Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VzJM9stirU.exe

Overview

General Information

Sample name:VzJM9stirU.exe
renamed because original name is a hash value
Original sample name:180a438bb4ebd1e32db8a355b7b73f7c37394d3af39e7968bd98a11609c577bb.exe
Analysis ID:1530772
MD5:04b7699eaf7c0cb485c52312cb533f50
SHA1:b33b377a01b728c310af98b345c3020023136c64
SHA256:180a438bb4ebd1e32db8a355b7b73f7c37394d3af39e7968bd98a11609c577bb
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Machine Learning detection for sample
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • VzJM9stirU.exe (PID: 5012 cmdline: "C:\Users\user\Desktop\VzJM9stirU.exe" MD5: 04B7699EAF7C0CB485C52312CB533F50)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2463684553.0000000001520000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2463684553.0000000001520000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2be20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13eaf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2dff3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x16082:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.VzJM9stirU.exe.e50000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0.2.VzJM9stirU.exe.e50000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2e1f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x16282:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: VzJM9stirU.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: VzJM9stirU.exeReversingLabs: Detection: 60%
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.VzJM9stirU.exe.e50000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2463684553.0000000001520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: VzJM9stirU.exeJoe Sandbox ML: detected
        Source: VzJM9stirU.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: VzJM9stirU.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: VzJM9stirU.exe, 00000000.00000003.2136143179.0000000001852000.00000004.00000020.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000002.2463882910.0000000001B9E000.00000040.00001000.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000003.2134026601.00000000016AC000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: VzJM9stirU.exe, VzJM9stirU.exe, 00000000.00000003.2136143179.0000000001852000.00000004.00000020.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000002.2463882910.0000000001B9E000.00000040.00001000.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000003.2134026601.00000000016AC000.00000004.00000020.00020000.00000000.sdmp

