruction Fuzzy Hash: 1301D1B2240700AFD315DF14DD45F1677E9EB84B29F018939A698CB194E334D844DB46
                Function 0110C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: b500bcf85d5cbd7f093bb0f4634867aa2f442d5c499adb751c25462b6fedd243
                • Instruction ID: ca256832cf70e1d9782bcaf7dd9eee4ac156f3d74f2100dc168e4abc18f3ddac
                • Opcode Fuzzy Hash: b500bcf85d5cbd7f093bb0f4634867aa2f442d5c499adb751c25462b6fedd243
                • Instruction Fuzzy Hash: 4C827F75E002198FDF2ACFA9D8807EDBBB1BF44350F1581A9E919AB290D7B09D41CF91
                Function 01186420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 7831e801fb8fb876c745410e4699485f2868c9e5d1357b01109d9386b2c40cf4
                • Instruction ID: 68b9cbab4a3b0498632b9f1c1af1e4cfea9cd204cf2e7fd92f764a688139872f
                • Opcode Fuzzy Hash: 7831e801fb8fb876c745410e4699485f2868c9e5d1357b01109d9386b2c40cf4
                • Instruction Fuzzy Hash: FF916371940619AFEB29EF95CD85FAEBBB8EF18B54F104065F600AB194D774AD00CFA0
                Function 011AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 9844880305e20b2435b968f6e7b7239abafc4cf660e7a366f018eb427826a449
                • Instruction ID: 9ef0d5ccaa41f5694c59170100233ebb6666bbcc88ed896157cde0428c90671f
                • Opcode Fuzzy Hash: 9844880305e20b2435b968f6e7b7239abafc4cf660e7a366f018eb427826a449
                • Instruction Fuzzy Hash: A191BF35902609BFDB2AABA5DC44FEFBFB9EF85754F50002AF501A7250EB349901CB91
                Function 0113A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: 617a395d82045228657dab4f15921c8c5c9c37631f9a6cd7c0e4110780231e90
                • Instruction ID: cf1d48868858b8c7a5c36cc572e478e4474f8acb0c40d55f0774584845fd96e4
                • Opcode Fuzzy Hash: 617a395d82045228657dab4f15921c8c5c9c37631f9a6cd7c0e4110780231e90
                • Instruction Fuzzy Hash: C6716CB5E00B1A8FEF2CCF99D5906ADBBB1BF48750F14812EE505A7345E7319941CB50
                Function 011A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: .mui
                • API String ID: 0-1199573805
                • Opcode ID: 48a6d21ac90960895e36e320dd2a6d5ba4d7c38f3980479a72715c8363d54708
                • Instruction ID: 6f1f4c5d6c62cb1bbfdcfbd11f4f18295d1d0cf056f663cbabd03fc77dc337e9
                • Opcode Fuzzy Hash: 48a6d21ac90960895e36e320dd2a6d5ba4d7c38f3980479a72715c8363d54708
                • Instruction Fuzzy Hash: BE51A676D0032ADBDF19DF99D840AAEBFB4BF08654F494129E912BB640D7B49C01CBE4
                Function 0111E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: EXT-
                • API String ID: 0-1948896318
                • Opcode ID: 67d7db61c4533e620b220a97e89a99e4e1f6ac9c641b06a4f519c4a96a8e32ad
                • Instruction ID: cf24862c44614d8383fb3d5f40fab1642682721c2d084cddd06d98542d6897e4
                • Opcode Fuzzy Hash: 67d7db61c4533e620b220a97e89a99e4e1f6ac9c641b06a4f519c4a96a8e32ad
                • Instruction Fuzzy Hash: 564171725097129BE71ADBB5C840B6BFBE8AF88618F44093DFA84D7184E774D904C793
                Function 0117C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: 488fdd06b4e1fc3d879711585cec84ae2601cf64717268c6a0208da59a48be8b
                • Instruction ID: 53b650a9f5e61cefbc0f8e39263cbbf7df182f0567feabfdc2fe9931e3458330
                • Opcode Fuzzy Hash: 488fdd06b4e1fc3d879711585cec84ae2601cf64717268c6a0208da59a48be8b
                • Instruction Fuzzy Hash: CD4133B1D0052EABDB25DB50DC84FDEB77CAB55718F0045E5AB08AB240DB709E898FE4
                Function 01196B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: #
                • API String ID: 0-1885708031
                • Opcode ID: 2041c08bf6a0a8da179527c83fc3387805d02bf46dc0a89f0a0082d7a6621da1
                • Instruction ID: 3db62b92c6bb4aa9d5de5b92c72980a7bf9c5a2f17db7d93dd8ca9b739115871
                • Opcode Fuzzy Hash: 2041c08bf6a0a8da179527c83fc3387805d02bf46dc0a89f0a0082d7a6621da1
                • Instruction Fuzzy Hash: D7312C31A007599BDF2ADF69C850FEE7BA8DF05704F144028F961AB282D775E905CB60
                Function 0117CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: BinaryName
                • API String ID: 0-215506332
                • Opcode ID: d5ae4b5d65ae1b30bfda67a46ae44b99f26579f87824eaacf23a9747f0548223
                • Instruction ID: bf0a514c989641d9d90358d3f31299661c75cf353447c93d50895b2d5ed7c051
                • Opcode Fuzzy Hash: d5ae4b5d65ae1b30bfda67a46ae44b99f26579f87824eaacf23a9747f0548223
                • Instruction Fuzzy Hash: A531E13690051AAFEB1EDA59C855FBFFBB4EB807A0F124129B905A7350D7309E04DBE0
                Function 0118892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0118895E
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                • API String ID: 0-702105204
                • Opcode ID: fa8236399cfdd90228550f682c70d1b41d4dde4f20f9524743ae59f7a65653cb
                • Instruction ID: b1e0b845226df3a35b4fb5a9929a8fa10cbd3d8e3e33e914ceffeea4d1fcb4a5
                • Opcode Fuzzy Hash: fa8236399cfdd90228550f682c70d1b41d4dde4f20f9524743ae59f7a65653cb
                • Instruction Fuzzy Hash: D6012B36A14206DFEB3D7B5ADC84B667F66EFC1298B44412CF74116552DF206C81CF92
                Function 011A2000 Relevance: .8, Instructions: 757COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: efe895a9c8e8ede6d7748474a60be717b111a0e5f2437a0abe527ce1ee95d175
                • Instruction ID: ce071218bfdc30d9942139d2ce92d01927d0e52c8e80cf577dce58640e0ec19b
                • Opcode Fuzzy Hash: efe895a9c8e8ede6d7748474a60be717b111a0e5f2437a0abe527ce1ee95d175
                • Instruction Fuzzy Hash: A542D3396083419FE72DCF68C890A6BBFE5BF98704F88092DFA8697250D770D945CB52
                Function 01198158 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1d879ea18fb3b7ef76e4bdfd31dbb400148aa3f27a5d0b4851e39e2db07d735
                • Instruction ID: 2c0a17399d7c8caef55c51e29583e02909f959957cff8885f73de8c106dbfad3
                • Opcode Fuzzy Hash: d1d879ea18fb3b7ef76e4bdfd31dbb400148aa3f27a5d0b4851e39e2db07d735
                • Instruction Fuzzy Hash: 7F427D75E102198FEF28CF69C881BADBBF5BF89304F158099E959EB241D7349981CF60
                Function 01112840 Relevance: .6, Instructions: 605COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e0dd4f20ab21955c30b26591a6b8c1931d53099d45a38b7182b3186755e8a11
                • Instruction ID: a5cd469b47fb4a4be99e944845c4311973d35f90d73731ebf0147d472e122d45
                • Opcode Fuzzy Hash: 4e0dd4f20ab21955c30b26591a6b8c1931d53099d45a38b7182b3186755e8a11
                • Instruction Fuzzy Hash: 5A32DF70A007598FDB2DCF69C8447BEBBFABF84704F24412DD4869B284E736A861CB51
                Function 011AA118 Relevance: .6, Instructions: 591COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b7848ffb8c90d26bcb2ec5c3a4455ae98198f2e6473965a941a6c36c2e93452
                • Instruction ID: 29d74f5eeb8cd7b4a89ba37b5743ec4087751c07e8878f59c61bd17bba0bdd93
                • Opcode Fuzzy Hash: 9b7848ffb8c90d26bcb2ec5c3a4455ae98198f2e6473965a941a6c36c2e93452
                • Instruction Fuzzy Hash: 9B22C2786046618FEB2DCF2DE054372BFF1AF45304F89845AEA968F286D335E452CB61
                Function 01106A50 Relevance: .5, Instructions: 548COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 997adbec5a28c35f3e197a5f34e602173e24d6a226e23508f81de0c5a9631235
                • Instruction ID: 61f98d060cdc35b1e32ef11f4a079ef2583f1dd72ef3758db8c51f67822b9e80
                • Opcode Fuzzy Hash: 997adbec5a28c35f3e197a5f34e602173e24d6a226e23508f81de0c5a9631235
                • Instruction Fuzzy Hash: 2332DF70A04205DFDB2ACF68C480BAEB7F5FF88310F248569E956AB391D771E861CB51
                Function 01124A35 Relevance: .4, Instructions: 423COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction ID: d11324c25cb7dcc4a312d90c62711facd3aae156dddbdc1f7044a8fdd4e4ef72
                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction Fuzzy Hash: 9EF19F70E0022A9BDB1DCF99C590BAEBBF9BF48314F058129E905EB740E774D861CB64
                Function 0119892B Relevance: .4, Instructions: 386COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a5764c5b3950422e46bc6cdf8425afac50ea7e37e0dc8268447e8d74fe615ea9
                • Instruction ID: 2645f4e2fe971514e833f0e5c50c981a51dd5ec3062c5dd0b309aa3e5893b202
                • Opcode Fuzzy Hash: a5764c5b3950422e46bc6cdf8425afac50ea7e37e0dc8268447e8d74fe615ea9
                • Instruction Fuzzy Hash: 3AD1F371A0060E9BDF0DCF69C841AFEB7F1AF89304F198169D966E7241E739E901CB60
                Function 011065D0 Relevance: .4, Instructions: 383COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 23734c89afd1d79b845e5bf066da52c5a7d002a449bd066373e7e7b8658f23cd
                • Instruction ID: 7773cd224d417e0ee8007aee72192db6228862d12aa659dbf4f5449f5207a905
                • Opcode Fuzzy Hash: 23734c89afd1d79b845e5bf066da52c5a7d002a449bd066373e7e7b8658f23cd
                • Instruction Fuzzy Hash: C8E1B271A08342CFC71ACF28C480A6ABBE1FF89314F15896DF59587391E771E915CB92
                Function 010F8397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 264d1a5280f98bf75bae78f89090a3e142f17e60c2d670727b92c2568dd88bad
                • Instruction ID: 8814af6c621e5e90218d733f32e36864c2cf1be5ccd7fe6bea1183b8e36ebfe2
                • Opcode Fuzzy Hash: 264d1a5280f98bf75bae78f89090a3e142f17e60c2d670727b92c2568dd88bad
                • Instruction Fuzzy Hash: A3D1E571A04206DBDB18DF69C882BFE77E6BF54304F04852EEA55DB680EB30E955CB60
                Function 01188243 Relevance: .3, Instructions: 322COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction ID: 9a81aa998957efa5f2f5d164652a098793f404f880eeab79b1e076e7becf83b3
                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction Fuzzy Hash: 36B18574A006099FDB28EF99C940EAFBBB6FF84304F94845DAA4297795DB34E905CF10
                Function 01110535 Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction ID: 211a207c707e49a2681694065e0ba8db399019a3b81d317dbe6ed606a35d3221
                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction Fuzzy Hash: C3B12931A00646AFDB1DCB68C850BBEFBFAAF48304F1505A9E652D7285D731DD81CB91
                Function 011083C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f29ad45960eae98ac349d6cf616705e73c7f46264a993e4390560546047d6eda
                • Instruction ID: 8f164748568259bab5c2c254776745f4c1eac025072aae3bf75c6cf6c6601df8
                • Opcode Fuzzy Hash: f29ad45960eae98ac349d6cf616705e73c7f46264a993e4390560546047d6eda
                • Instruction Fuzzy Hash: A0C16870A08341DFD769CF19C484BABB7E9BF88304F44496DE98987291D7B5E908CF92
                Function 010FC427 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab87aecfb6e08d92531bc682c29c7a048b9f454940728754a38ab662bdd58aa6
                • Instruction ID: 1d4ba2b7ba1d12e25fbabfebb745886b562e86387004f6eeb4115db259e0122b
                • Opcode Fuzzy Hash: ab87aecfb6e08d92531bc682c29c7a048b9f454940728754a38ab662bdd58aa6
                • Instruction Fuzzy Hash: 8FB17270A002698BEB68DF58C991BADB7F1EF44744F0485EDD64AE7641EB309DC5CB20
                Function 0112E5E7 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 97e396b801829338eabc56e97039d40dec1a20097253cfa78bdfcc28fa1892e7
                • Instruction ID: 6881a6a70fef207bb3304a5feb19e3d3718c35abfd2f2e795c88ea8a124cf4f6
                • Opcode Fuzzy Hash: 97e396b801829338eabc56e97039d40dec1a20097253cfa78bdfcc28fa1892e7
                • Instruction Fuzzy Hash: 15A13631E0162A9FEB3DDB58D854FAEBBB9FB00714F050125EA11AB280D7749D61CBD1
                Function 01140185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 409a83bfacbee3eb4feb2e7e56e2b939db9919678fae46cd257de53f01be832a
                • Instruction ID: 65e0fb13dbc805a052228f76fadbdf411e7b96cb8952fd2c9114cde117767883
                • Opcode Fuzzy Hash: 409a83bfacbee3eb4feb2e7e56e2b939db9919678fae46cd257de53f01be832a
                • Instruction Fuzzy Hash: 10A1A170B0061A9FDB2DDF6AC990BAAB7B1FF48718F044129FB4597281DB34A855CB90