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.VzJM9stirU.exe.e50000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2463684553.0000000001520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0.2.VzJM9stirU.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.2463684553.0000000001520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E7C283 NtClose,0_2_00E7C283
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E51A40 NtProtectVirtualMemory,NtProtectVirtualMemory,0_2_00E51A40
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72B60 NtClose,LdrInitializeThunk,0_2_01A72B60
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01A72DF0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01A72C70
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A735C0 NtCreateMutant,LdrInitializeThunk,0_2_01A735C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A74340 NtSetContextThread,0_2_01A74340
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A74650 NtSuspendThread,0_2_01A74650
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72BA0 NtEnumerateValueKey,0_2_01A72BA0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72B80 NtQueryInformationFile,0_2_01A72B80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72BE0 NtQueryValueKey,0_2_01A72BE0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72BF0 NtAllocateVirtualMemory,0_2_01A72BF0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72AB0 NtWaitForSingleObject,0_2_01A72AB0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72AF0 NtWriteFile,0_2_01A72AF0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72AD0 NtReadFile,0_2_01A72AD0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72DB0 NtEnumerateKey,0_2_01A72DB0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72DD0 NtDelayExecution,0_2_01A72DD0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72D30 NtUnmapViewOfSection,0_2_01A72D30
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72D00 NtSetInformationFile,0_2_01A72D00
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72D10 NtMapViewOfSection,0_2_01A72D10
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72CA0 NtQueryInformationToken,0_2_01A72CA0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72CF0 NtOpenProcess,0_2_01A72CF0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72CC0 NtQueryVirtualMemory,0_2_01A72CC0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72C00 NtQueryInformationProcess,0_2_01A72C00
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72C60 NtCreateKey,0_2_01A72C60
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72FA0 NtQuerySection,0_2_01A72FA0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72FB0 NtResumeThread,0_2_01A72FB0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72F90 NtProtectVirtualMemory,0_2_01A72F90
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72FE0 NtCreateFile,0_2_01A72FE0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72F30 NtCreateSection,0_2_01A72F30
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72F60 NtCreateProcessEx,0_2_01A72F60
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72EA0 NtAdjustPrivilegesToken,0_2_01A72EA0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72E80 NtReadVirtualMemory,0_2_01A72E80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72EE0 NtQueueApcThread,0_2_01A72EE0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72E30 NtWriteVirtualMemory,0_2_01A72E30
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A73090 NtSetValueKey,0_2_01A73090
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A73010 NtOpenDirectoryObject,0_2_01A73010
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A739B0 NtGetContextThread,0_2_01A739B0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A73D10 NtOpenProcessToken,0_2_01A73D10
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A73D70 NtOpenThread,0_2_01A73D70
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E7E8E30_2_00E7E8E3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E512600_2_00E51260
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E5FA410_2_00E5FA41
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E5FA430_2_00E5FA43
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E663EE0_2_00E663EE
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E663F30_2_00E663F3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E523D00_2_00E523D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E514E00_2_00E514E0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E5DCE30_2_00E5DCE3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E5FC630_2_00E5FC63
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E52F500_2_00E52F50
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E527300_2_00E52730
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF41A20_2_01AF41A2
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B001AA0_2_01B001AA
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF81CC0_2_01AF81CC
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A301000_2_01A30100
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADA1180_2_01ADA118
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC81580_2_01AC8158
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD20000_2_01AD2000
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4E3F00_2_01A4E3F0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B003E60_2_01B003E6
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFA3520_2_01AFA352
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC02C00_2_01AC02C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE02740_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B005910_2_01B00591
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A405350_2_01A40535
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AEE4F60_2_01AEE4F6
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE44200_2_01AE4420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF24460_2_01AF2446
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3C7C00_2_01A3C7C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A407700_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A647500_2_01A64750
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5C6E00_2_01A5C6E0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A00_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B0A9A60_2_01B0A9A6
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A569620_2_01A56962
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A268B80_2_01A268B8
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E8F00_2_01A6E8F0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4A8400_2_01A4A840
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A428400_2_01A42840
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF6BD70_2_01AF6BD7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFAB400_2_01AFAB40
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3EA800_2_01A3EA80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A58DBF0_2_01A58DBF
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3ADE00_2_01A3ADE0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4AD000_2_01A4AD00
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADCD1F0_2_01ADCD1F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0CB50_2_01AE0CB5
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A30CF20_2_01A30CF2
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40C000_2_01A40C00
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABEFA00_2_01ABEFA0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4CFE00_2_01A4CFE0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A32FC80_2_01A32FC8
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A82F280_2_01A82F28
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A60F300_2_01A60F30
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE2F300_2_01AE2F30
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB4F400_2_01AB4F40
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A52E900_2_01A52E90
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFCE930_2_01AFCE93
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFEEDB0_2_01AFEEDB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFEE260_2_01AFEE26
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40E590_2_01A40E59
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4B1B00_2_01A4B1B0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A7516C0_2_01A7516C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2F1720_2_01A2F172
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B0B16B0_2_01B0B16B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF70E90_2_01AF70E9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFF0E00_2_01AFF0E0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AEF0CC0_2_01AEF0CC
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A470C00_2_01A470C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A8739A0_2_01A8739A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF132D0_2_01AF132D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2D34C0_2_01A2D34C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A452A00_2_01A452A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE12ED0_2_01AE12ED
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5B2C00_2_01A5B2C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADD5B00_2_01ADD5B0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B095C30_2_01B095C3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF75710_2_01AF7571
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFF43F0_2_01AFF43F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A314600_2_01A31460
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFF7B00_2_01AFF7B0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF16CC0_2_01AF16CC
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A856300_2_01A85630
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD59100_2_01AD5910
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A499500_2_01A49950
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5B9500_2_01A5B950
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A438E00_2_01A438E0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAD8000_2_01AAD800
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5FB800_2_01A5FB80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB5BF00_2_01AB5BF0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A7DBF90_2_01A7DBF9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFFB760_2_01AFFB76
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADDAAC0_2_01ADDAAC
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A85AA00_2_01A85AA0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE1AA30_2_01AE1AA3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AEDAC60_2_01AEDAC6
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB3A6C0_2_01AB3A6C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFFA490_2_01AFFA49
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF7A460_2_01AF7A46
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5FDC00_2_01A5FDC0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF7D730_2_01AF7D73
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A43D400_2_01A43D40
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF1D5A0_2_01AF1D5A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFFCF20_2_01AFFCF2
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB9C320_2_01AB9C32
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFFFB10_2_01AFFFB1
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A41F920_2_01A41F92
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A03FD20_2_01A03FD2
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A03FD50_2_01A03FD5
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFFF090_2_01AFFF09
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A49EB00_2_01A49EB0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: String function: 01A75130 appears 58 times
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: String function: 01A87E54 appears 111 times
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: String function: 01A2B970 appears 280 times
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: String function: 01ABF290 appears 105 times
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: String function: 01AAEA12 appears 86 times
        Source: VzJM9stirU.exeStatic PE information: No import functions for PE file found
        Source: VzJM9stirU.exe, 00000000.00000002.2463882910.0000000001CD1000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs VzJM9stirU.exe
        Source: VzJM9stirU.exe, 00000000.00000003.2136143179.000000000197F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs VzJM9stirU.exe
        Source: VzJM9stirU.exe, 00000000.00000003.2134026601.00000000017CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs VzJM9stirU.exe
        Source: VzJM9stirU.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 0.2.VzJM9stirU.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.2463684553.0000000001520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: VzJM9stirU.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: VzJM9stirU.exeStatic PE information: Section .text
        Source: classification engineClassification label: mal80.troj.winEXE@1/0@0/0
        Source: VzJM9stirU.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\VzJM9stirU.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: VzJM9stirU.exeReversingLabs: Detection: 60%
        Source: C:\Users\user\Desktop\VzJM9stirU.exeSection loaded: apphelp.dllJump to behavior
        Source: VzJM9stirU.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: VzJM9stirU.exe, 00000000.00000003.2136143179.0000000001852000.00000004.00000020.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000002.2463882910.0000000001B9E000.00000040.00001000.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000003.2134026601.00000000016AC000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: VzJM9stirU.exe, VzJM9stirU.exe, 00000000.00000003.2136143179.0000000001852000.00000004.00000020.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000002.2463882910.0000000001B9E000.00000040.00001000.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, VzJM9stirU.exe, 00000000.00000003.2134026601.00000000016AC000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E6A87D push esp; retf 0_2_00E6A87E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E531D0 push eax; ret 0_2_00E531D2
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E73923 push esi; retf 0_2_00E7392E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E5710D pushfd ; retf 0_2_00E5710E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E73916 push esi; retf 0_2_00E7392E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E643E3 push edi; iretd 0_2_00E643EF
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E6A3C1 push edi; retf 0_2_00E6A3C7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E68B76 push ebx; retf 0_2_00E68B77
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E73B35 push cs; retf 0_2_00E73B36
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E73C2F push C67CA722h; ret 0_2_00E73C34
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E61DA3 push edi; iretd 0_2_00E61DAF
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E747A8 push edi; ret 0_2_00E747AC
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E74700 push ecx; retf 0_2_00E74749
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A0225F pushad ; ret 0_2_01A027F9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A027FA pushad ; ret 0_2_01A027F9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A309AD push ecx; mov dword ptr [esp], ecx0_2_01A309B6
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A0283D push eax; iretd 0_2_01A02858
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A01366 push eax; iretd 0_2_01A01369
        Source: VzJM9stirU.exeStatic PE information: section name: .text entropy: 7.996363503608476
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A7096E rdtsc 0_2_01A7096E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeAPI coverage: 0.7 %
        Source: C:\Users\user\Desktop\VzJM9stirU.exe TID: 2472Thread sleep time: -30000s >= -30000sJump to behavior
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
        Source: C:\Users\user\Desktop\VzJM9stirU.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\VzJM9stirU.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A7096E rdtsc 0_2_01A7096E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_00E673A3 LdrLoadDll,0_2_00E673A3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A70185 mov eax, dword ptr fs:[00000030h]0_2_01A70185
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AEC188 mov eax, dword ptr fs:[00000030h]0_2_01AEC188
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AEC188 mov eax, dword ptr fs:[00000030h]0_2_01AEC188
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD4180 mov eax, dword ptr fs:[00000030h]0_2_01AD4180
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD4180 mov eax, dword ptr fs:[00000030h]0_2_01AD4180
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB019F mov eax, dword ptr fs:[00000030h]0_2_01AB019F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB019F mov eax, dword ptr fs:[00000030h]0_2_01AB019F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB019F mov eax, dword ptr fs:[00000030h]0_2_01AB019F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB019F mov eax, dword ptr fs:[00000030h]0_2_01AB019F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2A197 mov eax, dword ptr fs:[00000030h]0_2_01A2A197
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2A197 mov eax, dword ptr fs:[00000030h]0_2_01A2A197
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2A197 mov eax, dword ptr fs:[00000030h]0_2_01A2A197
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B061E5 mov eax, dword ptr fs:[00000030h]0_2_01B061E5
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A601F8 mov eax, dword ptr fs:[00000030h]0_2_01A601F8
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF61C3 mov eax, dword ptr fs:[00000030h]0_2_01AF61C3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF61C3 mov eax, dword ptr fs:[00000030h]0_2_01AF61C3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE1D0 mov eax, dword ptr fs:[00000030h]0_2_01AAE1D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE1D0 mov eax, dword ptr fs:[00000030h]0_2_01AAE1D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE1D0 mov ecx, dword ptr fs:[00000030h]0_2_01AAE1D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE1D0 mov eax, dword ptr fs:[00000030h]0_2_01AAE1D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE1D0 mov eax, dword ptr fs:[00000030h]0_2_01AAE1D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A60124 mov eax, dword ptr fs:[00000030h]0_2_01A60124
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE10E mov eax, dword ptr fs:[00000030h]0_2_01ADE10E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE10E mov ecx, dword ptr fs:[00000030h]0_2_01ADE10E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE10E mov eax, dword ptr fs:[00000030h]0_2_01ADE10E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE10E mov eax, dword ptr fs:[00000030h]0_2_01ADE10E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE10E mov ecx, dword ptr fs:[00000030h]0_2_01ADE10E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE10E mov eax, dword ptr fs:[00000030h]0_2_01ADE10E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE10E mov eax, dword ptr fs:[00000030h]0_2_01ADE10E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE10E mov ecx, dword ptr fs:[00000030h]0_2_01ADE10E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE10E mov eax, dword ptr fs:[00000030h]0_2_01ADE10E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE10E mov ecx, dword ptr fs:[00000030h]0_2_01ADE10E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADA118 mov ecx, dword ptr fs:[00000030h]0_2_01ADA118
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADA118 mov eax, dword ptr fs:[00000030h]0_2_01ADA118
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADA118 mov eax, dword ptr fs:[00000030h]0_2_01ADA118
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADA118 mov eax, dword ptr fs:[00000030h]0_2_01ADA118
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF0115 mov eax, dword ptr fs:[00000030h]0_2_01AF0115
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04164 mov eax, dword ptr fs:[00000030h]0_2_01B04164
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04164 mov eax, dword ptr fs:[00000030h]0_2_01B04164
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC4144 mov eax, dword ptr fs:[00000030h]0_2_01AC4144
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC4144 mov eax, dword ptr fs:[00000030h]0_2_01AC4144
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC4144 mov ecx, dword ptr fs:[00000030h]0_2_01AC4144
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC4144 mov eax, dword ptr fs:[00000030h]0_2_01AC4144
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC4144 mov eax, dword ptr fs:[00000030h]0_2_01AC4144
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2C156 mov eax, dword ptr fs:[00000030h]0_2_01A2C156
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC8158 mov eax, dword ptr fs:[00000030h]0_2_01AC8158
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A36154 mov eax, dword ptr fs:[00000030h]0_2_01A36154
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A36154 mov eax, dword ptr fs:[00000030h]0_2_01A36154
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A280A0 mov eax, dword ptr fs:[00000030h]0_2_01A280A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC80A8 mov eax, dword ptr fs:[00000030h]0_2_01AC80A8
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF60B8 mov eax, dword ptr fs:[00000030h]0_2_01AF60B8
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF60B8 mov ecx, dword ptr fs:[00000030h]0_2_01AF60B8
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3208A mov eax, dword ptr fs:[00000030h]0_2_01A3208A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2A0E3 mov ecx, dword ptr fs:[00000030h]0_2_01A2A0E3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A380E9 mov eax, dword ptr fs:[00000030h]0_2_01A380E9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB60E0 mov eax, dword ptr fs:[00000030h]0_2_01AB60E0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2C0F0 mov eax, dword ptr fs:[00000030h]0_2_01A2C0F0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A720F0 mov ecx, dword ptr fs:[00000030h]0_2_01A720F0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB20DE mov eax, dword ptr fs:[00000030h]0_2_01AB20DE
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2A020 mov eax, dword ptr fs:[00000030h]0_2_01A2A020
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2C020 mov eax, dword ptr fs:[00000030h]0_2_01A2C020
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC6030 mov eax, dword ptr fs:[00000030h]0_2_01AC6030
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB4000 mov ecx, dword ptr fs:[00000030h]0_2_01AB4000
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD2000 mov eax, dword ptr fs:[00000030h]0_2_01AD2000
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD2000 mov eax, dword ptr fs:[00000030h]0_2_01AD2000
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD2000 mov eax, dword ptr fs:[00000030h]0_2_01AD2000
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD2000 mov eax, dword ptr fs:[00000030h]0_2_01AD2000
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD2000 mov eax, dword ptr fs:[00000030h]0_2_01AD2000
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD2000 mov eax, dword ptr fs:[00000030h]0_2_01AD2000
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD2000 mov eax, dword ptr fs:[00000030h]0_2_01AD2000
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD2000 mov eax, dword ptr fs:[00000030h]0_2_01AD2000
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4E016 mov eax, dword ptr fs:[00000030h]0_2_01A4E016
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4E016 mov eax, dword ptr fs:[00000030h]0_2_01A4E016
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4E016 mov eax, dword ptr fs:[00000030h]0_2_01A4E016
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4E016 mov eax, dword ptr fs:[00000030h]0_2_01A4E016
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5C073 mov eax, dword ptr fs:[00000030h]0_2_01A5C073
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A32050 mov eax, dword ptr fs:[00000030h]0_2_01A32050
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB6050 mov eax, dword ptr fs:[00000030h]0_2_01AB6050
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2E388 mov eax, dword ptr fs:[00000030h]0_2_01A2E388
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2E388 mov eax, dword ptr fs:[00000030h]0_2_01A2E388
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2E388 mov eax, dword ptr fs:[00000030h]0_2_01A2E388
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5438F mov eax, dword ptr fs:[00000030h]0_2_01A5438F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5438F mov eax, dword ptr fs:[00000030h]0_2_01A5438F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A28397 mov eax, dword ptr fs:[00000030h]0_2_01A28397
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A28397 mov eax, dword ptr fs:[00000030h]0_2_01A28397
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A28397 mov eax, dword ptr fs:[00000030h]0_2_01A28397
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A403E9 mov eax, dword ptr fs:[00000030h]0_2_01A403E9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A403E9 mov eax, dword ptr fs:[00000030h]0_2_01A403E9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A403E9 mov eax, dword ptr fs:[00000030h]0_2_01A403E9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A403E9 mov eax, dword ptr fs:[00000030h]0_2_01A403E9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A403E9 mov eax, dword ptr fs:[00000030h]0_2_01A403E9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A403E9 mov eax, dword ptr fs:[00000030h]0_2_01A403E9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A403E9 mov eax, dword ptr fs:[00000030h]0_2_01A403E9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A403E9 mov eax, dword ptr fs:[00000030h]0_2_01A403E9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4E3F0 mov eax, dword ptr fs:[00000030h]0_2_01A4E3F0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4E3F0 mov eax, dword ptr fs:[00000030h]0_2_01A4E3F0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4E3F0 mov eax, dword ptr fs:[00000030h]0_2_01A4E3F0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A663FF mov eax, dword ptr fs:[00000030h]0_2_01A663FF
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AEC3CD mov eax, dword ptr fs:[00000030h]0_2_01AEC3CD
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A3A3C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A3A3C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A3A3C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A3A3C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A3A3C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A3A3C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A383C0 mov eax, dword ptr fs:[00000030h]0_2_01A383C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A383C0 mov eax, dword ptr fs:[00000030h]0_2_01A383C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A383C0 mov eax, dword ptr fs:[00000030h]0_2_01A383C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A383C0 mov eax, dword ptr fs:[00000030h]0_2_01A383C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB63C0 mov eax, dword ptr fs:[00000030h]0_2_01AB63C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE3DB mov eax, dword ptr fs:[00000030h]0_2_01ADE3DB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE3DB mov eax, dword ptr fs:[00000030h]0_2_01ADE3DB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE3DB mov ecx, dword ptr fs:[00000030h]0_2_01ADE3DB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADE3DB mov eax, dword ptr fs:[00000030h]0_2_01ADE3DB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD43D4 mov eax, dword ptr fs:[00000030h]0_2_01AD43D4
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD43D4 mov eax, dword ptr fs:[00000030h]0_2_01AD43D4
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B08324 mov eax, dword ptr fs:[00000030h]0_2_01B08324
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B08324 mov ecx, dword ptr fs:[00000030h]0_2_01B08324
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B08324 mov eax, dword ptr fs:[00000030h]0_2_01B08324
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B08324 mov eax, dword ptr fs:[00000030h]0_2_01B08324
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A30B mov eax, dword ptr fs:[00000030h]0_2_01A6A30B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A30B mov eax, dword ptr fs:[00000030h]0_2_01A6A30B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A30B mov eax, dword ptr fs:[00000030h]0_2_01A6A30B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2C310 mov ecx, dword ptr fs:[00000030h]0_2_01A2C310
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A50310 mov ecx, dword ptr fs:[00000030h]0_2_01A50310
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD437C mov eax, dword ptr fs:[00000030h]0_2_01AD437C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB2349 mov eax, dword ptr fs:[00000030h]0_2_01AB2349
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB035C mov eax, dword ptr fs:[00000030h]0_2_01AB035C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB035C mov eax, dword ptr fs:[00000030h]0_2_01AB035C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB035C mov eax, dword ptr fs:[00000030h]0_2_01AB035C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB035C mov ecx, dword ptr fs:[00000030h]0_2_01AB035C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB035C mov eax, dword ptr fs:[00000030h]0_2_01AB035C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB035C mov eax, dword ptr fs:[00000030h]0_2_01AB035C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFA352 mov eax, dword ptr fs:[00000030h]0_2_01AFA352
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD8350 mov ecx, dword ptr fs:[00000030h]0_2_01AD8350
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B0634F mov eax, dword ptr fs:[00000030h]0_2_01B0634F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A402A0 mov eax, dword ptr fs:[00000030h]0_2_01A402A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A402A0 mov eax, dword ptr fs:[00000030h]0_2_01A402A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC62A0 mov eax, dword ptr fs:[00000030h]0_2_01AC62A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC62A0 mov ecx, dword ptr fs:[00000030h]0_2_01AC62A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC62A0 mov eax, dword ptr fs:[00000030h]0_2_01AC62A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC62A0 mov eax, dword ptr fs:[00000030h]0_2_01AC62A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC62A0 mov eax, dword ptr fs:[00000030h]0_2_01AC62A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC62A0 mov eax, dword ptr fs:[00000030h]0_2_01AC62A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E284 mov eax, dword ptr fs:[00000030h]0_2_01A6E284
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E284 mov eax, dword ptr fs:[00000030h]0_2_01A6E284
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB0283 mov eax, dword ptr fs:[00000030h]0_2_01AB0283
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB0283 mov eax, dword ptr fs:[00000030h]0_2_01AB0283
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB0283 mov eax, dword ptr fs:[00000030h]0_2_01AB0283
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A402E1 mov eax, dword ptr fs:[00000030h]0_2_01A402E1
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A402E1 mov eax, dword ptr fs:[00000030h]0_2_01A402E1
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A402E1 mov eax, dword ptr fs:[00000030h]0_2_01A402E1
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A2C3 mov eax, dword ptr fs:[00000030h]0_2_01A3A2C3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A2C3 mov eax, dword ptr fs:[00000030h]0_2_01A3A2C3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A2C3 mov eax, dword ptr fs:[00000030h]0_2_01A3A2C3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A2C3 mov eax, dword ptr fs:[00000030h]0_2_01A3A2C3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A2C3 mov eax, dword ptr fs:[00000030h]0_2_01A3A2C3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B062D6 mov eax, dword ptr fs:[00000030h]0_2_01B062D6
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2823B mov eax, dword ptr fs:[00000030h]0_2_01A2823B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A34260 mov eax, dword ptr fs:[00000030h]0_2_01A34260
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A34260 mov eax, dword ptr fs:[00000030h]0_2_01A34260
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A34260 mov eax, dword ptr fs:[00000030h]0_2_01A34260
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2826B mov eax, dword ptr fs:[00000030h]0_2_01A2826B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE0274 mov eax, dword ptr fs:[00000030h]0_2_01AE0274
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB8243 mov eax, dword ptr fs:[00000030h]0_2_01AB8243
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB8243 mov ecx, dword ptr fs:[00000030h]0_2_01AB8243
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B0625D mov eax, dword ptr fs:[00000030h]0_2_01B0625D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2A250 mov eax, dword ptr fs:[00000030h]0_2_01A2A250
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A36259 mov eax, dword ptr fs:[00000030h]0_2_01A36259
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AEA250 mov eax, dword ptr fs:[00000030h]0_2_01AEA250
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AEA250 mov eax, dword ptr fs:[00000030h]0_2_01AEA250
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB05A7 mov eax, dword ptr fs:[00000030h]0_2_01AB05A7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB05A7 mov eax, dword ptr fs:[00000030h]0_2_01AB05A7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB05A7 mov eax, dword ptr fs:[00000030h]0_2_01AB05A7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A545B1 mov eax, dword ptr fs:[00000030h]0_2_01A545B1
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A545B1 mov eax, dword ptr fs:[00000030h]0_2_01A545B1
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A32582 mov eax, dword ptr fs:[00000030h]0_2_01A32582
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A32582 mov ecx, dword ptr fs:[00000030h]0_2_01A32582
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A64588 mov eax, dword ptr fs:[00000030h]0_2_01A64588
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E59C mov eax, dword ptr fs:[00000030h]0_2_01A6E59C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A5E5E7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A5E5E7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A5E5E7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A5E5E7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A5E5E7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A5E5E7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A5E5E7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A5E5E7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A325E0 mov eax, dword ptr fs:[00000030h]0_2_01A325E0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6C5ED mov eax, dword ptr fs:[00000030h]0_2_01A6C5ED
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6C5ED mov eax, dword ptr fs:[00000030h]0_2_01A6C5ED
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E5CF mov eax, dword ptr fs:[00000030h]0_2_01A6E5CF
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E5CF mov eax, dword ptr fs:[00000030h]0_2_01A6E5CF
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A365D0 mov eax, dword ptr fs:[00000030h]0_2_01A365D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A5D0 mov eax, dword ptr fs:[00000030h]0_2_01A6A5D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A5D0 mov eax, dword ptr fs:[00000030h]0_2_01A6A5D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40535 mov eax, dword ptr fs:[00000030h]0_2_01A40535
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40535 mov eax, dword ptr fs:[00000030h]0_2_01A40535
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40535 mov eax, dword ptr fs:[00000030h]0_2_01A40535
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40535 mov eax, dword ptr fs:[00000030h]0_2_01A40535
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40535 mov eax, dword ptr fs:[00000030h]0_2_01A40535
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40535 mov eax, dword ptr fs:[00000030h]0_2_01A40535
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E53E mov eax, dword ptr fs:[00000030h]0_2_01A5E53E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E53E mov eax, dword ptr fs:[00000030h]0_2_01A5E53E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E53E mov eax, dword ptr fs:[00000030h]0_2_01A5E53E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E53E mov eax, dword ptr fs:[00000030h]0_2_01A5E53E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E53E mov eax, dword ptr fs:[00000030h]0_2_01A5E53E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC6500 mov eax, dword ptr fs:[00000030h]0_2_01AC6500
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04500 mov eax, dword ptr fs:[00000030h]0_2_01B04500
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04500 mov eax, dword ptr fs:[00000030h]0_2_01B04500
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04500 mov eax, dword ptr fs:[00000030h]0_2_01B04500
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04500 mov eax, dword ptr fs:[00000030h]0_2_01B04500
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04500 mov eax, dword ptr fs:[00000030h]0_2_01B04500
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04500 mov eax, dword ptr fs:[00000030h]0_2_01B04500
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04500 mov eax, dword ptr fs:[00000030h]0_2_01B04500
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6656A mov eax, dword ptr fs:[00000030h]0_2_01A6656A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6656A mov eax, dword ptr fs:[00000030h]0_2_01A6656A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6656A mov eax, dword ptr fs:[00000030h]0_2_01A6656A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A38550 mov eax, dword ptr fs:[00000030h]0_2_01A38550
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A38550 mov eax, dword ptr fs:[00000030h]0_2_01A38550
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A364AB mov eax, dword ptr fs:[00000030h]0_2_01A364AB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A644B0 mov ecx, dword ptr fs:[00000030h]0_2_01A644B0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABA4B0 mov eax, dword ptr fs:[00000030h]0_2_01ABA4B0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AEA49A mov eax, dword ptr fs:[00000030h]0_2_01AEA49A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A304E5 mov ecx, dword ptr fs:[00000030h]0_2_01A304E5
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2E420 mov eax, dword ptr fs:[00000030h]0_2_01A2E420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2E420 mov eax, dword ptr fs:[00000030h]0_2_01A2E420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2E420 mov eax, dword ptr fs:[00000030h]0_2_01A2E420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2C427 mov eax, dword ptr fs:[00000030h]0_2_01A2C427
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB6420 mov eax, dword ptr fs:[00000030h]0_2_01AB6420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB6420 mov eax, dword ptr fs:[00000030h]0_2_01AB6420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB6420 mov eax, dword ptr fs:[00000030h]0_2_01AB6420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB6420 mov eax, dword ptr fs:[00000030h]0_2_01AB6420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB6420 mov eax, dword ptr fs:[00000030h]0_2_01AB6420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB6420 mov eax, dword ptr fs:[00000030h]0_2_01AB6420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB6420 mov eax, dword ptr fs:[00000030h]0_2_01AB6420
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A430 mov eax, dword ptr fs:[00000030h]0_2_01A6A430
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A68402 mov eax, dword ptr fs:[00000030h]0_2_01A68402
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A68402 mov eax, dword ptr fs:[00000030h]0_2_01A68402
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A68402 mov eax, dword ptr fs:[00000030h]0_2_01A68402
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABC460 mov ecx, dword ptr fs:[00000030h]0_2_01ABC460
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5A470 mov eax, dword ptr fs:[00000030h]0_2_01A5A470
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5A470 mov eax, dword ptr fs:[00000030h]0_2_01A5A470
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5A470 mov eax, dword ptr fs:[00000030h]0_2_01A5A470
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E443 mov eax, dword ptr fs:[00000030h]0_2_01A6E443
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E443 mov eax, dword ptr fs:[00000030h]0_2_01A6E443
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E443 mov eax, dword ptr fs:[00000030h]0_2_01A6E443
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E443 mov eax, dword ptr fs:[00000030h]0_2_01A6E443
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E443 mov eax, dword ptr fs:[00000030h]0_2_01A6E443
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E443 mov eax, dword ptr fs:[00000030h]0_2_01A6E443
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E443 mov eax, dword ptr fs:[00000030h]0_2_01A6E443
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6E443 mov eax, dword ptr fs:[00000030h]0_2_01A6E443
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AEA456 mov eax, dword ptr fs:[00000030h]0_2_01AEA456
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2645D mov eax, dword ptr fs:[00000030h]0_2_01A2645D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5245A mov eax, dword ptr fs:[00000030h]0_2_01A5245A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A307AF mov eax, dword ptr fs:[00000030h]0_2_01A307AF