                Function 011D4500 Relevance: .3, Instructions: 275COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 372aebff1c0cf07eec0cc482f115d0a5346a0c44f47587732468ed82d2dbded9
                • Instruction ID: 1d75b03a36bd7d5125d24e0a16350852bd29dcac293a1591aad06906134e2a18
                • Opcode Fuzzy Hash: 372aebff1c0cf07eec0cc482f115d0a5346a0c44f47587732468ed82d2dbded9
                • Instruction Fuzzy Hash: 8FA1EC72A00612EFD72ADF58C980B6ABBE9FF48758F05052CF5899BA54D334EC41CB91
                Function 011860E0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d84bdd099a23bf2de6e451c46914132246f26f1b69f3f260eaccc7d3bfa4af77
                • Instruction ID: 4f75c706dc8d695ed831f7991ba684bd164267ec09e756da64f6b9f919a6abbb
                • Opcode Fuzzy Hash: d84bdd099a23bf2de6e451c46914132246f26f1b69f3f260eaccc7d3bfa4af77
                • Instruction Fuzzy Hash: F291C371D04216AFDB19DFA8D884BAEBFB6AF49710F158169EA14EB341D734D900CFA0
                Function 0111E3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f61552c13da5b49293af52c1b6590e1ea74b2c44e0c218a8619b6bb79c37adc
                • Instruction ID: 7c5369a45cdebcd1d428986804a28a99807d3e0d262237a94f09fb8b0638f352
                • Opcode Fuzzy Hash: 7f61552c13da5b49293af52c1b6590e1ea74b2c44e0c218a8619b6bb79c37adc
                • Instruction Fuzzy Hash: F9912235A0121ACFEB2E9B98C440BBDFBA5EB84728F058079EE05DB248E735D841CB51
                Function 01156ACC Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a9203942d2d665ba6173dd1d1c7cc2a1e0cb9021c24ee5ad7feb26cdea0f455e
                • Instruction ID: b7e82f3d3008900cebb8757ba3e74c4b40e4e47f0a956f0f1f6acb414c5632d9
                • Opcode Fuzzy Hash: a9203942d2d665ba6173dd1d1c7cc2a1e0cb9021c24ee5ad7feb26cdea0f455e
                • Instruction Fuzzy Hash: 2281A171A0061ADFDB68CF69C850ABEBBF9FB48700F44852EE855E7640E734D940CBA4
                Function 011CAB40 Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction ID: 71ef2a620b2b1500d4df7104cf852ad6e0c41a6c57e7f7d0658f36aabb8aacd4
                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction Fuzzy Hash: DB819031A002099FDF1ECF98D890ABEBBB6BF94714F19856DD9169B344EB34E901CB44
                Function 010F6D10 Relevance: .2, Instructions: 216COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6303a00ec2d3fefccf54322f9ffc9c9e485f20a01a1c1e98b94415fc1556b0ac
                • Instruction ID: a967a6921860b8843fdd8892a1438075b3b728f2534a4b8d24b4d14527051793
                • Opcode Fuzzy Hash: 6303a00ec2d3fefccf54322f9ffc9c9e485f20a01a1c1e98b94415fc1556b0ac
                • Instruction Fuzzy Hash: BE71AF7160470ADBDB69CF19C980B6EB7E4FB48358F05492AEE65D7200E730E984CB93
                Function 0113E284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3f902ff745dfdd7dc117b70930520b264288d022edcbb697fb6969f2cebff559
                • Instruction ID: 592a234e654cc0e08836fbfe4bb2f25ff3dbe980c98703d731e476e6069bcd80
                • Opcode Fuzzy Hash: 3f902ff745dfdd7dc117b70930520b264288d022edcbb697fb6969f2cebff559
                • Instruction Fuzzy Hash: AD816071A05709AFDB2ACFA9C880BEEBBF9FF88354F104429E555A7254D730AC45CB60
                Function 0111C640 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 47d6270a8b9ec87e2f200308fe25c7898a1f99ecb65f317e703c719ff014aafd
                • Instruction ID: 6bd578eb8152a35d6837f2f241fc134be253ef32756ac230b80e4ea7395bee61
                • Opcode Fuzzy Hash: 47d6270a8b9ec87e2f200308fe25c7898a1f99ecb65f317e703c719ff014aafd
                • Instruction Fuzzy Hash: 4871DAB58046699FCB2D8F58D8907BEFBB4FF68710F15412AE952AB354E3719810CBA0
                Function 011B47A0 Relevance: .2, Instructions: 202COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 01cbd3b6650bff6665442f8a10db62bafe0a28ca072e15927b4ae3ed08bcca02
                • Instruction ID: 22fe3c86a9c02827aa70d7f5443a46787a0c74a6a08390e6dfd53ae0e8fd037b
                • Opcode Fuzzy Hash: 01cbd3b6650bff6665442f8a10db62bafe0a28ca072e15927b4ae3ed08bcca02
                • Instruction Fuzzy Hash: A2719370900205EFDB2CDF69D680ADEBBF4FF84304B14C16EE652A7699D7319980CB54
                Function 0111260B Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f6c2b6e34bcce6d5c18ac1230d84a3cc7ad5d15df4d7f3a5fa1d854c7f55e9d
                • Instruction ID: bf10dd2c29c18acd83efbe71a84323e9a1d72aeade9f0b6e5c356a01c80d56e6
                • Opcode Fuzzy Hash: 5f6c2b6e34bcce6d5c18ac1230d84a3cc7ad5d15df4d7f3a5fa1d854c7f55e9d
                • Instruction Fuzzy Hash: E971B1356046428FD31ADF28C480B6AF7E5FF84314F1585B9E8998B39ADB34D846CB91
                Function 0118035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: ea1113e6e235ee744b1fd4cc8daa7c77ec3f92dc45bb4915a3f92f7156307f8b
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: FC718E71A00619EFCB14EFA9C984EDEBBB9FF48714F108569E505A7250DB30EA45CFA0
                Function 011962A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f61096ed63437951dc51e24402476e3f185a55553b51a7a18697c7b6cba4a4fb
                • Instruction ID: eb7f5542659601eb5e27acc99237c789c1eb02b40f717f8bc36c93e90774178b
                • Opcode Fuzzy Hash: f61096ed63437951dc51e24402476e3f185a55553b51a7a18697c7b6cba4a4fb
                • Instruction Fuzzy Hash: F071F432200B01EFEB3ADF58C854F5ABBE6FF40764F154428E669972A0D775E944CB60
                Function 01108AA0 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e84219e9d54467ef1b9a19f5876995297d13f74bc453f1e9ae770cb28dee981
                • Instruction ID: 401dac8eb05a54297750f604338aef5bc685b15f4d5bc3c3098810d4e4239931
                • Opcode Fuzzy Hash: 8e84219e9d54467ef1b9a19f5876995297d13f74bc453f1e9ae770cb28dee981
                • Instruction Fuzzy Hash: BE81EC72E087168FDB2DCF9CC484BAEB7B5BB48314F16412DD904AB281C7B69D90CB91
                Function 011BA250 Relevance: .2, Instructions: 184COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a2f49f711dd489adda04e323e56ad614743483a71251099ebcd69e7303cab37
                • Instruction ID: 715e33dbde00a742be9f26d8b55c2ee570113161b77d58cefe4c0c63eee324e3
                • Opcode Fuzzy Hash: 9a2f49f711dd489adda04e323e56ad614743483a71251099ebcd69e7303cab37
                • Instruction Fuzzy Hash: C751CE72504712AFD329DA68D884F9BBBE8EFC4B14F054929FA80DB150D734ED05C7A2
                Function 011A8350 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 70b41575769b86b3aa952505a8647828fe94f261745bf88a5a7aff46fe0f3f43
                • Instruction ID: 6e06e0e4b1b73116dc132742e8bb6d7a07b74b5bd3908f23383a3ada95d687d0
                • Opcode Fuzzy Hash: 70b41575769b86b3aa952505a8647828fe94f261745bf88a5a7aff46fe0f3f43
                • Instruction Fuzzy Hash: 0551BB749007059FD729CFAAC880BAAFFF8BF94714F50461EE292976A0C7B0A545CB90
                Function 0113E443 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 260eb5f1d2afbc8e1ca67e9bf73e6d6ea98da10f0154f19a87dc12895cfea5c1
                • Instruction ID: f7214d4b8e19376c2cc3a94ea4eef18c38ee0dc44ad4f142dbfbc7f226a78711
                • Opcode Fuzzy Hash: 260eb5f1d2afbc8e1ca67e9bf73e6d6ea98da10f0154f19a87dc12895cfea5c1
                • Instruction Fuzzy Hash: 5E51BB31200A05DFCB2AEF69C980FAAB3F9FF58768F41042AE55187264E730E945CB50
                Function 011A4180 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 74a36902e84994d6b068a6ce37b4dcb655e55bd78f9b28fae8d04852ecc129f8
                • Instruction ID: 87e2c2abffccd21a9c94ffe10d32be789041160b8db12e5f74da0c2f27ed1be1
                • Opcode Fuzzy Hash: 74a36902e84994d6b068a6ce37b4dcb655e55bd78f9b28fae8d04852ecc129f8
                • Instruction Fuzzy Hash: 8F51BC796083128FD348DF29C880A6BBBE5FFC8208F88492EF589C7650E770D905CB52
                Function 011245B1 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction ID: 02dbea90c4ee5d26d2ab9fca796d157720f30843953dfa760b22ddf3f5af61e3
                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction Fuzzy Hash: 0051CE71E0062AABDF19CF98C440BEEBBB9EF45354F04406AEA11EB240D774DD54CBA4
                Function 0118E9E0 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction ID: f1edbfe70f1f7ed8b4401ba7f2d8702dc29499585724252b05a02f7535ef6b7e
                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction Fuzzy Hash: E751C731D0121AEFEF29BF94C890BAEBB75AF01728F158665E91267190D770DE40CFA1
                Function 011C8B28 Relevance: .2, Instructions: 152COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f7731daa7053c58dc9e14ed2d0996d83989b7c035a3f13d0b3c988e2bc3b3c61
                • Instruction ID: e1e31a58ad587872d8da5210c1d7bdf23763ccd85b9ec0d11d1584401d6af527
                • Opcode Fuzzy Hash: f7731daa7053c58dc9e14ed2d0996d83989b7c035a3f13d0b3c988e2bc3b3c61
                • Instruction Fuzzy Hash: 6141C4707016119BD72DDB2DC8D5BBFBB9AEFA0A20F04822DE955872C1DB34D801C695
                Function 0118CBF0 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 353dd9475d9b09a756632ebf65629bdc82adb578a3b327ac7806c91042dc884d
                • Instruction ID: 359ed006cc34afd5d8420db3b20067323dca2e3b11e54d2f76a2a7a295bac191
                • Opcode Fuzzy Hash: 353dd9475d9b09a756632ebf65629bdc82adb578a3b327ac7806c91042dc884d
                • Instruction Fuzzy Hash: 9D519075900216DFCB28EFA9C980ADEBBBAFF48358B11852AD515A7704D730AD41CFE0
                Function 0113A430 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1fe42b5b75a8c92d085cdf860b817fa14285f01367d18a0728bfe66b8e71d417
                • Instruction ID: 500a7a4e8bd91f5df36d01de6b80cf2503056984e959d0d5bc40a8f383e43cb1
                • Opcode Fuzzy Hash: 1fe42b5b75a8c92d085cdf860b817fa14285f01367d18a0728bfe66b8e71d417
                • Instruction Fuzzy Hash: A141E475640205ABDB2DFF6DA881F6A7775AB9470CF01003DFE52EB24AE7719840CB91
                Function 011CA9D3 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction ID: 8e002a0edf30e03447d087e1636ea48494708e313884dd854daad6ad3c3dd0e8
                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction Fuzzy Hash: F541F83160171A9FC72ECF5CD980A6AF7A9FFA0614B05462EE91287244FB30FC14C790
                Function 011301F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a270da78f7671ca40d22c160885a67831db624735520a6f84eb5bd60ca843c94
                • Instruction ID: 7adc519bd550502b2ce69cd080484e7d2c039b4d1a8815f96a9bf6fe711e32d2
                • Opcode Fuzzy Hash: a270da78f7671ca40d22c160885a67831db624735520a6f84eb5bd60ca843c94
                • Instruction Fuzzy Hash: 3541CA36A00219DBDB18DF98C440AEEBBB4BF8C714F15816AF81AE7344E7359C41CBA5
                Function 0112EBFC Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e031572c8b4047dad1887f22ca384dd7c31d7e09540c9bc2b28f21229f046aa
                • Instruction ID: b785892a91b38fcd4dc5d25a61aa2bd903352489c1cb37a0ded2889b0f62b073
                • Opcode Fuzzy Hash: 0e031572c8b4047dad1887f22ca384dd7c31d7e09540c9bc2b28f21229f046aa
                • Instruction Fuzzy Hash: 6E41B1712053029FD72CDF68C880A5BB7EAFF98228F11483EE556C7615DB31E865CB51
                Function 01142750 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction ID: 70a03c14a1337ea8d92bbe37ec1d9a8ad9109f6a40654c3f69077fd075752ec3
                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction Fuzzy Hash: F4517C75E00215DFCB19CF58C480AAEF7B2FF84710F2881A9D916A7351D730AE82CB90
                Function 01106154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be677f2d92ec14ece1c775211e53261145d0f7b8aeb56a869734b1583f7b713d
                • Instruction ID: a39bf81026b61233070fc343a764a12096bd82cb65cd0106ea3acbd09f028353
                • Opcode Fuzzy Hash: be677f2d92ec14ece1c775211e53261145d0f7b8aeb56a869734b1583f7b713d
                • Instruction Fuzzy Hash: 8251D770D00217DBDB2E8B68CC00BE8BBB5EF15318F1482A9E529A76D5D7755991CF40
                Function 01100BCD Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0b9a0b6109c9ec6598e85ac53f7eedb946a7855e3fefd39b01f5544bbfd4b69
                • Instruction ID: 987f720168ef1bc2f05cfd4eaffc883c7a1951850165080302f86ddfaa8239ec
                • Opcode Fuzzy Hash: c0b9a0b6109c9ec6598e85ac53f7eedb946a7855e3fefd39b01f5544bbfd4b69
                • Instruction Fuzzy Hash: 4E419331E01228DFDB6ADF68C940BEEB7B4EF49750F0100A5E908AB281D7749E80CF91
                Function 011C866E Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction ID: 5cccb5719598c8480ef1dd91e77d9c8929dae0bee553428a32c253557e7fd084
                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction Fuzzy Hash: 0841A475B00215ABDB19DF99CCC5ABFBBBAAFA8A14F14406DE904A7341D770DE01C7A0
                Function 01100887 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8651ba3dd8b264849c4076519cff74b9e9bca72e03dee511dfe488cd330f45e
                • Instruction ID: 0374210e919e503dcb313535b134d69bdd3f9be6d194d783570a7be9e853ffd1
                • Opcode Fuzzy Hash: d8651ba3dd8b264849c4076519cff74b9e9bca72e03dee511dfe488cd330f45e
                • Instruction Fuzzy Hash: 6941B070A007029FE72ECF28C480A26B7F5FF49354B104A7EE55B86A90E770E945CB91
                Function 0112A470 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a555854442f8bbc1faa4f82bea41796c7d5ecb29d5a2e001e9d67d6f991325e2
                • Instruction ID: 964f002987920a45fa67aa9a9e1828dc710adc92cfb6b64322e76033d63b20b8
                • Opcode Fuzzy Hash: a555854442f8bbc1faa4f82bea41796c7d5ecb29d5a2e001e9d67d6f991325e2
                • Instruction Fuzzy Hash: CD41F131941224CFDB2DDF6CE8547AE7BB0FF18314F050169D421A7A95DB35D9A0CBA1
                Function 01108BF0 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9d3281f58d02fe6d1ffce932ba1937b0c7d5bfbcbbc35b9aba3ceaf6a2a9edec
                • Instruction ID: 60ad3ec9887ce52531b0ee47b8a9a5946851ba37c08c66a76201a1559b872767
                • Opcode Fuzzy Hash: 9d3281f58d02fe6d1ffce932ba1937b0c7d5bfbcbbc35b9aba3ceaf6a2a9edec
                • Instruction Fuzzy Hash: 4A411432D04202CBD72E9F4CC940AAFBBB5FB94704F15812DD9155B685C7B5D882CB91
                Function 010F8918 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 55069208154b274848dc8f2101738f256ae9afd5f94b55dc5046c3ecd07764ac
                • Instruction ID: 5a5ad10508aeafd0fed6f27fd2b285c312cc0503d8ce1cb95b4a9b2e6048e1fb
                • Opcode Fuzzy Hash: 55069208154b274848dc8f2101738f256ae9afd5f94b55dc5046c3ecd07764ac
                • Instruction Fuzzy Hash: FD419A3150C7069ED316DF28C881AABB6E9EF84B54F04092FFA90D7250E730CE048BA3
                Function 010FA020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: 0c486bdcc48f7f62a6730867d67851601106a9cc59a287028c8730b4c40dddf8
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: 5F415B31B08211EBDB59DE5884417BEBB72EB50764F15806FFE988B640D7368D80CB92
                Function 011009AD Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0af30193422e9be4dfc6b856db31b034e227c483257e4b2cbb074df145fdf13
                • Instruction ID: 5d686c1755b64da1ac133113274882ff56c6a79e19cc3fab4edd9502f8627064
                • Opcode Fuzzy Hash: c0af30193422e9be4dfc6b856db31b034e227c483257e4b2cbb074df145fdf13
                • Instruction Fuzzy Hash: 7541A171A00701DFD72ADF18C840B26BBF5FF58354F21856AE459CB291E7B1E981CB91
                Function 01130710 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction ID: 57f63d0519a1ea98d8fd795317cd865d3594bd10b46090eecb75e298a76cdb1b
                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction Fuzzy Hash: 60415F71A00B05EFDB29CF98C990AAABBF4FF58704B11496DE596E7254D330EA44CF90
                Function 0110262C Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 02d451eff69526eb1eaf6d4574c50f0900af19ee2a6ade4b51731a5e2d836662
                • Instruction ID: 1ced5374bbd070e17630b4a485022f8e72d1fe3238670a855865d5fa4b7a81a1
                • Opcode Fuzzy Hash: 02d451eff69526eb1eaf6d4574c50f0900af19ee2a6ade4b51731a5e2d836662
                • Instruction Fuzzy Hash: 3F41AEB0901705DFCB2EEF28C904B69B7B2FF54314F2581ADC9169B2E1DB70A981CB51
                Function 0113C8F9 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 32057c60002cec4beb3a4d0ebc7f57eef5e8709b709e5d943dd1581e384d8644
                • Instruction ID: 5b711465dedcaadce59de9892e8504f2abff938609c510ea3f8927b4ff352f0e
                • Opcode Fuzzy Hash: 32057c60002cec4beb3a4d0ebc7f57eef5e8709b709e5d943dd1581e384d8644
                • Instruction Fuzzy Hash: 64318BB2A00355DFDB59CF58C440799BBF0FB49728F2185AED119EB251E3769902CF90
                Function 011807C3 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c95c0fc71ac0cfec71e1a9e4e4824d0728da203058f4acb29f7d67ef5a569785
                • Instruction ID: 04e07e19b93e53fe34819320ba6ad5563aab2833de336f69253e78cff045ef99
                • Opcode Fuzzy Hash: c95c0fc71ac0cfec71e1a9e4e4824d0728da203058f4acb29f7d67ef5a569785
                • Instruction Fuzzy Hash: B64192719183059FD324EF29C845B9BBBE8FF88654F008A2EF5A8D7251D7709944CF92
                Function 011805A7 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af85284cd850cd3cd9b3313ce398a0dc4699f6fdb5b69bdab09f57890717b595
                • Instruction ID: a721aff7ad8003ce390b8b09b6800b58a86fdf4a6d08c41725258596adfb976c
                • Opcode Fuzzy Hash: af85284cd850cd3cd9b3313ce398a0dc4699f6fdb5b69bdab09f57890717b595
                • Instruction Fuzzy Hash: 6341B4725046459FD328EF68C840A7AB7E5FFC8704F24462DF99497680E730D909CBA6
                Function 01104859 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6f3a81fc19ed2aa33fdb485d237150e2b32a7b2e4bfb443c620a3408414dbb08
                • Instruction ID: 4d900118cd15febef85835a49e49745f70ed4d51020a98f306cb62c8e8a32c47
                • Opcode Fuzzy Hash: 6f3a81fc19ed2aa33fdb485d237150e2b32a7b2e4bfb443c620a3408414dbb08
                • Instruction Fuzzy Hash: BD41B270A043028BD72EDF18D894B26BBEAEF84364F14443DE6558B6E1EBB0D941CB91
                Function 011102E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: ed41c41a25f527c0c21164cdb5d45dd08b485c51171c3db0459b5c1583f52d10
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: 3E312831E04645AFDB1A8B68CC40B9BFFE9AF18350F044576F815D739AC7749984CBA1
                Function 011AE3DB Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 638130e678c61d932fab04fba16bd2366ee9c62db4e2e02432189e00640d21b6
                • Instruction ID: 5cefd4e922adb08d81f9419a885f5fb5d2bb1f2cb63873351028b605d712c086
                • Opcode Fuzzy Hash: 638130e678c61d932fab04fba16bd2366ee9c62db4e2e02432189e00640d21b6
                • Instruction Fuzzy Hash: 4631D775751716ABDB2A9F658C41FAB7AB9EB58B54F400038F600EB285DBA4DC01C7E0
                Function 011B4B4B Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9fa50ad4b557061dbdc45b6e894ba2c58c27e53585a42ea2829ad3d95c2c867d
                • Instruction ID: b3ca2cfb6884a930169836fa990fe7e8e8ff0f274d1867bedae962d5df5d0d32
                • Opcode Fuzzy Hash: 9fa50ad4b557061dbdc45b6e894ba2c58c27e53585a42ea2829ad3d95c2c867d
                • Instruction Fuzzy Hash: 4131D6322052018FC329DF1DD9C0EAAB7E5FB81764F19847DE9968BA56D730E840CF91
                Function 01104260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42087c7cd5dc227c2bd3f17fb84ae154c77f42a0da467e3eda69893a122b719a
                • Instruction ID: 0c01410d2cdfaee219cfcf5a0d99b8b87d9594e784b27ee02cfb47e8356c6e03
                • Opcode Fuzzy Hash: 42087c7cd5dc227c2bd3f17fb84ae154c77f42a0da467e3eda69893a122b719a
                • Instruction Fuzzy Hash: 6841D131600B45DFD72ACF68C480BD6BBE9BF48718F01882DF6998B690C7B1E854CB50
                Function 011B4BB0 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abb18230da5cd92b27f9653134b0875e1fbac3b7090ab23c6266bc11f07878a0
                • Instruction ID: 44d8137c13d8b0ce418a2c54fce87dd51930612fc323e3f4b5b6ca17c481183a
                • Opcode Fuzzy Hash: abb18230da5cd92b27f9653134b0875e1fbac3b7090ab23c6266bc11f07878a0
                • Instruction Fuzzy Hash: F031A1716042018FD328DF28C8D0AAAB7E5FB84B20F15856DF9969B692D730EC44CB91
                Function 0117EB1D Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ae9ee75a6a80ef485ae50728ef07b4b47b6c35df29da0dfa56e045ba40f8e4fc
                • Instruction ID: 98d3ea19e153141b92219588725af375006493cfcd66fab7bd7123381e5c20f4
                • Opcode Fuzzy Hash: ae9ee75a6a80ef485ae50728ef07b4b47b6c35df29da0dfa56e045ba40f8e4fc
                • Instruction Fuzzy Hash: 6631C4313026869BF72E576CC948B25BFE9BB45B58F6D00F0AB459B7D1DB28D841C231
                Function 011C61C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 159cfcb524a42742942f6a6996be915012b583bc1f0d35010cddba7992fae932
                • Instruction ID: 04e2bb7beabce3918b1a500b2422c7eaeae21477559152b96fbaf4a6afb297c4
                • Opcode Fuzzy Hash: 159cfcb524a42742942f6a6996be915012b583bc1f0d35010cddba7992fae932
                • Instruction Fuzzy Hash: 5B31CF76A0025AABDB19DF98CC40FAEB7B6FB48B44F454169E900EB344D770ED41CBA4
                Function 011A483A Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 173a74faae52f84fcae061927b0ae0d873043d5ccc676616d408650c1f2e8fc4
                • Instruction ID: b51e31e28950d19ce33f54d4c8af7776807f475c572a17b4098c5fd89e008c93
                • Opcode Fuzzy Hash: 173a74faae52f84fcae061927b0ae0d873043d5ccc676616d408650c1f2e8fc4
                • Instruction Fuzzy Hash: B2316176A4112DABCF25DF54DC84BDEBBBAAB9C310F1400A5A508A7250DB70DE91CF90
                Function 0112EB20 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 67b5f67e619f1e2f4dd8a9dbe07fff447a9b3fa90ab67f714a50b2cc73bd2f61
                • Instruction ID: 250ed16c64ba80bfa9ff1de77443445a9aa12b877c70c125c4377f810feaba96
                • Opcode Fuzzy Hash: 67b5f67e619f1e2f4dd8a9dbe07fff447a9b3fa90ab67f714a50b2cc73bd2f61
                • Instruction Fuzzy Hash: C931E732E01625AFDB39DFA9CC40BAEBBF9EF08750F014425E915D7250D3709E108BA1
                Function 011C60B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0c0a83666a237ac6b95f926f72a265169d08e7148ed0df8af458bbd41ba459bd
                • Instruction ID: cc355575779df9de4da32cae77e25cccc9be7bec0de16d7be9d9b3ae9b063516
                • Opcode Fuzzy Hash: 0c0a83666a237ac6b95f926f72a265169d08e7148ed0df8af458bbd41ba459bd
                • Instruction Fuzzy Hash: 1C31C271A00616AFDB1E9B99C850B6EB7B9AFD4B54F11407DE515EB342DB30DC01CB90
                Function 011007AF Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ec9b8ed4e6f9c937cc59594efa24e0b11c99201c0028485ee0f097d51de0c48b
                • Instruction ID: ae1a633613934e1072364b5024d9d63d07d1814cc9d4ee6079f5a50d45f8ccba
                • Opcode Fuzzy Hash: ec9b8ed4e6f9c937cc59594efa24e0b11c99201c0028485ee0f097d51de0c48b
                • Instruction Fuzzy Hash: 8E31D632E05612DBC71BDE248840BABBBA5BF98290F02452EFD5997290DB70DD1187D2
                Function 01108550 Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 76882210aae8a2d29a571a33b71b4777e27b3591930ff5f039994cf16bca70e4
                • Instruction ID: 9cb23e00de29833326e0b3451f5b1750ad884a3967282692cf257f83e08c2084
                • Opcode Fuzzy Hash: 76882210aae8a2d29a571a33b71b4777e27b3591930ff5f039994cf16bca70e4
                • Instruction Fuzzy Hash: 5A318F71A093018FE729CF19C840B2BFBE9FB98700F05496DE98497391D7B6E844CB92
                Function 0113A6C7 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction ID: ceeac5125d451ed2e4a479d68b49499895eef47c1f13f12f5c46e5fb8ecfd970
                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction Fuzzy Hash: 27312CB2B00B01AFE769CF69DD81B57BBF8AF48A50F04052DA59AC3750E731E900CB60
                Function 011AEBD0 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 53c20f538ce3879964f76c94f1485f2188dbc54c25dc02adfa1c66ae77129b70
                • Instruction ID: b62203cde464d1d85f7a7fc1a71e17f8ffeb0c2774c1ae28d43961c8b6eb774b
                • Opcode Fuzzy Hash: 53c20f538ce3879964f76c94f1485f2188dbc54c25dc02adfa1c66ae77129b70