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE47A0 mov eax, dword ptr fs:[00000030h]0_2_01AE47A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD678E mov eax, dword ptr fs:[00000030h]0_2_01AD678E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A527ED mov eax, dword ptr fs:[00000030h]0_2_01A527ED
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A527ED mov eax, dword ptr fs:[00000030h]0_2_01A527ED
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A527ED mov eax, dword ptr fs:[00000030h]0_2_01A527ED
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABE7E1 mov eax, dword ptr fs:[00000030h]0_2_01ABE7E1
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A347FB mov eax, dword ptr fs:[00000030h]0_2_01A347FB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A347FB mov eax, dword ptr fs:[00000030h]0_2_01A347FB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3C7C0 mov eax, dword ptr fs:[00000030h]0_2_01A3C7C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB07C3 mov eax, dword ptr fs:[00000030h]0_2_01AB07C3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6C720 mov eax, dword ptr fs:[00000030h]0_2_01A6C720
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6C720 mov eax, dword ptr fs:[00000030h]0_2_01A6C720
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6273C mov eax, dword ptr fs:[00000030h]0_2_01A6273C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6273C mov ecx, dword ptr fs:[00000030h]0_2_01A6273C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6273C mov eax, dword ptr fs:[00000030h]0_2_01A6273C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAC730 mov eax, dword ptr fs:[00000030h]0_2_01AAC730
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6C700 mov eax, dword ptr fs:[00000030h]0_2_01A6C700
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A30710 mov eax, dword ptr fs:[00000030h]0_2_01A30710
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A60710 mov eax, dword ptr fs:[00000030h]0_2_01A60710
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A38770 mov eax, dword ptr fs:[00000030h]0_2_01A38770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40770 mov eax, dword ptr fs:[00000030h]0_2_01A40770
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6674D mov esi, dword ptr fs:[00000030h]0_2_01A6674D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6674D mov eax, dword ptr fs:[00000030h]0_2_01A6674D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6674D mov eax, dword ptr fs:[00000030h]0_2_01A6674D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A30750 mov eax, dword ptr fs:[00000030h]0_2_01A30750
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABE75D mov eax, dword ptr fs:[00000030h]0_2_01ABE75D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72750 mov eax, dword ptr fs:[00000030h]0_2_01A72750
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72750 mov eax, dword ptr fs:[00000030h]0_2_01A72750
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB4755 mov eax, dword ptr fs:[00000030h]0_2_01AB4755
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6C6A6 mov eax, dword ptr fs:[00000030h]0_2_01A6C6A6
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A666B0 mov eax, dword ptr fs:[00000030h]0_2_01A666B0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A34690 mov eax, dword ptr fs:[00000030h]0_2_01A34690
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A34690 mov eax, dword ptr fs:[00000030h]0_2_01A34690
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE6F2 mov eax, dword ptr fs:[00000030h]0_2_01AAE6F2
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE6F2 mov eax, dword ptr fs:[00000030h]0_2_01AAE6F2
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE6F2 mov eax, dword ptr fs:[00000030h]0_2_01AAE6F2
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE6F2 mov eax, dword ptr fs:[00000030h]0_2_01AAE6F2
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB06F1 mov eax, dword ptr fs:[00000030h]0_2_01AB06F1
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB06F1 mov eax, dword ptr fs:[00000030h]0_2_01AB06F1
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A6C7 mov ebx, dword ptr fs:[00000030h]0_2_01A6A6C7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A6C7 mov eax, dword ptr fs:[00000030h]0_2_01A6A6C7
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4E627 mov eax, dword ptr fs:[00000030h]0_2_01A4E627
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A66620 mov eax, dword ptr fs:[00000030h]0_2_01A66620
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A68620 mov eax, dword ptr fs:[00000030h]0_2_01A68620
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3262C mov eax, dword ptr fs:[00000030h]0_2_01A3262C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE609 mov eax, dword ptr fs:[00000030h]0_2_01AAE609
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4260B mov eax, dword ptr fs:[00000030h]0_2_01A4260B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4260B mov eax, dword ptr fs:[00000030h]0_2_01A4260B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4260B mov eax, dword ptr fs:[00000030h]0_2_01A4260B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4260B mov eax, dword ptr fs:[00000030h]0_2_01A4260B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4260B mov eax, dword ptr fs:[00000030h]0_2_01A4260B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4260B mov eax, dword ptr fs:[00000030h]0_2_01A4260B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4260B mov eax, dword ptr fs:[00000030h]0_2_01A4260B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A72619 mov eax, dword ptr fs:[00000030h]0_2_01A72619
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF866E mov eax, dword ptr fs:[00000030h]0_2_01AF866E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF866E mov eax, dword ptr fs:[00000030h]0_2_01AF866E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A660 mov eax, dword ptr fs:[00000030h]0_2_01A6A660
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A660 mov eax, dword ptr fs:[00000030h]0_2_01A6A660
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A62674 mov eax, dword ptr fs:[00000030h]0_2_01A62674
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A4C640 mov eax, dword ptr fs:[00000030h]0_2_01A4C640
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A429A0 mov eax, dword ptr fs:[00000030h]0_2_01A429A0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A309AD mov eax, dword ptr fs:[00000030h]0_2_01A309AD
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A309AD mov eax, dword ptr fs:[00000030h]0_2_01A309AD
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB89B3 mov esi, dword ptr fs:[00000030h]0_2_01AB89B3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB89B3 mov eax, dword ptr fs:[00000030h]0_2_01AB89B3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB89B3 mov eax, dword ptr fs:[00000030h]0_2_01AB89B3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABE9E0 mov eax, dword ptr fs:[00000030h]0_2_01ABE9E0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A629F9 mov eax, dword ptr fs:[00000030h]0_2_01A629F9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A629F9 mov eax, dword ptr fs:[00000030h]0_2_01A629F9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC69C0 mov eax, dword ptr fs:[00000030h]0_2_01AC69C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A3A9D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A3A9D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A3A9D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A3A9D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A3A9D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A3A9D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A649D0 mov eax, dword ptr fs:[00000030h]0_2_01A649D0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFA9D3 mov eax, dword ptr fs:[00000030h]0_2_01AFA9D3
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB892A mov eax, dword ptr fs:[00000030h]0_2_01AB892A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC892B mov eax, dword ptr fs:[00000030h]0_2_01AC892B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE908 mov eax, dword ptr fs:[00000030h]0_2_01AAE908
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAE908 mov eax, dword ptr fs:[00000030h]0_2_01AAE908
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABC912 mov eax, dword ptr fs:[00000030h]0_2_01ABC912
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A28918 mov eax, dword ptr fs:[00000030h]0_2_01A28918
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A28918 mov eax, dword ptr fs:[00000030h]0_2_01A28918
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A56962 mov eax, dword ptr fs:[00000030h]0_2_01A56962
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A56962 mov eax, dword ptr fs:[00000030h]0_2_01A56962
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A56962 mov eax, dword ptr fs:[00000030h]0_2_01A56962
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A7096E mov eax, dword ptr fs:[00000030h]0_2_01A7096E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A7096E mov edx, dword ptr fs:[00000030h]0_2_01A7096E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A7096E mov eax, dword ptr fs:[00000030h]0_2_01A7096E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD4978 mov eax, dword ptr fs:[00000030h]0_2_01AD4978
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD4978 mov eax, dword ptr fs:[00000030h]0_2_01AD4978
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABC97C mov eax, dword ptr fs:[00000030h]0_2_01ABC97C
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AB0946 mov eax, dword ptr fs:[00000030h]0_2_01AB0946
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04940 mov eax, dword ptr fs:[00000030h]0_2_01B04940
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A30887 mov eax, dword ptr fs:[00000030h]0_2_01A30887
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABC89D mov eax, dword ptr fs:[00000030h]0_2_01ABC89D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFA8E4 mov eax, dword ptr fs:[00000030h]0_2_01AFA8E4
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6C8F9 mov eax, dword ptr fs:[00000030h]0_2_01A6C8F9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6C8F9 mov eax, dword ptr fs:[00000030h]0_2_01A6C8F9
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5E8C0 mov eax, dword ptr fs:[00000030h]0_2_01A5E8C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B008C0 mov eax, dword ptr fs:[00000030h]0_2_01B008C0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A52835 mov eax, dword ptr fs:[00000030h]0_2_01A52835
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A52835 mov eax, dword ptr fs:[00000030h]0_2_01A52835
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A52835 mov eax, dword ptr fs:[00000030h]0_2_01A52835
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A52835 mov ecx, dword ptr fs:[00000030h]0_2_01A52835
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A52835 mov eax, dword ptr fs:[00000030h]0_2_01A52835
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A52835 mov eax, dword ptr fs:[00000030h]0_2_01A52835
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6A830 mov eax, dword ptr fs:[00000030h]0_2_01A6A830
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD483A mov eax, dword ptr fs:[00000030h]0_2_01AD483A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD483A mov eax, dword ptr fs:[00000030h]0_2_01AD483A
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABC810 mov eax, dword ptr fs:[00000030h]0_2_01ABC810
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABE872 mov eax, dword ptr fs:[00000030h]0_2_01ABE872
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABE872 mov eax, dword ptr fs:[00000030h]0_2_01ABE872
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC6870 mov eax, dword ptr fs:[00000030h]0_2_01AC6870
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC6870 mov eax, dword ptr fs:[00000030h]0_2_01AC6870
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A42840 mov ecx, dword ptr fs:[00000030h]0_2_01A42840
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A60854 mov eax, dword ptr fs:[00000030h]0_2_01A60854
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A34859 mov eax, dword ptr fs:[00000030h]0_2_01A34859
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A34859 mov eax, dword ptr fs:[00000030h]0_2_01A34859
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40BBE mov eax, dword ptr fs:[00000030h]0_2_01A40BBE
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A40BBE mov eax, dword ptr fs:[00000030h]0_2_01A40BBE
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE4BB0 mov eax, dword ptr fs:[00000030h]0_2_01AE4BB0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE4BB0 mov eax, dword ptr fs:[00000030h]0_2_01AE4BB0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A38BF0 mov eax, dword ptr fs:[00000030h]0_2_01A38BF0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A38BF0 mov eax, dword ptr fs:[00000030h]0_2_01A38BF0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A38BF0 mov eax, dword ptr fs:[00000030h]0_2_01A38BF0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5EBFC mov eax, dword ptr fs:[00000030h]0_2_01A5EBFC
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABCBF0 mov eax, dword ptr fs:[00000030h]0_2_01ABCBF0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A50BCB mov eax, dword ptr fs:[00000030h]0_2_01A50BCB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A50BCB mov eax, dword ptr fs:[00000030h]0_2_01A50BCB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A50BCB mov eax, dword ptr fs:[00000030h]0_2_01A50BCB
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A30BCD mov eax, dword ptr fs:[00000030h]0_2_01A30BCD
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A30BCD mov eax, dword ptr fs:[00000030h]0_2_01A30BCD
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A30BCD mov eax, dword ptr fs:[00000030h]0_2_01A30BCD
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADEBD0 mov eax, dword ptr fs:[00000030h]0_2_01ADEBD0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5EB20 mov eax, dword ptr fs:[00000030h]0_2_01A5EB20
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5EB20 mov eax, dword ptr fs:[00000030h]0_2_01A5EB20
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF8B28 mov eax, dword ptr fs:[00000030h]0_2_01AF8B28
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AF8B28 mov eax, dword ptr fs:[00000030h]0_2_01AF8B28
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04B00 mov eax, dword ptr fs:[00000030h]0_2_01B04B00
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAEB1D mov eax, dword ptr fs:[00000030h]0_2_01AAEB1D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAEB1D mov eax, dword ptr fs:[00000030h]0_2_01AAEB1D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAEB1D mov eax, dword ptr fs:[00000030h]0_2_01AAEB1D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAEB1D mov eax, dword ptr fs:[00000030h]0_2_01AAEB1D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAEB1D mov eax, dword ptr fs:[00000030h]0_2_01AAEB1D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAEB1D mov eax, dword ptr fs:[00000030h]0_2_01AAEB1D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAEB1D mov eax, dword ptr fs:[00000030h]0_2_01AAEB1D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAEB1D mov eax, dword ptr fs:[00000030h]0_2_01AAEB1D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AAEB1D mov eax, dword ptr fs:[00000030h]0_2_01AAEB1D
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A2CB7E mov eax, dword ptr fs:[00000030h]0_2_01A2CB7E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE4B4B mov eax, dword ptr fs:[00000030h]0_2_01AE4B4B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AE4B4B mov eax, dword ptr fs:[00000030h]0_2_01AE4B4B
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B02B57 mov eax, dword ptr fs:[00000030h]0_2_01B02B57
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B02B57 mov eax, dword ptr fs:[00000030h]0_2_01B02B57
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B02B57 mov eax, dword ptr fs:[00000030h]0_2_01B02B57
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B02B57 mov eax, dword ptr fs:[00000030h]0_2_01B02B57
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC6B40 mov eax, dword ptr fs:[00000030h]0_2_01AC6B40
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AC6B40 mov eax, dword ptr fs:[00000030h]0_2_01AC6B40
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AFAB40 mov eax, dword ptr fs:[00000030h]0_2_01AFAB40
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01AD8B42 mov eax, dword ptr fs:[00000030h]0_2_01AD8B42
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A28B50 mov eax, dword ptr fs:[00000030h]0_2_01A28B50
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADEB50 mov eax, dword ptr fs:[00000030h]0_2_01ADEB50
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A38AA0 mov eax, dword ptr fs:[00000030h]0_2_01A38AA0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A38AA0 mov eax, dword ptr fs:[00000030h]0_2_01A38AA0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A86AA4 mov eax, dword ptr fs:[00000030h]0_2_01A86AA4
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3EA80 mov eax, dword ptr fs:[00000030h]0_2_01A3EA80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3EA80 mov eax, dword ptr fs:[00000030h]0_2_01A3EA80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3EA80 mov eax, dword ptr fs:[00000030h]0_2_01A3EA80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3EA80 mov eax, dword ptr fs:[00000030h]0_2_01A3EA80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3EA80 mov eax, dword ptr fs:[00000030h]0_2_01A3EA80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3EA80 mov eax, dword ptr fs:[00000030h]0_2_01A3EA80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3EA80 mov eax, dword ptr fs:[00000030h]0_2_01A3EA80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3EA80 mov eax, dword ptr fs:[00000030h]0_2_01A3EA80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A3EA80 mov eax, dword ptr fs:[00000030h]0_2_01A3EA80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01B04A80 mov eax, dword ptr fs:[00000030h]0_2_01B04A80
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A68A90 mov edx, dword ptr fs:[00000030h]0_2_01A68A90
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6AAEE mov eax, dword ptr fs:[00000030h]0_2_01A6AAEE
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6AAEE mov eax, dword ptr fs:[00000030h]0_2_01A6AAEE
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A86ACC mov eax, dword ptr fs:[00000030h]0_2_01A86ACC
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A86ACC mov eax, dword ptr fs:[00000030h]0_2_01A86ACC
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A86ACC mov eax, dword ptr fs:[00000030h]0_2_01A86ACC
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A30AD0 mov eax, dword ptr fs:[00000030h]0_2_01A30AD0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A64AD0 mov eax, dword ptr fs:[00000030h]0_2_01A64AD0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A64AD0 mov eax, dword ptr fs:[00000030h]0_2_01A64AD0
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6CA24 mov eax, dword ptr fs:[00000030h]0_2_01A6CA24
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A5EA2E mov eax, dword ptr fs:[00000030h]0_2_01A5EA2E
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A54A35 mov eax, dword ptr fs:[00000030h]0_2_01A54A35
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A54A35 mov eax, dword ptr fs:[00000030h]0_2_01A54A35
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6CA38 mov eax, dword ptr fs:[00000030h]0_2_01A6CA38
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ABCA11 mov eax, dword ptr fs:[00000030h]0_2_01ABCA11
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6CA6F mov eax, dword ptr fs:[00000030h]0_2_01A6CA6F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6CA6F mov eax, dword ptr fs:[00000030h]0_2_01A6CA6F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01A6CA6F mov eax, dword ptr fs:[00000030h]0_2_01A6CA6F
        Source: C:\Users\user\Desktop\VzJM9stirU.exeCode function: 0_2_01ADEA60 mov eax, dword ptr fs:[00000030h]0_2_01ADEA60
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.VzJM9stirU.exe.e50000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2463684553.0000000001520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.VzJM9stirU.exe.e50000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2463684553.0000000001520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        DLL Side-Loading        		1
        DLL Side-Loading        		2
        Virtualization/Sandbox Evasion        		OS Credential Dumping2
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
        Software Packing        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Deobfuscate/Decode Files or Information        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        System Information Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
        Obfuscated Files or Information        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        VzJM9stirU.exe61%ReversingLabsWin32.Backdoor.FormBook
        VzJM9stirU.exe100%AviraTR/Crypt.ZPACK.Gen
        VzJM9stirU.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        No contacted domains info