                • Instruction Fuzzy Hash: F031CE75606342CFCB19DF19C54095ABFF1FF89218F4449AEE4889B259E330E945CF92
                Function 0112438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b80820023ebd548fa8717e95f16032f08f02ed69c2dda9476bffa056dc9ef3e6
                • Instruction ID: 403fb1b8ca49f741bbf8420a710fc7150183418ee436530a9fcf1b76fe912d41
                • Opcode Fuzzy Hash: b80820023ebd548fa8717e95f16032f08f02ed69c2dda9476bffa056dc9ef3e6
                • Instruction Fuzzy Hash: 9C31F432B00665DFD72CDFA8C880A6EBBFAAF80308F008429D115D3A54E730DD51CB91
                Function 010FCB7E Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction ID: 9b97f71ba3c2ed6e6b9fc2ddd18a102a200934a6d931795cda49bc0304a82efb
                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction Fuzzy Hash: 1E212236E4425EAAEB049BB9C812BEFBBB5AF00740F058139DE65E7240E370C90087E0
                Function 010FC156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abafc62ef5619a453739e4573f401ee1bb40cf048439db85917dd89f300f87cf
                • Instruction ID: 6cb58cd4f444bdb3a6fd5db7bcd0da02bcea7ee9b85fab041abd16eb9007648e
                • Opcode Fuzzy Hash: abafc62ef5619a453739e4573f401ee1bb40cf048439db85917dd89f300f87cf
                • Instruction Fuzzy Hash: 2C3159B1500201CBDB79AF68DC41BA9B7B5AF40318F5481ADDD959B386EB34D982CBA0
                Function 011BC3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: 67a7d5202d9a0c91cf67503bb7ee5df333b006f6f490dd391bdd2557c0887b68
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: 80212D3A600652B7CB1DAB95C840BFABBB4EF90714F40841AFA95C7551E738DA40C3E0
                Function 010FE420 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e4a93292022c7175b13f6aa9a48d2f8d1706be79430232b366ee321d6349f268
                • Instruction ID: ac29b3980854940b52929207d94d7e8b68a8cb305666da4d073bc516bdf7a857
                • Opcode Fuzzy Hash: e4a93292022c7175b13f6aa9a48d2f8d1706be79430232b366ee321d6349f268
                • Instruction Fuzzy Hash: DD31C731A0151C9BDB359F18CC42BEEB7B9AB15754F0200A9E795A75A0D774AE808F90
                Function 01134588 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction ID: 065f5866db5f5ab8d76649b3fec3c630fd8f782b8727a7c143753e059f7c222d
                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction Fuzzy Hash: 3E21A172A00609EFCB19CF58C980A8EBBB5FF88714F1080A9EE159F645D770EE05DB90
                Function 011344B0 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cbdbf8a1fa07e17149493d8967fe32626d5db9f03302a5e7689f5828ec401119
                • Instruction ID: ea436e5daea308c465f949bfaa6ce32792647f02a0b573910033553813a91547
                • Opcode Fuzzy Hash: cbdbf8a1fa07e17149493d8967fe32626d5db9f03302a5e7689f5828ec401119
                • Instruction Fuzzy Hash: 7521C372A047459BC72ADF18C840B6BBBE4FFC8760F014529FD559BA85D730E9018BA2
                Function 010FE388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: 4f8df180fae0c86c2476129e759d38c25d5c2fee49e4ac898d7ca235d7190e09
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: BB318B31600605EFDB25CB68C885F6AB7F9EF85354F1145A9E652CB6A0E730EE02CB50
                Function 0117E609 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ceeb595b599ebfcef676fe5b04247f19973911d3a5ee14bdc09f677131d0de0b
                • Instruction ID: 622653c5d31829773a25ef9d80767806299095580782336dae76ae9e811e9646
                • Opcode Fuzzy Hash: ceeb595b599ebfcef676fe5b04247f19973911d3a5ee14bdc09f677131d0de0b
                • Instruction Fuzzy Hash: 32315A75A012059FCB1CDF18C8849AEB7F6FF88304F158499F80A9B391E771EA51CB91
                Function 011806F1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9997bd9d4ee99edd8899ce6a0c1d4bcd7575df306bf2eecd64f59334b13f3a12
                • Instruction ID: 9bc712e9eab8f60f459273b67fab3361d675af24e32766430ce83716149925ba
                • Opcode Fuzzy Hash: 9997bd9d4ee99edd8899ce6a0c1d4bcd7575df306bf2eecd64f59334b13f3a12
                • Instruction Fuzzy Hash: C421B1719005299BCF18EF59C881ABEB7F4FF48744B554069F541EB240E738AD41CFA1
                Function 0118019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 534d3c4c16cd0329de72dde8939f1ff1934a4c20a3954d5ab24e56381590c985
                • Instruction ID: 94ab5cc208cfef1505e83f707256f396c03a4b282f99f86a11d336546aee97dd
                • Opcode Fuzzy Hash: 534d3c4c16cd0329de72dde8939f1ff1934a4c20a3954d5ab24e56381590c985
                • Instruction Fuzzy Hash: 9121BC71600649AFDB19EBACC840F6AB7A8FF88754F144069F904D7690E734ED40CBA4
                Function 01180283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96d0ae92a5cc33e88c76ac4f05eb91692f3e88a6821c2ad9ffe2028edf201ae2
                • Instruction ID: f12de5157ed12e98ffffb201a3fd888f4ed6f6181eceb7e635e286c4dfed1011
                • Opcode Fuzzy Hash: 96d0ae92a5cc33e88c76ac4f05eb91692f3e88a6821c2ad9ffe2028edf201ae2
                • Instruction Fuzzy Hash: 7421227290834A9FD719FF5DC844B5BBBECAFA4254F08846ABD90C7251D730D908CAA2
                Function 01122835 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4be600691ba79d786159136aa2ff7db7e907ce872a572df62b3d462e5bbfa8c5
                • Instruction ID: 4d9b2cd00acf9da699aad9c5b0344bf22a45587301a14dc99dbdb25ef3d36f88
                • Opcode Fuzzy Hash: 4be600691ba79d786159136aa2ff7db7e907ce872a572df62b3d462e5bbfa8c5
                • Instruction Fuzzy Hash: A3213B327056919BE72E572C9C04B2C7BD9AF41B74F190364FA30AF6D6DBB8C821C211
                Function 0113A30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9cf5f58a5d53d6502ea71c9de68197d380737e08ffed75e2073c86f06f8577ca
                • Instruction ID: e2e9377c16a9b89db88316f076ef20c200e8762f984126bebcae50bb47dd105d
                • Opcode Fuzzy Hash: 9cf5f58a5d53d6502ea71c9de68197d380737e08ffed75e2073c86f06f8577ca
                • Instruction Fuzzy Hash: AD21A739200A019FCB29DF29C900B56B7F5BF48B48F24846CA559CBB69E371E842CF94
                Function 011BA49A Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 576492eb189c9864532611a0afa878af166daf62a407cad5826781f22edcb81f
                • Instruction ID: 7b7d3c38ccba49cd3b32ccd86a8a6e17691aed8580656325c3b7308d232bab70
                • Opcode Fuzzy Hash: 576492eb189c9864532611a0afa878af166daf62a407cad5826781f22edcb81f
                • Instruction Fuzzy Hash: 76113A32340A117FD32A5654AC80FABB6D9DFD4B60F510128FB09CB180EB74DD008795
                Function 01180946 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d237e3d0989c4180d77fc383d0ad89d38df1c6fcfdf6bbb2798284d9b4aa65bc
                • Instruction ID: 37d3fa6f6469880e99578128d92e5e5829282f7c82eb7e27848f1ca3c6123e4d
                • Opcode Fuzzy Hash: d237e3d0989c4180d77fc383d0ad89d38df1c6fcfdf6bbb2798284d9b4aa65bc
                • Instruction Fuzzy Hash: D321E9B1E00209ABCB24DFAAD981AAEFBF9FF98710F10412EE515A7240D7709945CF54
                Function 011980A8 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction ID: e822cf8e114dd53d62814f25a4641659b0775cb10d96c48f9957b8fb8d62e6ec
                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction Fuzzy Hash: AF218EB2A00209EFDF169F98CC40BAEBBB9EF89350F21442AF920A7251D734D9518B50
                Function 01130124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: 431ad3726fc0a5b6a9b0dc1f6993693391567ad6c919703fc4d9e1c388a549a9
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: 4F11EF73601605AFEB2ADB48CC81F9ABBB8EBD8B58F100029F6019F190D771ED44DB60
                Function 01108770 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 47fd59f6c9c8341e76a373517899a7aba59e7e0abcf6da99b2a3252d51be855c
                • Instruction ID: 592f99660af731bef47f5903a3146d97d076b56a82b19a5a8ef0fbff576540e1
                • Opcode Fuzzy Hash: 47fd59f6c9c8341e76a373517899a7aba59e7e0abcf6da99b2a3252d51be855c
                • Instruction Fuzzy Hash: 1811B231F04A119BDB1ACF4DC480A56BBE9AF9A714B19407DEE089F289D7F2D901CB91
                Function 0113AAEE Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction ID: 0f8495f22f68693b3b16a3fef5aa9a263b9bd5490e598b41e90eaa03ae2050c6
                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction Fuzzy Hash: 3E215772600A41DBD72D8F49E540A66FBA6EFD4B10F15887AE98AD7618C731EC01CB80
                Function 011080E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15e44d5dedcf79320ede84c52d31e8bb20e65b12dc202a495e8513a9a0a23658
                • Instruction ID: 665ed3effeebec54d520a117ff0bc4ef67b47bde4fa7166a31293061424d04c8
                • Opcode Fuzzy Hash: 15e44d5dedcf79320ede84c52d31e8bb20e65b12dc202a495e8513a9a0a23658
                • Instruction Fuzzy Hash: B3214975E04206DFCB19CF98C581AAABBB6FF89318F24416DD105AB355CBB1AD06CBD0
                Function 0113674D Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 540f7a7170456757debe46b30d43d9a76fedd4ea4bca894fdbe5571b07a7c9b5
                • Instruction ID: 9ca437a181bcb645bb37f8e08ca33940e290bccfccae5503388a2b77b6e46e9b
                • Opcode Fuzzy Hash: 540f7a7170456757debe46b30d43d9a76fedd4ea4bca894fdbe5571b07a7c9b5
                • Instruction Fuzzy Hash: 97219075500B00EFD7298FA8C841F66B7F8FF84250F40882DE5AAC7650EB30A940CBA1
                Function 01196870 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: efe2d848b59df90b0f77f326a24fe67def5dc910435b89d8d97facf283c0ea52
                • Instruction ID: 2ee300aae13b0e2bb5a70118bdde7d33dd744ae711929a6c5905ce0fdc860083
                • Opcode Fuzzy Hash: efe2d848b59df90b0f77f326a24fe67def5dc910435b89d8d97facf283c0ea52
                • Instruction Fuzzy Hash: 7411A332240614EFCB2ADB5DCD40F9ABBA8EF95764F114025F625DF251EB70E901C7A0
                Function 0112E8C0 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dac9d68b32fe29b184e178e5728b9efb2d21f321b75e604d6cc4985e6c403999
                • Instruction ID: a8105182e37c933c8c5b95c7f5ed3d67233303d65610d54bb57b451db060f118
                • Opcode Fuzzy Hash: dac9d68b32fe29b184e178e5728b9efb2d21f321b75e604d6cc4985e6c403999
                • Instruction Fuzzy Hash: 291148333011219FCF1DCB29CD90A2BB65AEFD1374B258539D9228B284EB319812C390
                Function 011366B0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c59114284174a830c385555e351cb6099e58875677320fbf71012a8e3b0b0549
                • Instruction ID: d8686ff38ef485a88ec31e7ebf994b55ac601752c94b0735e99ae70360257571
                • Opcode Fuzzy Hash: c59114284174a830c385555e351cb6099e58875677320fbf71012a8e3b0b0549
                • Instruction Fuzzy Hash: 7411C176A01A05EFCB2ECF59C581A5ABBF5AFC4650B52407DD9059B319E730DE00CBA0
                Function 011CA8E4 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction ID: c91e801cc02549698e6f68be6dc4fb4844a114417ad9f4f6a199178fce501054
                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction Fuzzy Hash: 70110436A00919AFDB1DCB58C841B9DFBB5EF94714F058269E85597340E731FD01CB80
                Function 01100AD0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction ID: 25774931b0bc53f3308c5580c335544ab38039f8f5149ebc44820a7daa48d8ac
                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction Fuzzy Hash: 9B21F4B5A00B059FD3A0CF29D440B52BBF4FB48B10F10492AE98AC7B40E371E814CB90
                Function 0118E7E1 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction ID: 050f12ffb3103b3f18bd922dc288d924e8757145f9eefec9f7a18b604d1801b2
                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction Fuzzy Hash: D111C632A12605EFE729AF49C844B5EBBE6EF46754F05C428F9099B160D771DC40DF90
                Function 011227ED Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 264be1864523086eb7bac151e610d9083c25544bb50b41abd05b0cee1755e239
                • Instruction ID: 5733d6247023f7006cfc41fa713ef08d0b32d7e2dd7224b1009f5d0511a09ea7
                • Opcode Fuzzy Hash: 264be1864523086eb7bac151e610d9083c25544bb50b41abd05b0cee1755e239
                • Instruction Fuzzy Hash: D6010431605685ABE31EA66EA844F2B7ACCEF912A4F060075FA009B250DB65DC10C2B1