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1530772
        Start date and time:2024-10-10 14:24:01 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 5s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Run name:Run with higher sleep bypass
        Number of analysed new started processes analysed:4
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:VzJM9stirU.exe
        renamed because original name is a hash value
        Original Sample Name:180a438bb4ebd1e32db8a355b7b73f7c37394d3af39e7968bd98a11609c577bb.exe
        Detection:MAL
        Classification:mal80.troj.winEXE@1/0@0/0
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 12
        • Number of non-executed functions: 334
        Cookbook Comments:
        • Found application associated with file extension: .exe
        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
        • Stop behavior analysis, all processes terminated

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
        • Report size exceeded maximum capacity and may have missing disassembly code.
        • VT rate limit hit for: VzJM9stirU.exe

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):7.992902940982352
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.98%
        • DOS Executable Generic (2002/1) 0.02%
        File name:VzJM9stirU.exe
        File size:283'136 bytes
        MD5:04b7699eaf7c0cb485c52312cb533f50
        SHA1:b33b377a01b728c310af98b345c3020023136c64
        SHA256:180a438bb4ebd1e32db8a355b7b73f7c37394d3af39e7968bd98a11609c577bb
        SHA512:2066a0935cae3c7f775547f52640b58f682b5606f1db6b4e9669843458318013e3f8b42cf9104c7075b23521b3cbfb6e746aef6461ceb74540997478dc581d2d
        SSDEEP:6144:X5ollmYSyBzl7jO4raF84cDhzt9eQfupQY:X5Sl4yBBnZ4cFTeAWQY
        TLSH:D25423FDE58683E2D21CCFBCF922384736D86A53AB4128D635FFB825F4654B01971809
        File Content Preview:MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L....5.`.................N...................`....@................