                Function 01104690 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6113eba78ecdd808f295bb4789d7115ac6e0cb30d15d43659734bd7c919a348d
                • Instruction ID: 0da64d76134afc7dc96ab2d81124e9b85245add8ed57d3a905c0f6f2f72b1c38
                • Opcode Fuzzy Hash: 6113eba78ecdd808f295bb4789d7115ac6e0cb30d15d43659734bd7c919a348d
                • Instruction Fuzzy Hash: DE11A335A00A45AFD72BCF5DD980B567BA5EB85764F014129FA048BA90C7B0E840CF60
                Function 01136620 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 53601287aa31f6cadf2c72abd18947f81feec97f78f192a36295c33760523ced
                • Instruction ID: 411c6d2cf12614bb69b2682488dc3f6883c0f7a01c05b7ccb4b4120e1c78fd20
                • Opcode Fuzzy Hash: 53601287aa31f6cadf2c72abd18947f81feec97f78f192a36295c33760523ced
                • Instruction Fuzzy Hash: 6E11E5B2A00715BBDB2ADF59C980B5EFBB9FF84790F510069DA01A7248D770AE01DB60
                Function 0112EA2E Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c7934034fecc409a9ce1ff1a8c0f38406309d5e50fc5e6ddca89452ac656144c
                • Instruction ID: ef5d2348c6318cef7a7b60af0e1367a54a9c71c5c11f843bf334e8174d41d6c9
                • Opcode Fuzzy Hash: c7934034fecc409a9ce1ff1a8c0f38406309d5e50fc5e6ddca89452ac656144c
                • Instruction Fuzzy Hash: 220192715021099FC72DDB19D544F16BBFAEB85318F21817EE1098B2A4C7B0AC82CB90
                Function 0112E53E Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction ID: d5ab725da7dab1cf7cc78c7f30ba2b3b9109c09ad5228379212e0e7db6aec6b0
                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction Fuzzy Hash: CD11E9762126D39BEB2F971CE564B297798EF00768F1A00A0ED4187642F329C863C251
                Function 0118E75D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction ID: 459fba62cc06af3f4ce387f5a8a50199e93bce8e9da05de372f38e13db8122fa
                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction Fuzzy Hash: 79019236602905AFE72DBF58CC00F5ABAAAEB95754F05C424EA059B260E772DD50CFD0
                Function 010FA250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: 73eb113edc5d4c4d6140a0732255f4312f867d1bbaeeca3beafa81f03425b054
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: E5010435705B21DBCBA18F1DE841A2ABBE5EB95B70700856DFAD98BA81D731D400CBA0
                Function 0117E1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a9380685c3edd76cbc8841bfd2c058c8d3590854a82793dfa6da6a4680a1601
                • Instruction ID: 7df8406b10fb55a0e1f137996cc196cd123846a0d0ad928e79df9f1e915579d1
                • Opcode Fuzzy Hash: 6a9380685c3edd76cbc8841bfd2c058c8d3590854a82793dfa6da6a4680a1601
                • Instruction Fuzzy Hash: F311A132642241EFDB1AEF19CD80F16BBB8FF54B58F1000A9E9059B691C735ED01CA90
                Function 01106259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f6a7e66ab719829107ed340a9ddfe7760eb113ed93a083942ebabe9502fad265
                • Instruction ID: 0e0d12cb4f96dc609e78c44b6ef9919cfb8e6d15571579efa62035260623c66f
                • Opcode Fuzzy Hash: f6a7e66ab719829107ed340a9ddfe7760eb113ed93a083942ebabe9502fad265
                • Instruction Fuzzy Hash: EE115E70941229ABDB29EB64CC41FE9B374AF48714F5041A5B318A60E1D7709E91CF85
                Function 01186050 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 13d0ccf0388d2de446997a75bc7f2e616c7956b16f9821f3d9ead8b7be4a7f5c
                • Instruction ID: bf417220dbd4ca1ae1b41a75de88586a8963a1e561dfcec4855f769787637253
                • Opcode Fuzzy Hash: 13d0ccf0388d2de446997a75bc7f2e616c7956b16f9821f3d9ead8b7be4a7f5c
                • Instruction Fuzzy Hash: 39111776900119ABCB1AEB94CC80DDFBB7DEF48258F054166A906E7211EB34AA55CBE0
                Function 0110208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: 694b6d7b93b0c7298ef0e19f05808d1ed27ac072181630df5978a0ef1a0225f6
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: 9901F532A002118BDF1EDA2DD884E56776BBFC4614F5645A5ED158F28ADBB18881C390
                Function 01196500 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc93bd7829526dc65bec9f85b65d6b9b3951213e6153f8ffa792d0c913b1d101
                • Instruction ID: 6234d828c764ee8f080d2694610439e940658d211d97ad922401f702a5292e8f
                • Opcode Fuzzy Hash: fc93bd7829526dc65bec9f85b65d6b9b3951213e6153f8ffa792d0c913b1d101
                • Instruction Fuzzy Hash: 741108326001459FD709CF18D400BA5FBB6FB56344F098159E854CB315D731EC80CBB1
                Function 0118C810 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d2df7677358efcef2398f949049dc3a50d6405a7839c135164f4d17804a57c79
                • Instruction ID: becf48a098095c98715d456fce4d62ba894b4bc38fed107dbc2fc47bba7e168f
                • Opcode Fuzzy Hash: d2df7677358efcef2398f949049dc3a50d6405a7839c135164f4d17804a57c79
                • Instruction Fuzzy Hash: 5B1118B1A102099FCB04DFA9D541AAEBBF8FF58250F10806AA915E7351D774EA018BA4
                Function 011AEA60 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2cad83f29e3cf93a7afa607e6571586594f7a88c0bf94c0238eea7402cd9f030
                • Instruction ID: bb887a76fabe7b3bcbbe49b3dcbb299d1ae4c3fddacd46911b0e39c60be40ff1
                • Opcode Fuzzy Hash: 2cad83f29e3cf93a7afa607e6571586594f7a88c0bf94c0238eea7402cd9f030
                • Instruction Fuzzy Hash: 690128391421119BCB3EAB158450D76BFBAFF51654B95443EE2515B210C730EC41CB91
                Function 010FC020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: 17aef1f6946bbcd594005a1a6fcb870b032898dff753e4691b5d7dd2df0bc567
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: FD01F532100709DFEF6A96A9D901EA777E9FFC5218F04885DEA968B940DB70E402CB50
                Function 011420F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9f28682dcd390a579cd19914b52488f021f347b355b4c3dc1f5a4ed72767cb1
                • Instruction ID: 3341551dd63914227b740fef4e08b82fb4c7678aacd9ba42fce1d583b6e40dbd
                • Opcode Fuzzy Hash: f9f28682dcd390a579cd19914b52488f021f347b355b4c3dc1f5a4ed72767cb1
                • Instruction Fuzzy Hash: 08116935A0120DABDB09EFA4D850BAE7BB5EF44A54F0040A9F9119B290EB35AE51CB90
                Function 0113E5CF Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e102634b5a313309b85ea6264d44d28658d5ca3a16aef1e3de94bf42f684f1c4
                • Instruction ID: ba7ba9655f00b7f218042abee2f5cbc43d218ae344d47c5bfd8c61ad3eb04aee
                • Opcode Fuzzy Hash: e102634b5a313309b85ea6264d44d28658d5ca3a16aef1e3de94bf42f684f1c4
                • Instruction Fuzzy Hash: 9B01D471301A057BC319BB69CD80E57F7BCFB94668B000539B20983654DB34EC11C6A0
                Function 011969C0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: adcd708289ff6f9f5e4152d15f213cb77e0d990f0dcd6ec98abb86ea78e76a2e
                • Instruction ID: be10fc70d1ea74f1f60f0eae9623fab49015545bf3ac0b78f5f5bab5b1db26a3
                • Opcode Fuzzy Hash: adcd708289ff6f9f5e4152d15f213cb77e0d990f0dcd6ec98abb86ea78e76a2e
                • Instruction Fuzzy Hash: 0201FC32224212DBC728DF6AC848967FBA8FF54664F514129E97987180E7349901C7E1
                Function 0118C460 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b1d1aef883266a1ff20cb8b1538bc88dcb1147c3f3cfc78af9241b15b9e787af
                • Instruction ID: 7ad55ea74ea4bca363457190412ac3bd2b967a07041c17d35cf74b76364bd1f3
                • Opcode Fuzzy Hash: b1d1aef883266a1ff20cb8b1538bc88dcb1147c3f3cfc78af9241b15b9e787af
                • Instruction Fuzzy Hash: A1115B71A01209ABDB19EFA8C840FEE7BB5EB48654F008059B90197340DB34EA51CBA0
                Function 0118C97C Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 76522e9d91c02817ded2456bf11f5f5537d7eca344624a4365788957ba95841f
                • Instruction ID: e7a4d817562657be00dcfc13cd85d6be32f7aa344e1bbfb444631d0bfc9e309c
                • Opcode Fuzzy Hash: 76522e9d91c02817ded2456bf11f5f5537d7eca344624a4365788957ba95841f
                • Instruction Fuzzy Hash: 261179B1A183089FC704DF69C441A9BBBE4EF98710F00856EB998D7390E730E900CBA6
                Function 0118CA11 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c443465ffdc905165512654d096b15c8e454f66f68ee3990e1d9d9703a571f1f
                • Instruction ID: 86abf90dc93e1efd5927895daf371c68a3a7e2a0f6f71aa844741d5e4ffeddbf
                • Opcode Fuzzy Hash: c443465ffdc905165512654d096b15c8e454f66f68ee3990e1d9d9703a571f1f
                • Instruction Fuzzy Hash: F01179B16183089FC704DF69C441A9BBBE4FF99750F00852EB998D73A4E730E900CBA6
                Function 011D4A80 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction ID: ad5c669a88f65b77a7396ce2ed012240cb0f42ce3feaa6f22aa9ae49ac717907
                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction Fuzzy Hash: 9701D8372006019FDB299A6DD844F56B7E6FBC5210F444859F6438BE94DB70F850C755
                Function 0111E016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: 3532e888bbcca4aad42cbacf44717719c59fc418074c092b7165a0c9fd737057
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: F7015A32305684DFE36B966DC948F2ABBD8EB44B54F0904B1ED15CB692D768DC40C622
                Function 010F826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a2ecdbd5c7ae0b8d0cd5f095e9e943bd54a630fcd67b7b2d0c9de012b1f0af32
                • Instruction ID: 1535c07ca9aeb1715502a58d6abd0cba90a0182316d206e3f2f2313910d838ac
                • Opcode Fuzzy Hash: a2ecdbd5c7ae0b8d0cd5f095e9e943bd54a630fcd67b7b2d0c9de012b1f0af32
                • Instruction Fuzzy Hash: E6018436614505EFD75CEB69DC059EE77F9EF81624B15806E9E01A7A80DF30E902C690
                Function 011AEB50 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 6cb65b9a0676c49fa8d81bd6c45e887ca03c30cdc8dd0110de4dceb62dcb6569
                • Instruction ID: cd9a438b14513f7dc748e5abe761dfdca043e70ded4dc07a6afc855747b1faeb
                • Opcode Fuzzy Hash: 6cb65b9a0676c49fa8d81bd6c45e887ca03c30cdc8dd0110de4dceb62dcb6569
                • Instruction Fuzzy Hash: B301F271281B01AFD3395B5AD940F16BEA8EF95B50F11443EF3169F3A0C7B0A881CB94
                Function 01102582 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c8fa82eb5cfa61e3497de1646ead7f90c17ec5ecfa6c7aa4d5f297a79712055
                • Instruction ID: 3d18f07d0a3a33552744b014895da7f4a2af049ad6cc9976b18f74644c46755a
                • Opcode Fuzzy Hash: 2c8fa82eb5cfa61e3497de1646ead7f90c17ec5ecfa6c7aa4d5f297a79712055
                • Instruction Fuzzy Hash: 45F0F932A41A21BBC73A9B568C44F47BEA9EB84B94F114029A60597640D770ED02C7A0
                Function 0112C073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: bfce23c135774286f29ba6ac3303566db16581635852241df007193ad66b30c9
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: 38F0C2B6A00A25ABD328CF4DDC40F57FBEEDBD5A84F048128E605C7220EA31DD04CB90
                Function 010FC310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: dc526e69e517517f92f226b99f81a27288708d82cbbb0f7b5221ede3d7e2b7e9
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: 88F04C332046279BF73656594943F6BA595CFD1AE4F1E403DE3459BA04CA608D0253D1
                Function 0113CA6F Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction ID: f238daf7cfa96991e9a28fac838456ff3e8b51b4c0c75b038836a589dac8a4c6
                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction Fuzzy Hash: E601F9312006899BD72E971DC809F99BFE9EF81764F094066FA059B795E7B4C801C261
                Function 011D61E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 02399429659b473aa1aeb8590e0bb398c757ce27c0eabf5df1592411acb84d4e
                • Instruction ID: 649f8cbe80c25cd4ee8c0abb0431da091e2ab538ffd4c24eecdbcb7ac9ad4c4c
                • Opcode Fuzzy Hash: 02399429659b473aa1aeb8590e0bb398c757ce27c0eabf5df1592411acb84d4e
                • Instruction Fuzzy Hash: 27018F71A102499BCB08DFA9D441AEEBBF8FF58714F14006AE500E7280D734EA01CB98
                Function 011863C0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction ID: 5064c0a0a9daf54163c6c2b7e618ed1da430606be0742b65e829b2ae199fc909
                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction Fuzzy Hash: A6F01D7220001DBFEF06AF94DD80DEF7B7EEB592A8B104125FA1192160D731DD21EBA0
                Function 0118A4B0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5667ffd1a6f21d87168ee2afcdd050fd79dad9b94215ad5e574986e883ccb24
                • Instruction ID: 1825d21746cc2375ee86683e6606664e65392bea4c5852f9cce89024ac940ce9
                • Opcode Fuzzy Hash: f5667ffd1a6f21d87168ee2afcdd050fd79dad9b94215ad5e574986e883ccb24
                • Instruction Fuzzy Hash: 81018936100149ABCF16AE84D840EDA3F66FF4C664F068116FE2866220C332D9B0EF91
                Function 010FC0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c8447a537dee903bef6f49a1038fc340a7cbcea4b28956e03a0bd9581b38798
                • Instruction ID: a124cb76d15e73deb8717ca5e33d7cb5405723743b211ea17a3f4c0e2bf6e160
                • Opcode Fuzzy Hash: 6c8447a537dee903bef6f49a1038fc340a7cbcea4b28956e03a0bd9581b38798
                • Instruction Fuzzy Hash: 0FF08B312003495BF3549108CE03F2232D9F7C1254FA880ADEB448BAC0EAB0DC018391
                Function 0113656A Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c8c9272fa9f7478dd81418d34a775c32337a3ac0e25b8ff4fc1fca660de753e3
                • Instruction ID: e5b1d8d64b0c935a82b5f49ce7d0dcc2d3a04bee0aebcc5ab9e0225a55bf26cf
                • Opcode Fuzzy Hash: c8c9272fa9f7478dd81418d34a775c32337a3ac0e25b8ff4fc1fca660de753e3
                • Instruction Fuzzy Hash: 0501A470305681ABE72E9B2CCD48B293BA5BB80B58F4901B4BA118BBDAD728D541C621
                Function 011A437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: 052c8ca42660c95889bc7407e5be0066c609946cf06b0921a24515e81db3d9dd
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: 3BF0B439749D3347E77DAA2F8420B3EAE569F90A01B4D453C9641CBA80DFA0D8048794
                Function 0118E872 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction ID: c4ddd647331cfe185e45b2f140688f8f305e43119f4fd36e2083105b0fd42d0b
                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction Fuzzy Hash: 8DF089337665119BD739AA4DDC80F1AB768EFD6A60F1A4075A6149B264C760EC02CFD0
                Function 0118C89D Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a182fbea1c4e4fa58da9e8c7023d019edf111424058facf0d7aaca5ebdf7005
                • Instruction ID: 6b070d615194811f0d69536be1838df9b9b60255f7f30ceb1a085aa8b3dd6b69
                • Opcode Fuzzy Hash: 9a182fbea1c4e4fa58da9e8c7023d019edf111424058facf0d7aaca5ebdf7005
                • Instruction Fuzzy Hash: 73F0AF706193049FC318EF68C441A1AB7E4FF98714F80865AB8A8DB394E734EA00CB96
                Function 01130854 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction ID: 132e59e8c48b3c49f161eaa56ffcb4560c653ac8512720b8192913c8e7a45c0f
                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction Fuzzy Hash: 79F09072A10204AEE718DF25CC01F96B6E9EFAC344F1580B8A545D7164EBB0ED41C794
                Function 0118C912 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e26e6ac5897c35a3d27512f80b607d7285a4e7c251640155af170e8e8be0f7a0
                • Instruction ID: 8b66aa3d5acdad7c9e1605946a092e9435f2219bed3dbc273903ee075b314df2
                • Opcode Fuzzy Hash: e26e6ac5897c35a3d27512f80b607d7285a4e7c251640155af170e8e8be0f7a0
                • Instruction Fuzzy Hash: D1F06270A11249DFCB08EFA9C515B9EB7B4FF18704F508069B955EB385EB34EA01CBA4
                Function 011047FB Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e3b4a8bdf1f57a5280b562bc1e8859d175e8f2542c03b98a4368dfaadec001d
                • Instruction ID: a2955d39393f72a2f0ea6ae847295b38e95ec7a6c267f7b276964e7ae32b8f07
                • Opcode Fuzzy Hash: 1e3b4a8bdf1f57a5280b562bc1e8859d175e8f2542c03b98a4368dfaadec001d
                • Instruction Fuzzy Hash: 43F0F071D022E09EE73B8BACC084B21BBC49B00625F098C6BD78983DA2C7E4DA80C641
                Function 011C0115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f41463327741c504791c3d74ed39bcdd32190c2a5fcbb7d2a782dcbaa35b7530
                • Instruction ID: 686dd14cda7ed91098fa06d72a511672d758b7a813d7ef60675689db5db63749
                • Opcode Fuzzy Hash: f41463327741c504791c3d74ed39bcdd32190c2a5fcbb7d2a782dcbaa35b7530
                • Instruction Fuzzy Hash: FFF0276A4166818ACF3E6B2C78903D5AB54F7A9914F09105DD4B167205C774C8C3C320
                Function 0113C5ED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3dac96cefdffa0e6e21c0d6e1dcbc61d8111b9bccc8a1eed3c5787cda3553c58
                • Instruction ID: 25729297b9ccf93931d095f7a2d9ce575ccc03bc3903f4bc8d028361db5d6a5b
                • Opcode Fuzzy Hash: 3dac96cefdffa0e6e21c0d6e1dcbc61d8111b9bccc8a1eed3c5787cda3553c58
                • Instruction Fuzzy Hash: E4F0E2F15116919FE33E972CC548B11BBD89BC07A4F099427D5069772AC774E880DAD1
                Function 01142619 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction ID: 91a612c58071cfc5658128a6653e4949f7f1032bedbe5204c06d883881f57a15
                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction Fuzzy Hash: 81E0D832301A016BE7259F599CC0F47BB6EDFD6F14F040079B9045F251CBE2DC4986A4
                Function 01196030 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction ID: d1865e78854168e11010e08bfab5f37678d20d6bd8c850df310d23c4895cb11b
                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction Fuzzy Hash: 30F0E572100204DFE7288F09DD80F52BBF8EB05368F0AC026E6188B160D339EC40CBB0
                Function 01100710 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction ID: d26dabefbbfd7dc4a6b624f3b2f062b11d7b24997a99525e1d0be2abd7ff48a4
                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction Fuzzy Hash: D2F0E539A04B41DBDB1FCF19C040AD9BBA4FB453A0B014054FCA28B341D775E981CB51
                Function 011349D0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction ID: a952add42ae5de7c6520d8342a1093bc665cd7521f8ad059d175bd0a242d8c0d
                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction Fuzzy Hash: 2DE0D832244545ABD3295A598800B66BBA6EBD17A0F160439E2028B958DB70DC42C7D8
                Function 011A678E Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction ID: b351bd29d6caabb8543f537d2b3a96fe117f8451ee1fbe221c8e3ddaf6535fcc
                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction Fuzzy Hash: 2BE02632A00520FBDB2597998D05FABBEBCDFA0FA4F090064B600E70E8E630DE00C6D0
                Function 011025E0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d889b5ca7816c58fd48901e365f0631c6e31a8fdab11cb55ac42f4f4c2619591
                • Instruction ID: c09aa8dc24a094237a74ccd846973840086cbe2e22f14cb218725fdb6c16924b
                • Opcode Fuzzy Hash: d889b5ca7816c58fd48901e365f0631c6e31a8fdab11cb55ac42f4f4c2619591
                • Instruction Fuzzy Hash: DCE092321009549BC32ABB29DD01F8A779AEB64778F014529B12557194CB70A850C784
                Function 011BA456 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction ID: 442769c554ee310c53e3944043ca9fe8fab3ebdd71109a369efeb27bbd7c7e1c
                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction Fuzzy Hash: 2DE01231011A51DFE73A6F2AE948B96BAE1BF50715F188C2DE19A124B4C7B998D1CA40
                Function 01184000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: 9e71b1644ed1f5585f835cbf7ec57b06e40ff3150649b4079299a5fa94449514
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: 9EE0AE343003068BE719DF19C040BA37BA6BFD5A10F28C068A9488F605EB32A8438A40
                Function 0113CA38 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ac544f8c319a9fdc44a70954539d570849d37e102ce51bc2fb3edae14cdcc075
                • Instruction ID: b18d8fa216502bb5a88f1c6062e933d45c825aa74de161b7a0b8070ac038398a
                • Opcode Fuzzy Hash: ac544f8c319a9fdc44a70954539d570849d37e102ce51bc2fb3edae14cdcc075
                • Instruction Fuzzy Hash: E5D02B36481030AACB7DF1187C04F937A999BD5220F024872F108B2019E714CCD282C4
                Function 010F823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: 412c426590a530ba228f804041b94e404f80444bd33a2bdea6dfdf39145a73a1
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: F4E08C35014A10EFDB7A6E15EC01B9576A1FB54B64F20882EF186068A98770A8C2CA44
                Function 01102050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1cfa7c0ed765f31cb83e5b0d60808edd6ceb090cc0b67e13f7e5c31ff93cbece
                • Instruction ID: 4ebc8eae4add9fd3e064d11cf59ae361931dc474b56fc627ff93572de215bc73
                • Opcode Fuzzy Hash: 1cfa7c0ed765f31cb83e5b0d60808edd6ceb090cc0b67e13f7e5c31ff93cbece
                • Instruction Fuzzy Hash: 44E08C321004506BC21AFA5DDD40F4A739AEBA5274F000126B160876D8CB60AC41C794
                Function 01138A90 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction ID: 9e6a002015539ed0a6444b0ecb941ce770cdf75fb537ce2490cc42b9a349b2a1
                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction Fuzzy Hash: 27E08633111A1487C72DDF18D511B7277A4EF85720F09473EA61387784C634E544C795
                Function 01156AA4 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction ID: c9bbeb33ca873a0b63b2d14a3b16440ef2ece3437688c6b9ad3abbc6cba0c203
                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction Fuzzy Hash: 4AD05E36511A50EFD3369F1BEA00D13FBF9FBC4A20705063FA55583928C770A806CBA0
                Function 0113E59C Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction ID: b8c77534f691f704718f73b0b40248a76e0892b13b6551df7b4c179d115fee3c
                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction Fuzzy Hash: 92D0A932214620ABD736AA1CFC00FC373E8BB88734F06046AB018C7164C360AC82CA84
                Function 0117E908 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction ID: 487e329d1ee55e066f46bc4a21ed80be08921ad8ed5a5c18cd0e56533e16099a
                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction Fuzzy Hash: 1DE0EC369516849BDF1ADF59C640F5ABBF9BB94B40F150458A1085B664D724A901CB40
                Function 010FA0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: a3ea9d70552908c0cc7cd502ad26b708d7916b505a647f14b92d4729f16307f9
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: E1D01232326071D7DB2956556914F67B955EF81AA4F1A006D760E93D04C5158C83D6E0
                Function 004172E8 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336089947.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_SecuriteInfo.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2eae78b0e98f9472cbc12b5dab8148bc0ec56063e4dc6dfd27409af6e22d0e4c
                • Instruction ID: 49b1302c95db727d4e27c8267287a27ac1465d8ff8b0976f9abd0f575c6c48a9
                • Opcode Fuzzy Hash: 2eae78b0e98f9472cbc12b5dab8148bc0ec56063e4dc6dfd27409af6e22d0e4c
                • Instruction Fuzzy Hash: DAC09223B54154478A220D8EB4502F4F7B4D6C7073F8433E7D94DE70158212C9154A9E
                Function 0113A830 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction ID: c6702673c9b8747fcd2056d0fa9b03720185c703fe4fdee041b8a05d0aca4950
                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction Fuzzy Hash: F4D022370E010CBBCB119F62CC01F907BA8E760BA0F004020B504870A0C63AE850C580
                Function 0113CA24 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 74b3e8dd7f0932fe7cbf5bb39369802fb621b9e62408ed33295d4bd680aa589e
                • Instruction ID: aacec20b3605d17df2e79441bec060d6e075e180fbe0c18667ccf26457321feb
                • Opcode Fuzzy Hash: 74b3e8dd7f0932fe7cbf5bb39369802fb621b9e62408ed33295d4bd680aa589e
                • Instruction Fuzzy Hash: 52D0C934A55502DBDF2FEF59CA14F6E7AB5FB54650B40007DE712A2628F3A9DC02CB90
                Function 011102A0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction ID: 4bc4b789bb07799f6d2188fa93113d42c94ba884bed6a95a869cfe83005af758
                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                • Instruction Fuzzy Hash: 7CD0C935612E80CFD71FCB0CC5A4B5573A8BB48B44F8144A0F401CBF26D72CE980CA00