        File Icon

        Icon Hash:00928e8e8686b000

        Static PE Info

        General

        Entrypoint:0x4014e0
        Entrypoint Section:.text
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Time Stamp:0x601235C3 [Thu Jan 28 03:55:47 2021 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:6
        OS Version Minor:0
        File Version Major:6
        File Version Minor:0
        Subsystem Version Major:6
        Subsystem Version Minor:0
        Import Hash:

        Entrypoint Preview

        Instruction
        push ebp
        mov ebp, esp
        sub esp, 00000350h
        push ebx
        push esi
        push edi
        push 00000314h
        lea eax, dword ptr [ebp-0000034Ch]
        push 00000000h
        push eax
        mov dword ptr [ebp-00000350h], 00000000h
        call 00007F94E0C6CC3Ch
        add esp, 0Ch
        xor ecx, ecx
        xor edi, edi
        xor eax, eax
        mov esi, 0000208Ah
        mov ebx, 000000A8h
        mov dword ptr [ebp-18h], 00005276h
        mov dword ptr [ebp-10h], 00002CAEh
        mov dword ptr [ebp-1Ch], 00007C55h
        mov dword ptr [ebp-04h], eax
        mov dword ptr [ebp-08h], 000075AAh
        mov dword ptr [ebp-0Ch], 000022AEh
        mov dword ptr [ebp-14h], 00002F63h
        lea esp, dword ptr [esp+00000000h]
        mov eax, ecx
        and eax, 80000007h
        jns 00007F94E0C6B267h
        dec eax
        or eax, FFFFFFF8h
        inc eax
        jne 00007F94E0C6B267h
        add ecx, 03h
        jmp 00007F94E0C6B263h
        inc ecx
        cmp ecx, 000049F6h
        jl 00007F94E0C6B244h
        call 00007F94E0C6CEC2h
        mov dword ptr [ebp-000001ACh], eax
        lea esp, dword ptr [esp+00000000h]
        mov eax, 4BDA12F7h
        imul esi
        sar edx, 05h
        mov esi, edx
        shr esi, 1Fh
        add esi, edx
        jne 00007F94E0C6B24Fh
        mov esi, 0000001Ah
        lea eax, dword ptr [ebp-000000A4h]
        push esi
        push eax
        call 00007F94E0C6ACC0h
        add esp, 08h

        Rich Headers

        Programming Language:
        • [C++] VS2012 build 50727
        • [ASM] VS2012 build 50727
        • [LNK] VS2012 build 50727

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000x44dd40x44e0023a8860cf60f3d84b16786d26351de15False0.990365528584392data7.996363503608476IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

        Network Behavior

        No network behavior found

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:08:24:50
        Start date:10/10/2024
        Path:C:\Users\user\Desktop\VzJM9stirU.exe
        Wow64 process (32bit):true
        Commandline:"C:\Users\user\Desktop\VzJM9stirU.exe"
        Imagebase:0xe50000
        File size:283'136 bytes
        MD5 hash:04B7699EAF7C0CB485C52312CB533F50
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Yara matches:
        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2463684553.0000000001520000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2463684553.0000000001520000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
        Reputation:low
        Has exited:true

        Disassembly

        Reset < >

          Execution Graph

          Execution Coverage:0.8%
          Dynamic/Decrypted Code Coverage:5.4%
          Signature Coverage:10%
          Total number of Nodes:130
          Total number of Limit Nodes:13
          execution_graph 95171 e741a4 95172 e741c5 95171->95172 95173 e741e3 95172->95173 95174 e741f8 95172->95174 95175 e7c283 NtClose 95173->95175 95182 e7c283 95174->95182 95177 e741ec 95175->95177 95178 e74238 95179 e74201 95179->95178 95185 e7e383 95179->95185 95183 e7c2a0 95182->95183 95184 e7c2b1 NtClose 95183->95184 95184->95179 95188 e7c5f3 95185->95188 95187 e7422c 95189 e7c610 95188->95189 95190 e7c621 RtlFreeHeap 95189->95190 95190->95187 95191 e7f543 95192 e7f553 95191->95192 95193 e7f559 95191->95193 95196 e7e463 95193->95196 95195 e7f57f 95199 e7c5a3 95196->95199 95198 e7e47e 95198->95195 95200 e7c5bd 95199->95200 95201 e7c5ce RtlAllocateHeap 95200->95201 95201->95198 95202 e749a3 95206 e749bc 95202->95206 95203 e74a04 95204 e7e383 RtlFreeHeap 95203->95204 95205 e74a14 95204->95205 95206->95203 95207 e74a47 95206->95207 95209 e74a4c 95206->95209 95208 e7e383 RtlFreeHeap 95207->95208 95208->95209 95210 e7f5a3 95211 e7e383 RtlFreeHeap 95210->95211 95212 e7f5b8 95211->95212 95302 e7b873 95303 e7b88d 95302->95303 95306 1a72df0 LdrInitializeThunk 95303->95306 95304 e7b8b5 95306->95304 95307 e74613 95308 e7462f 95307->95308 95309 e74657 95308->95309 95310 e7466b 95308->95310 95312 e7c283 NtClose 95309->95312 95311 e7c283 NtClose 95310->95311 95314 e74674 95311->95314 95313 e74660 95312->95313 95317 e7e4a3 RtlAllocateHeap 95314->95317 95316 e7467f 95317->95316 95213 e673a3 95215 e673c7 95213->95215 95214 e673ce 95215->95214 95217 e673ed 95215->95217 95220 e7f923 95215->95220 95218 e67403 LdrLoadDll 95217->95218 95219 e6741a 95217->95219 95218->95219 95221 e7f949 95220->95221 95222 e7f99b 95221->95222 95225 e79783 95221->95225 95222->95217 95224 e7f9f0 95224->95217 95226 e797e1 95225->95226 95228 e797f5 95226->95228 95229 e67423 95226->95229 95228->95224 95230 e673f6 95229->95230 95231 e67403 LdrLoadDll 95230->95231 95232 e6741a 95230->95232 95231->95232 95232->95228 95318 e63653 95321 e7c503 95318->95321 95322 e7c520 95321->95322 95325 1a72c70 LdrInitializeThunk 95322->95325 95323 e63675 95325->95323 95326 e63833 95327 e63853 95326->95327 95328 e638b2 95327->95328 95330 e638bc 95327->95330 95331 e6b033 RtlFreeHeap LdrInitializeThunk 95327->95331 95331->95328 95233 1a72b60 LdrInitializeThunk 95234 e51aec 95235 e51aed 95234->95235 95238 e7fa13 95235->95238 95236 e51b5c 95236->95236 95241 e7df33 95238->95241 95242 e7df59 95241->95242 95251 e572f3 95242->95251 95244 e7df6f 95245 e7dfcb 95244->95245 95254 e6ad23 95244->95254 95245->95236 95247 e7df8e 95248 e7dfa3 95247->95248 95249 e7c643 ExitProcess 95247->95249 95265 e7c643 95248->95265 95249->95248 95268 e66053 95251->95268 95253 e57300 95253->95244 95255 e6ad4f 95254->95255 95286 e6ac13 95255->95286 95258 e6ad94 95261 e6adb0 95258->95261 95263 e7c283 NtClose 95258->95263 95259 e6ad7c 95260 e6ad87 95259->95260 95262 e7c283 NtClose 95259->95262 95260->95247 95261->95247 95262->95260 95264 e6ada6 95263->95264 95264->95247 95266 e7c65d 95265->95266 95267 e7c66e ExitProcess 95266->95267 95267->95245 95269 e66070 95268->95269 95271 e66089 95269->95271 95272 e7cd03 95269->95272 95271->95253 95274 e7cd1d 95272->95274 95273 e7cd4c 95273->95271 95274->95273 95279 e7b8c3 95274->95279 95277 e7e383 RtlFreeHeap 95278 e7cdc5 95277->95278 95278->95271 95280 e7b8e0 95279->95280 95283 1a72c0a 95280->95283 95281 e7b90c 95281->95277 95284 1a72c11 95283->95284 95285 1a72c1f LdrInitializeThunk 95283->95285 95284->95281 95285->95281 95287 e6ac2d 95286->95287 95291 e6ad09 95286->95291 95292 e7b963 95287->95292 95290 e7c283 NtClose 95290->95291 95291->95258 95291->95259 95293 e7b97d 95292->95293 95296 1a735c0 LdrInitializeThunk 95293->95296 95294 e6acfd 95294->95290 95296->95294 95297 e7492c 95298 e74932 95297->95298 95299 e7c283 NtClose 95298->95299 95301 e74937 95298->95301 95300 e7495c 95299->95300

          Executed Functions

          Function 00E673A3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 43 e673a3-e673cc call e7f083 46 e673d2-e673e0 call e7f683 43->46 47 e673ce-e673d1 43->47 50 e673e2-e673e8 call e7f923 46->50 51 e673f0-e67401 call e7da03 46->51 54 e673ed 50->54 56 e67403-e67417 LdrLoadDll 51->56 57 e6741a-e6741d 51->57 54->51 56->57
          APIs
          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00E67415
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID: Load
          • String ID:
          • API String ID: 2234796835-0
          • Opcode ID: dede90169ca1db16459994232f99263c7f2dcb4bb26b17399f27a86b55b0f282
          • Instruction ID: 4961c3c28e55ab76a7b3541424a07a5a9b9e364d67892fd2c671ca2acc9cb568
          • Opcode Fuzzy Hash: dede90169ca1db16459994232f99263c7f2dcb4bb26b17399f27a86b55b0f282
          • Instruction Fuzzy Hash: E40152B1D4410DB7DB10DAE4DC42FDDB7B89B54308F0081A5ED0CA7241F670EB149791
          Function 00E7C283 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 63 e7c283-e7c2bf call e54673 call e7d4f3 NtClose
          APIs
          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00E7C2BA
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID: Close
          • String ID:
          • API String ID: 3535843008-0
          • Opcode ID: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
          • Instruction ID: cd3c32303fbcfb42bdb2c0071c40e5a1d35a26aba86cae387162da922eacb38b
          • Opcode Fuzzy Hash: a3b23e781c8297b53f8e4474b48c3a032b94d0ec253a5db592d64cd3afe2f326
          • Instruction Fuzzy Hash: 52E046722042087BD620AA6ADC81F9B77ACDFC6710F008419FA09A7241C7B1BA1587F4
          Function 01A72B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 77 1a72b60-1a72b6c LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: b25d68b4206a1da99587b08689d67484be433ef9254dca6cb1bf798a961ac2b6
          • Instruction ID: 8c277c403ad6720c05274daa22a92b7038a66fb338774bd60ee846c3becbde6c
          • Opcode Fuzzy Hash: b25d68b4206a1da99587b08689d67484be433ef9254dca6cb1bf798a961ac2b6
          • Instruction Fuzzy Hash: 9590026120240003410571584454616D00B97E0301F96C021E1014594DC92989916225
          Function 01A72DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 79 1a72df0-1a72dfc LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 29bfb9e096d7b612a9e27e61d8deb0406608cf5d8914283bbe800f157b77b23f
          • Instruction ID: d664bdb7ec0bd7c758d481bd417416d6cd8e2bb63218bac346e4581aee4ed9bb
          • Opcode Fuzzy Hash: 29bfb9e096d7b612a9e27e61d8deb0406608cf5d8914283bbe800f157b77b23f
          • Instruction Fuzzy Hash: A490023120140413D11171584544707900A97D0341FD6C412A042455CDDA5A8A52A221
          Function 01A72C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 78 1a72c70-1a72c7c LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 424d91f9c1cd2fc7d771e0e38edad37dc7985c3a52ac449832f0021b6294b8a5
          • Instruction ID: fe22a100b9547a511de600de7a67f2ef366bd69cec6c757973cc8d8530eba1a7
          • Opcode Fuzzy Hash: 424d91f9c1cd2fc7d771e0e38edad37dc7985c3a52ac449832f0021b6294b8a5
          • Instruction Fuzzy Hash: 6F90023120148802D1107158844474A900697D0301F9AC411A442465CDCA9989917221
          Function 01A735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 80 1a735c0-1a735cc LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: f4917dadc3cfcc6c4ee4f5abcd66be0397ae1058d41f53f40a57c5cd9b675ad7
          • Instruction ID: eb552fdd4cc7d6aae4a1e21c8f5fd362416ee8965cf9538c1d883c1145cec495
          • Opcode Fuzzy Hash: f4917dadc3cfcc6c4ee4f5abcd66be0397ae1058d41f53f40a57c5cd9b675ad7
          • Instruction Fuzzy Hash: 5490023160550402D10071584554706A00697D0301FA6C411A042456CDCB998A5166A2
          Function 00E51A40 Relevance: .1, Instructions: 93COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0568d372a8b01d27e9717e9dbe1cb1264eca5738fe95f1419a3b2f6a714a2e36
          • Instruction ID: b8b3e230dfe8ef8b480f6400ea7f76b363024e4e5b4a47afef1a02ab941d0102
          • Opcode Fuzzy Hash: 0568d372a8b01d27e9717e9dbe1cb1264eca5738fe95f1419a3b2f6a714a2e36
          • Instruction Fuzzy Hash: E931B0326091D58FCB1ADB788C017EABB759B51305B1815EDED91AB153D2215A1CC780
          Function 00E7C5F3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 e7c5f3-e7c637 call e54673 call e7d4f3 RtlFreeHeap
          APIs
          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 00E7C632
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID: FreeHeap
          • String ID: `
          • API String ID: 3298025750-609909085
          • Opcode ID: acdd237a7a728e10ed32de03d3610bc6aa7b5a30a2fd813fd7ddd9c11810606e
          • Instruction ID: 0db27ad614e168ec30e8582dd52009a32bc9904ac8407c688662c44e45db0f8b
          • Opcode Fuzzy Hash: acdd237a7a728e10ed32de03d3610bc6aa7b5a30a2fd813fd7ddd9c11810606e
          • Instruction Fuzzy Hash: B7E012B1208244BBD614EE99EC45FAB77ACEFC5710F004419FA19B7241D7B5B91487B8
          Function 00E67423 Relevance: 1.7, APIs: 1, Instructions: 158libraryloaderCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 12 e67423-e6743a 13 e67440-e6744a 12->13 14 e673f6-e67401 13->14 15 e6744c 13->15 18 e67403-e67417 LdrLoadDll 14->18 19 e6741a-e6741d 14->19 16 e67467-e6747f 15->16 17 e6744e-e67464 15->17 16->13 21 e67481-e674ac 16->21 17->16 18->19 22 e67512-e67513 21->22 23 e674ae-e674c3 21->23 25 e674c5-e674ce 23->25 26 e67501 23->26 27 e674d1-e674e1 25->27 28 e6750e 25->28 31 e674e3-e674e8 27->31 32 e674ed-e67500 27->32 29 e67514-e6752b call e7f0e3 28->29 30 e67510 28->30 35 e6755f-e6757f call e7b263 29->35 36 e6752d-e6755e call e7f0e3 call e7b263 29->36 30->22 31->32 32->26
          APIs
          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00E67415
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID: Load
          • String ID:
          • API String ID: 2234796835-0
          • Opcode ID: 0e700db7e7ae3d175effefb3dd905522a701cb4ed781b9a175d105c238978748
          • Instruction ID: ccdbfaba9edbf1726597beeb462512e18740dad8024b1d1f40b46c1e87088a89
          • Opcode Fuzzy Hash: 0e700db7e7ae3d175effefb3dd905522a701cb4ed781b9a175d105c238978748
          • Instruction Fuzzy Hash: 7541CD31A492456BDB11DBB8DC41BEABBB8DF05758F0402EEFD94DB142E6329505CB80
          Function 00E7C5A3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 58 e7c5a3-e7c5e4 call e54673 call e7d4f3 RtlAllocateHeap
          APIs
          • RtlAllocateHeap.NTDLL(?,00E6E1BE,?,?,00000000,?,00E6E1BE,?,?,?), ref: 00E7C5DF
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID: AllocateHeap
          • String ID:
          • API String ID: 1279760036-0
          • Opcode ID: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
          • Instruction ID: f1cd59911df4e7182959178b0d19be4edcc953d11f1ad5f52996a512d7d7a1f9
          • Opcode Fuzzy Hash: 6ae38073c7aa3304867fd0be910f8801875f33a6ff849def5cfbe6102455eb91
          • Instruction Fuzzy Hash: 2FE06DB2204204BBD610EF58EC85F9B73ACEFC9710F004409F909A7241E770B91087B8
          Function 00E7C643 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 68 e7c643-e7c67c call e54673 call e7d4f3 ExitProcess
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID: ExitProcess
          • String ID:
          • API String ID: 621844428-0
          • Opcode ID: d07bb6d48f55c1af12db6d259e200f4b880b1beeb5d75b6632a6234d11049001
          • Instruction ID: b400f101dcfe5c33f64089ddb48da86e0c87945813055ecfd422afbf89abdf28
          • Opcode Fuzzy Hash: d07bb6d48f55c1af12db6d259e200f4b880b1beeb5d75b6632a6234d11049001
          • Instruction Fuzzy Hash: AEE04F312042447BD610AA59EC41FAB77ACDFC6711F008419FA08A7282D670BA0186A4
          Function 01A72C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 73 1a72c0a-1a72c0f 74 1a72c11-1a72c18 73->74 75 1a72c1f-1a72c26 LdrInitializeThunk 73->75
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: c42d4cd38b20aaf90cadb5febd0175b8a405279046ed9e676ec1a67da3a4c1cb
          • Instruction ID: 5f5cf9f704e63ea6194c4a65168724701f25d2a7774b63bd55edb280ef1a3a27
          • Opcode Fuzzy Hash: c42d4cd38b20aaf90cadb5febd0175b8a405279046ed9e676ec1a67da3a4c1cb
          • Instruction Fuzzy Hash: C4B09B719015C5C5DA11F7644A08717B90577D0701F56C072D3030645F473CC5D1E275