                Function 0113C700 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction ID: ae3efec6caf60447e9f044dedf383aa39dcd9d3ddc07d01b1b4b30598175a204
                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction Fuzzy Hash: 63C01232150644AFC7159A95CD01F0177A9E798B50F000021F20447570D631E811D644
                Function 01120310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: e47745466a3957f027722f6d4b17a10b9972f6cdad2c5bc6e1882f8a5e759cbe
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: 44D01236100248EFCB05DF41C890D9A772AFBD8710F108019FD19077108A31ED62DA90
                Function 01100750 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction ID: 18c96cc51dcc4a29469a63facee11ee8b5066af704e8d2d81c1e5ad9cae23eff
                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction Fuzzy Hash: A5C04C75B11541CFCF19DB19D294F49B7E4F744754F550890E855CB725E724E901CA10
                Function 01144340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5a972c89839651a7137294d13c913189303a07e0e7ca42c4a185e4090757dd0b
                • Instruction ID: dd1a8ca09af5686b32deebb1b885fd22293e7e3298d446e00bb190457bfa248b
                • Opcode Fuzzy Hash: 5a972c89839651a7137294d13c913189303a07e0e7ca42c4a185e4090757dd0b
                • Instruction Fuzzy Hash: 95900231605800529284715989845464005A7E0301B55C011F4525554CCB148A565761
                Function 01144650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 606cf66af8aa76c18e1649a9d97c8aefd37a862a27718cdef06729794d041431
                • Instruction ID: 56a2d393ab9c934cc25846fd775d6ef1fb9cd57e76f07cca9474adaaac2ab1ec
                • Opcode Fuzzy Hash: 606cf66af8aa76c18e1649a9d97c8aefd37a862a27718cdef06729794d041431
                • Instruction Fuzzy Hash: 56900261601500824284715989044066005A7E1301395C115B4655560CC71889559769
                Function 01142B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a90c2b1da3a24100a86a9835afa027171611ddc174f0a61628c0e0b864a7baf4
                • Instruction ID: 24c54b08d534af1a448593e9c19fc1330cb911b1899edcd7107a9966507bce0f
                • Opcode Fuzzy Hash: a90c2b1da3a24100a86a9835afa027171611ddc174f0a61628c0e0b864a7baf4
                • Instruction Fuzzy Hash: B690026120240043424971598514616400A97E0201B55C021F5115590DC62589916625
                Function 01142B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5a39e4a5f929212bb85e1e6fc378f053cd6acc59f6fcbd12d3b706a2019b3b2
                • Instruction ID: c8991ed10757231d568d974fd435e27f7c576755f7537a8fe17a1b7cd6aa3ca6
                • Opcode Fuzzy Hash: d5a39e4a5f929212bb85e1e6fc378f053cd6acc59f6fcbd12d3b706a2019b3b2
                • Instruction Fuzzy Hash: 5A90023120140842D24871598904686000597D0301F55C011BA125655ED76589917631
                Function 01142BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 525bca31cfdb2be49f25fe4e89bc4bf585c7be79c31d96d7c4c8b410e45ca830
                • Instruction ID: d13f49f930911f9be4aa7813a2ef6cc9e19566e37f62eb302b9d270d254b5d2f
                • Opcode Fuzzy Hash: 525bca31cfdb2be49f25fe4e89bc4bf585c7be79c31d96d7c4c8b410e45ca830
                • Instruction Fuzzy Hash: 2090023160540842D29471598514746000597D0301F55C011B4125654DC7558B557BA1
                Function 01142BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b181da82cece71b6175d24ba86b8ac274e6ae0b61dfe0cafdb9820a7083b9c7
                • Instruction ID: 1d28bb7694b7f5605ac896ab9eb616b7bb188f8aaced4e48ccae7e16c1a4b1c4
                • Opcode Fuzzy Hash: 6b181da82cece71b6175d24ba86b8ac274e6ae0b61dfe0cafdb9820a7083b9c7
                • Instruction Fuzzy Hash: F290023120544882D28471598504A46001597D0305F55C011B4165694DD7258E55BB61
                Function 01142AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e61b1f854905efb18a1518748402e86acb80350bae891fcbcf115278571b97a
                • Instruction ID: bdab0e2ad91629e75a6f25d365129298159e6363ed3d355611bde337074782dd
                • Opcode Fuzzy Hash: 9e61b1f854905efb18a1518748402e86acb80350bae891fcbcf115278571b97a
                • Instruction Fuzzy Hash: E09002A1201540D24644B259C504B0A450597E0201B55C016F5155560CC62589519635
                Function 01142AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 625676495d9c30f2490b08deb6362c66b9110839ce9a4372c5072946f2b7ea45
                • Instruction ID: 90088e61a7f81a258cf0089c22f627727ddcac1952e9718ef0d1508beb901324
                • Opcode Fuzzy Hash: 625676495d9c30f2490b08deb6362c66b9110839ce9a4372c5072946f2b7ea45
                • Instruction Fuzzy Hash: 1190043531140043034DF55D47045070047D7D5351355C031F5117550CD731CD715731
                Function 01142AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 46a72cabb927d9e002215a2c375cda0dea3a37bd3a081cea5c1b09e091db1b90
                • Instruction ID: 495315903ff5226c47ac7380e96e7ff115bfaae1b2acaea0840e52888278e507
                • Opcode Fuzzy Hash: 46a72cabb927d9e002215a2c375cda0dea3a37bd3a081cea5c1b09e091db1b90
                • Instruction Fuzzy Hash: 01900225221400420289B559470450B0445A7D6351395C015F5517590CC72189655721
                Function 01142D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29bed35ff5857e71ae1d64a3446f8766ffae59ecb02cec37b012b31ed8c29afd
                • Instruction ID: 584fd872d516efbba17e4d8d1e7c8da3806ccafe10ac59ae3101f458b43a0752
                • Opcode Fuzzy Hash: 29bed35ff5857e71ae1d64a3446f8766ffae59ecb02cec37b012b31ed8c29afd
                • Instruction Fuzzy Hash: 2D90022921340042D2C47159950860A000597D1202F95D415B4116558CCA1589695721
                Function 01142D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f037fbd25aa585f47ade388c2da2af24503cf6d3803fbb71f4c9accdbf33aab
                • Instruction ID: 96fcef88b9b4c1ff9089a05c889ebe0645556a0ca75eb5c594d19c9545cf87fc
                • Opcode Fuzzy Hash: 5f037fbd25aa585f47ade388c2da2af24503cf6d3803fbb71f4c9accdbf33aab
                • Instruction Fuzzy Hash: B790022120544482D24475599508A06000597D0205F55D011B5165595DC7358951A631
                Function 01142D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c5026e6de9e9499bbf4bc83eb3a31c5c54a8bb605dfd14026035048b39a18a4e
                • Instruction ID: 68273f455a29c3f3da529ea62a69c31155f5749fa79073da48445662c1a2ae31
                • Opcode Fuzzy Hash: c5026e6de9e9499bbf4bc83eb3a31c5c54a8bb605dfd14026035048b39a18a4e
                • Instruction Fuzzy Hash: C190022130140043D284715995186064005E7E1301F55D011F4515554CDA1589565722
                Function 01142DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50908b6510957c86559a2f1a22eb0ddd6db7c2d2d37e2f78480681b20484631a
                • Instruction ID: d7dcf821e8a2139c21a390554acf1f53d66f6c69f7a856ce586469429bbaf126
                • Opcode Fuzzy Hash: 50908b6510957c86559a2f1a22eb0ddd6db7c2d2d37e2f78480681b20484631a
                • Instruction Fuzzy Hash: 7290023124140442D285715985046060009A7D0241F95C012B4525554EC7558B56AF61
                Function 01142DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 663c670d4e22cee0654bc042084f92427df091bf726025c3b66d0f85e5b8a3b8
                • Instruction ID: 442c96b9c3fcd4c75a9d3bcf323c7e78122cc99672fffa7eb620ca3a59a070d3
                • Opcode Fuzzy Hash: 663c670d4e22cee0654bc042084f92427df091bf726025c3b66d0f85e5b8a3b8
                • Instruction Fuzzy Hash: 02900221242441925689B15985045074006A7E0241795C012B5515950CC6269956DB21
                Function 01142C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4acbf673a99cf0cb73d2cb224781aab4a0c1cde6cc9a44e086f3f592bdc2dd3e
                • Instruction ID: 3bc3e2892cb4fc14f3fb96c7f22e7f9f92baf7275aae44581ea1ff5ad72ae39a
                • Opcode Fuzzy Hash: 4acbf673a99cf0cb73d2cb224781aab4a0c1cde6cc9a44e086f3f592bdc2dd3e
                • Instruction Fuzzy Hash: E490023120148842D2547159C50474A000597D0301F59C411B8525658DC79589917621
                Function 01142C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 68c7f10c9127144e011a57260534c9446aad7c622166e4dcb22dedfe4f887bac
                • Instruction ID: 85caf7b2095434fcb83ed4f08c06ff31cd938de10b0636c6e10d3a07435a8ca0
                • Opcode Fuzzy Hash: 68c7f10c9127144e011a57260534c9446aad7c622166e4dcb22dedfe4f887bac
                • Instruction Fuzzy Hash: E090023120140882D24471598504B46000597E0301F55C016B4225654DC715C9517A21
                Function 01142CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 489519f27e141c66b9631a70fe70e796b30935e391434cc40866fef289846524
                • Instruction ID: c9a868ab5721901ce2e2ea7d655d90d899395e73d7e8e2c220d9296d62d9510c
                • Opcode Fuzzy Hash: 489519f27e141c66b9631a70fe70e796b30935e391434cc40866fef289846524
                • Instruction Fuzzy Hash: 4590023120140442D24475999508646000597E0301F55D011B9125555EC76589916631
                Function 01142CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 67c356b0c2bc7695946ec3a5912ffdb8bf77cfd5c6ac80182188c1b325a34fbf
                • Instruction ID: b198bc6b1ac81a76394f101acb99e007b8ac0e2f0d9492ff00a07eb8cab39e1f
                • Opcode Fuzzy Hash: 67c356b0c2bc7695946ec3a5912ffdb8bf77cfd5c6ac80182188c1b325a34fbf
                • Instruction Fuzzy Hash: 6A90022160540442D28471599518706001597D0201F55D011B4125554DC7598B556BA1
                Function 01142CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b201ab524538c255e6f7a8d089c72bb3ae6711c2dcf41a0d9399cd5a25b4dab
                • Instruction ID: c6aadf802e734d4e6b363f2d8557056abfacb722bb0c4de7eb94575a65eadb99
                • Opcode Fuzzy Hash: 7b201ab524538c255e6f7a8d089c72bb3ae6711c2dcf41a0d9399cd5a25b4dab
                • Instruction Fuzzy Hash: DA90043130140443D344715DD70C7070005D7D0301F55D411F453555CDD757CD517731
                Function 01142F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2dd4812b0c3f56a2b9764ba945ec0018ad7ab40b65dda838f94125308db2378e
                • Instruction ID: 396767f888f28cb084607045fafc111d3011d524e5a59084607ac4cf72f0d03a
                • Opcode Fuzzy Hash: 2dd4812b0c3f56a2b9764ba945ec0018ad7ab40b65dda838f94125308db2378e
                • Instruction Fuzzy Hash: BC90026134140482D24471598514B060005D7E1301F55C015F5165554DC719CD526626
                Function 01142F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d33d6a5f24b2ef8da807b10e0b6de3e225cb3b1077258bceecef2bfabe55cd5e
                • Instruction ID: d73440d6a9ffb69fa44b0b41dc483e71118b1703360ffdf9d40cad9166a71dfe
                • Opcode Fuzzy Hash: d33d6a5f24b2ef8da807b10e0b6de3e225cb3b1077258bceecef2bfabe55cd5e
                • Instruction Fuzzy Hash: 0490026121140082D24871598504706004597E1201F55C012B6255554CC6298D615625
                Function 01142F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb715fddcfbf12e476b20924c77611eda25f205acb606e383349a719ab007df4
                • Instruction ID: a8aeeea20942779b2cb745e65a4fdb90ddaccdf7f76e933ff9271b1eeffb0ea0
                • Opcode Fuzzy Hash: cb715fddcfbf12e476b20924c77611eda25f205acb606e383349a719ab007df4
                • Instruction Fuzzy Hash: BE90023120180442D2447159891470B000597D0302F55C011B5265555DC72589516A71
                Function 01142FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 63afd81fba74639d0492a0bcd7aad9af491cd6e0eb159b84ee76f0435b5b9f8d
                • Instruction ID: 1939bd4150b2e081c762025b04a3b126015e8ee568b5ee5ebd2388de3e673889
                • Opcode Fuzzy Hash: 63afd81fba74639d0492a0bcd7aad9af491cd6e0eb159b84ee76f0435b5b9f8d
                • Instruction Fuzzy Hash: 179002216014008242847169C9449064005BBE1211755C121B4A99550DC65989655B65
                Function 01142FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aca86ade46025868f38c0b2b24e5ddb7e083c8f44a69dec4e10a663ffd00d9da
                • Instruction ID: 08ab93ad939f61df3eb0ec46a2b34f87a3274d1666c47ff3827253742582ec8c
                • Opcode Fuzzy Hash: aca86ade46025868f38c0b2b24e5ddb7e083c8f44a69dec4e10a663ffd00d9da
                • Instruction Fuzzy Hash: B190023120180442D24471598908747000597D0302F55C011B9265555EC765C9916A31
                Function 01142FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b9ff61395e40d4dc17401cefda55e5874e4eae20893b1269503b8b5cebde49f4
                • Instruction ID: ab8329759e9f44ecd44d17e9f9b5f9427167d7a9ced3ee1a24774c220a54971f
                • Opcode Fuzzy Hash: b9ff61395e40d4dc17401cefda55e5874e4eae20893b1269503b8b5cebde49f4
                • Instruction Fuzzy Hash: 2B900221211C0082D34475698D14B07000597D0303F55C115B4255554CCA1589615A21
                Function 01142E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d83b8e971b92eb5f0d2f41e0c12a50b5d2d0937a258a7005b25d3dd2a3269d8d
                • Instruction ID: c06cb44186a60812643bab7c3a28737653455fea1331d9402d5bbd67882a5681
                • Opcode Fuzzy Hash: d83b8e971b92eb5f0d2f41e0c12a50b5d2d0937a258a7005b25d3dd2a3269d8d
                • Instruction Fuzzy Hash: 7790022130140442D246715985146060009D7D1345F95C012F5525555DC7258A53A632
                Function 01142E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aff97bb948975ee2324d2a0bd59e512b60a532fdcde1a937303d4481e0026cf
                • Instruction ID: b6de10238d41a75304dc2ec1a46b0de736a15c415c709fff7b455941c66ebb63
                • Opcode Fuzzy Hash: 4aff97bb948975ee2324d2a0bd59e512b60a532fdcde1a937303d4481e0026cf
                • Instruction Fuzzy Hash: 6190022160140542D24571598504616000A97D0241F95C022B5125555ECB258A92A631
                Function 01142EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4711f94f9984e5a9b5a4246d9b0e20cb0b219764990ada7f50918ec06d5f4658
                • Instruction ID: 5d6a3441e414a4e4c55f0dc8982af58f86585b23ef9ef5742d25eba54bc4c03b
                • Opcode Fuzzy Hash: 4711f94f9984e5a9b5a4246d9b0e20cb0b219764990ada7f50918ec06d5f4658
                • Instruction Fuzzy Hash: D790027120140442D28471598504746000597D0301F55C011B9165554EC7598ED56B65
                Function 01142EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 557806072297851b67b7f1381cf75eb5d412c4b5f437e83f03b49c2a8d07fa95
                • Instruction ID: 95d9a0a0faa6a1761466a5f18414c51a6c9ea1fc1c0059d14f6a14b1de26f43a
                • Opcode Fuzzy Hash: 557806072297851b67b7f1381cf75eb5d412c4b5f437e83f03b49c2a8d07fa95
                • Instruction Fuzzy Hash: 6590026120180443D28475598904607000597D0302F55C011B6165555ECB298D516635
                Function 01143010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 31d8127e07027725c1e2f86fa58cd4fa1bd2a9bcd1b1e5e9d39aa6b888c1a090
                • Instruction ID: 8919e6f4564739e942c6d6d8480cb097cad5d9f1e9d392ba7baf544942104474
                • Opcode Fuzzy Hash: 31d8127e07027725c1e2f86fa58cd4fa1bd2a9bcd1b1e5e9d39aa6b888c1a090
                • Instruction Fuzzy Hash: F190022120184482D28472598904B0F410597E1202F95C019B8257554CCA1589555B21
                Function 01143090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 67548db5667262d7340767dabd670e694bb79a3144ea05f0c2232806d38927da
                • Instruction ID: 03ca3d4526d432cda6b6fbf3b1bef21d2c7992b8c7367f9471388c3da6188b40
                • Opcode Fuzzy Hash: 67548db5667262d7340767dabd670e694bb79a3144ea05f0c2232806d38927da
                • Instruction Fuzzy Hash: 6090022124140842D2847159C5147070006D7D0601F55C011B4125554DC7168A656BB1
                Function 011435C0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cbfdf6cad0dca05251499e114acad9e979c719ef36b0f4eda97f0819788579aa
                • Instruction ID: 3ca4f1105e5f8c84f35f36511cc64975d0b04f166e50e3c8b1360365d02ffd98
                • Opcode Fuzzy Hash: cbfdf6cad0dca05251499e114acad9e979c719ef36b0f4eda97f0819788579aa
                • Instruction Fuzzy Hash: FF90023160550442D24471598614706100597D0201F65C411B4525568DC7958A516AA2
                Function 011439B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6bfae05ecb8c1e4b20c7ef55aa4cc8b43e9b5e73a9bdba8eb60570299538d918
                • Instruction ID: b1d7b93b38f68974beded4e29cc287269dce8b692827e329286a1bc17c121b78
                • Opcode Fuzzy Hash: 6bfae05ecb8c1e4b20c7ef55aa4cc8b43e9b5e73a9bdba8eb60570299538d918
                • Instruction Fuzzy Hash: DD90022124545142D294715D85046164005B7E0201F55C021B4915594DC65589556721
                Function 01143D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c3dac78a2989cb8a47c8d408b0019caab0e9bbad4df4cd6961f186728cd5c801
                • Instruction ID: f3001ccabee9658fad213964d6916bac5d2698f27745fc03fba7d98a3b2ffc42
                • Opcode Fuzzy Hash: c3dac78a2989cb8a47c8d408b0019caab0e9bbad4df4cd6961f186728cd5c801
                • Instruction Fuzzy Hash: E490023120240182968472599904A4E410597E1302B95D415B4116554CCA1489615721
                Function 01143D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b514e8486af6882acf54f6e088241e9d2459481fafba5421fe8e5768d350fa87
                • Instruction ID: eb58830634739aa2cb74c9932e13459a911b5db366df3f0b7d8c99649fd1f8b0
                • Opcode Fuzzy Hash: b514e8486af6882acf54f6e088241e9d2459481fafba5421fe8e5768d350fa87
                • Instruction Fuzzy Hash: 6190023520140442D65471599904646004697D0301F55D411B4525558DC75489A1A621
                Function 01142C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: 95d71ea93b97971d4c628585624557967cba44245bbc6b0d2c6a21d630ac6304
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 01142890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 99bc65fdfc22ca79064101d4aed4d68c25249ad50e6686c22a62a148fbe51be2
                • Instruction ID: c4091470a68c1f0be83a02b88911ea8224b695ea767a7f823b6cc0dc5904f190
                • Opcode Fuzzy Hash: 99bc65fdfc22ca79064101d4aed4d68c25249ad50e6686c22a62a148fbe51be2
                • Instruction Fuzzy Hash: 1451D7B5A00217BFDB29DB9CD89097EFBB8BF086407148229F5A5D7641E374DE408BA0
                Function 011B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: a1ed070df7852c554aed02d8740047bb5df098bd0810747054a3ccbf36ae01ff
                • Instruction ID: d953620f9b262c5c7ce61a39c2bd056c33141156cea1656f0471195d9b99b99d
                • Opcode Fuzzy Hash: a1ed070df7852c554aed02d8740047bb5df098bd0810747054a3ccbf36ae01ff
                • Instruction Fuzzy Hash: 4E51E571A04645AECB38DE9DC8D09FFBBF8EB48204B048459E5D6D7A41E7B8FA44C760
                Function 01137630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01174787
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011746FC
                • Execute=1, xrefs: 01174713
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01174725
                • ExecuteOptions, xrefs: 011746A0
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01174742
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01174655
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 8899e16a9543817fac7cb45126fd2ee974e0bf1696d54c63cb7e4d764bb20966
                • Instruction ID: 067e17d7990df78b5d3d03ae5473de7a4c6148cd307b3a15995640c56eaa52a8
                • Opcode Fuzzy Hash: 8899e16a9543817fac7cb45126fd2ee974e0bf1696d54c63cb7e4d764bb20966
                • Instruction Fuzzy Hash: 395139B1A0021A7BEF1DABA9DC99FA977B8EF54704F0400ADE605AB1C0D7709A41CF51
                Function 0114B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: fe0ebba4acb43aaa116725e86e7d04ba91347b08e6552120f6dc7bc0496cecd2
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: 0B818D70A0924A9FEF2DCF6CC8917FEBBA2AF45B20F184159D861A72D1C734D8418B59
                Function 011B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: 8a12ddf2b3566c786fc39c333225da38f5ed62bb37022ca87c7a2f6572a4fffb
                • Instruction ID: 7d8f5adf95a430735085d387e45cc4d502377805fb007f00a4216e1b3bfe311c
                • Opcode Fuzzy Hash: 8a12ddf2b3566c786fc39c333225da38f5ed62bb37022ca87c7a2f6572a4fffb
                • Instruction Fuzzy Hash: 8121777AA00119ABDB14DF79DC80AFEBBF8EF54654F04011AEE15D7200E730E9068BA1
                Function 0112F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011702BD
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011702E7
                • RTL: Re-Waiting, xrefs: 0117031E
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 6280860ce52b0dfdd55c097c1a234916f2a3d63614bd2e364b6610dbdcc446d2
                • Instruction ID: 5078296f426f8f9de4108b5daaaebbaa6c981b4cfffad1c03e9237fe069ea531
                • Opcode Fuzzy Hash: 6280860ce52b0dfdd55c097c1a234916f2a3d63614bd2e364b6610dbdcc446d2
                • Instruction Fuzzy Hash: CBE1AB316087529FD72DCF28C884B2ABBF0AB89724F144A2DF5A58B3D1D774D856CB42
                Function 0113BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Resource at %p, xrefs: 01177B8E
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01177B7F
                • RTL: Re-Waiting, xrefs: 01177BAC
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: 8bec0996a3b62f787ab37cc902aee58a5b50b78840fab5697bd4426a67d3fb76
                • Instruction ID: 517cdcb1de5deba8e1203100f9a518ee6b6cd543d9b2e8718ff6534595a8f651
                • Opcode Fuzzy Hash: 8bec0996a3b62f787ab37cc902aee58a5b50b78840fab5697bd4426a67d3fb76
                • Instruction Fuzzy Hash: BC41F6313057039FD728DE29C840B6AB7E5EF84724F100A2DF95ADB780E731E4058B96
                Function 0113B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0117728C
                Strings
                • RTL: Resource at %p, xrefs: 011772A3
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01177294
                • RTL: Re-Waiting, xrefs: 011772C1
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: 9c8d92e1b50014c07a0d764fb28de8232d94e80cc55f1fd1f98a5c56c617412a
                • Instruction ID: 46443e4620bb60436479b58316b1e60364533200a68318e7f7b8bf6863cc1bd3
                • Opcode Fuzzy Hash: 9c8d92e1b50014c07a0d764fb28de8232d94e80cc55f1fd1f98a5c56c617412a
                • Instruction Fuzzy Hash: 2E410331704202ABC728DE29CC45F6AB7B5FF94714F104A19F965EB380EB30E8468BD5
                Function 011B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: a16c7648dd5ca1b698310a72adbdff18226f3966242d7880bb1b45433d917c34
                • Instruction ID: 354de0d5d23ad8e2bbf8bbee5371fca43cad0a6f35bbb6ffd83fa1f6c1685a65
                • Opcode Fuzzy Hash: a16c7648dd5ca1b698310a72adbdff18226f3966242d7880bb1b45433d917c34
                • Instruction Fuzzy Hash: 62319A726012199FDB24DF2DCC80BEE77F8EF48614F440559E949D3100EB30AA498B60
                Function 01147D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: a172ee15651aae1b94f5dacac1068885d9bb1ee67feb9a303e9c2a5ec14952c4
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: 9491B171E002169BEF2CDF6DC890ABEBBA5FF44B20F54461AE965E72C0D73099418B52
                Function 01109126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: 0cca8a5570251be606454a49dea01871ecfe36d1512397686da4a4cf5ed64797
                • Instruction ID: c9399d2679ce112a74a29f8e0e64d0fc4f759bd6c6f3e3b400b29f60060ddb17
                • Opcode Fuzzy Hash: 0cca8a5570251be606454a49dea01871ecfe36d1512397686da4a4cf5ed64797
                • Instruction Fuzzy Hash: 65811B71D012699BDB399B54CC54BEAB6B8AF08754F0041EAEA1DB7280D7715E84CFA0
                Function 0118CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                Download Yara Rule
                APIs
                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0118CFBD
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.1336299278.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10d0000_SecuriteInfo.jbxd
                Similarity
                • API ID: CallFilterFunc@8
                • String ID: @$@4_w@4_w
                • API String ID: 4062629308-713214301
                • Opcode ID: a738f54e5824562e00a8d5a9045f56887ff0b6822799abf8621c58159d7f742a
                • Instruction ID: bde9166e94ce92d89b954fd46cb52400de73dfb2cd5314d9a2e15255a1034774
                • Opcode Fuzzy Hash: a738f54e5824562e00a8d5a9045f56887ff0b6822799abf8621c58159d7f742a
                • Instruction Fuzzy Hash: 2841A371900215DFDB29AF99D840AADFBB4FF55B14F10812EE915EB254D730D841CF61