          Non-executed Functions

          Function 01AB2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
          • API String ID: 0-2160512332
          • Opcode ID: 885a284a8632be6738a3b12ee9e18377a1ed3ed7e6ed5eb740a56308b2035085
          • Instruction ID: 421398c879e96d0c6672c1803656baf3808c830b055db8e1fc15a9638ecd4d54
          • Opcode Fuzzy Hash: 885a284a8632be6738a3b12ee9e18377a1ed3ed7e6ed5eb740a56308b2035085
          • Instruction Fuzzy Hash: DE926E71604382ABE725DF29C880BABBBECBF84754F04491EFA94D7252D774E844CB52
          Function 01A268B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-3089669407
          • Opcode ID: 75d4d42a31a252af390260199b86289f63edcd7ddb67b92e795a29a8e8a4e03f
          • Instruction ID: 34ea890370d73d3b72b7f56838decf26894151a19c0a646a37d92de3c04ce2b0
          • Opcode Fuzzy Hash: 75d4d42a31a252af390260199b86289f63edcd7ddb67b92e795a29a8e8a4e03f
          • Instruction Fuzzy Hash: BA8123B2D022197F8B22EE99EDC4EEF77BDBB18654B540421F904F7114E720EE058BA0
          Function 01AD5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
          Download Yara Rule
          Strings
          • PreferredUILanguages, xrefs: 01AD63D1
          • LanguageConfiguration, xrefs: 01AD6420
          • InstallLanguageFallback, xrefs: 01AD6050
          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 01AD5A84
          • @, xrefs: 01AD6027
          • Control Panel\Desktop, xrefs: 01AD615E
          • @, xrefs: 01AD61B0
          • @, xrefs: 01AD6277
          • @, xrefs: 01AD647A
          • @, xrefs: 01AD63A0
          • LanguageConfigurationPending, xrefs: 01AD6221
          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01AD635D
          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 01AD5FE1
          • PreferredUILanguagesPending, xrefs: 01AD61D2
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
          • API String ID: 0-1325123933
          • Opcode ID: ece115a5fc16b4fbbf4fb2e65ff0fe07efb5e5ccf14b1688514d437f0acd918e
          • Instruction ID: 981937101f026641978d11ad803f8105d20d54d4fbdd01eff5c3a4573262df0a
          • Opcode Fuzzy Hash: ece115a5fc16b4fbbf4fb2e65ff0fe07efb5e5ccf14b1688514d437f0acd918e
          • Instruction Fuzzy Hash: 8F7259B19087419BD325DF28C940B6BBBE9FF88710F44492DFA8AD7250EB34D945CB92
          Function 01A68620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
          Download Yara Rule
          Strings
          • Invalid debug info address of this critical section, xrefs: 01AA54B6
          • 8, xrefs: 01AA52E3
          • corrupted critical section, xrefs: 01AA54C2
          • undeleted critical section in freed memory, xrefs: 01AA542B
          • Thread identifier, xrefs: 01AA553A
          • Critical section debug info address, xrefs: 01AA541F, 01AA552E
          • double initialized or corrupted critical section, xrefs: 01AA5508
          • Critical section address, xrefs: 01AA5425, 01AA54BC, 01AA5534
          • Address of the debug info found in the active list., xrefs: 01AA54AE, 01AA54FA
          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AA54E2
          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AA540A, 01AA5496, 01AA5519
          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AA54CE
          • Critical section address., xrefs: 01AA5502
          • Thread is in a state in which it cannot own a critical section, xrefs: 01AA5543
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
          • API String ID: 0-2368682639
          • Opcode ID: 46eff634a3e777457e1ef88ec29d9f43338a48471f60985805eee9e09c24702c
          • Instruction ID: 27cff8934cb517526901f51cf3400e086e72723311cb071eba1f5ab9e6146d8b
          • Opcode Fuzzy Hash: 46eff634a3e777457e1ef88ec29d9f43338a48471f60985805eee9e09c24702c
          • Instruction Fuzzy Hash: AA819AB1E40359BFEB20CF99C840BAEBBB9FB48B14F644119F504B7251D379A944CB64
          Function 01A629F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
          Download Yara Rule
          Strings
          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01AA22E4
          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01AA2498
          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01AA2412
          • RtlpResolveAssemblyStorageMapEntry, xrefs: 01AA261F
          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01AA24C0
          • @, xrefs: 01AA259B
          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01AA2409
          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01AA2506
          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01AA2602
          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01AA25EB
          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01AA2624
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
          • API String ID: 0-4009184096
          • Opcode ID: 2d9a76a8e2bd94d714bb325da0311078b5f0f800fe75738cdc0d132b66089dbd
          • Instruction ID: 7dbef98d00d2a3025ed4486ca4cbbc66d31f5ad14752d00e065541a6e68e4021
          • Opcode Fuzzy Hash: 2d9a76a8e2bd94d714bb325da0311078b5f0f800fe75738cdc0d132b66089dbd
          • Instruction Fuzzy Hash: 40025FB1D002299FDB31DB54CD80BEAB7B8AF54304F4441EAE649A7242EB709F94CF59
          Function 01A60F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
          • API String ID: 0-360209818
          • Opcode ID: a07d3e76e4b8a2490b93b5656c2fb88e9c8977741566f4a3bbef0305ff45b3b5
          • Instruction ID: e6dd8f2ddf0b7130e5a3c4edadd771000518024b1e65b2ae749a3888793b2086
          • Opcode Fuzzy Hash: a07d3e76e4b8a2490b93b5656c2fb88e9c8977741566f4a3bbef0305ff45b3b5
          • Instruction Fuzzy Hash: 7D628FB5E002299FDB24CF18C8417A9BBB6EFD5320F9982DAD549AB240D7325AD1CF50
          Function 01AD8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
          • API String ID: 0-2515994595
          • Opcode ID: 3a0d6227c8a1e39de357c676bdbce2bfe260f0e13921c5533768b58b60368f10
          • Instruction ID: 87a95ccc8d47fd776d0bb342f0a80e1ac65fce1df4105779dd4a284b469aed19
          • Opcode Fuzzy Hash: 3a0d6227c8a1e39de357c676bdbce2bfe260f0e13921c5533768b58b60368f10
          • Instruction Fuzzy Hash: D651CF715047019FD32ACF589944BABBBECFF94740F14491DE99AC3280E778E648C792
          Function 01AE12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
          • API String ID: 0-3591852110
          • Opcode ID: 8628ee83bec68964c308dd390fca1de2130c0e4f42a3c8682e79f601dff3c269
          • Instruction ID: ae8b6053ded58b33bac2fd31160d61f4ed9a09db1f230d0755b8d6ba95853287
          • Opcode Fuzzy Hash: 8628ee83bec68964c308dd390fca1de2130c0e4f42a3c8682e79f601dff3c269
          • Instruction Fuzzy Hash: 6A12B170600662EFD726DF69C449BBABBF1FF09714F18845DE4968B682D734E881CB60
          Function 01A4AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
          • API String ID: 0-3197712848
          • Opcode ID: 8bb102b49d461585302d7eb37c7759b95d09a38abdaef291297a74bff6d6bd7b
          • Instruction ID: 3d7795d62f91322abed4208ab8d8f962383fa3ca2afb493839279907811d10d7
          • Opcode Fuzzy Hash: 8bb102b49d461585302d7eb37c7759b95d09a38abdaef291297a74bff6d6bd7b
          • Instruction Fuzzy Hash: 3C1212716083468FD735DF28C940BAAB7E4BFD5714F08491EF98A8B291E734D944CBA2
          Function 01A2D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
          • API String ID: 0-3532704233
          • Opcode ID: 17ddd5212078bceb9ac7a177a1d5e938bb41836a29f69a1a642666d7df4e4d7f
          • Instruction ID: 8df3647cbf041c675d29fd11b557b8d737e910a3f54cf7c82257ca3821978f2f
          • Opcode Fuzzy Hash: 17ddd5212078bceb9ac7a177a1d5e938bb41836a29f69a1a642666d7df4e4d7f
          • Instruction Fuzzy Hash: 9FB1CF729183629FC722DF68C940B6BBBE8BF88714F05492EF988D7241D770D944CB92
          Function 01AE0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
          • API String ID: 0-1357697941
          • Opcode ID: 3cc8ad5be999d4f192f53e94a36025b138ca730dfce5d08584d01042f3a5cb91
          • Instruction ID: 1c7ff6a8b472cf4cfed0836e74efd95a25ee57c102bdb944c4b2296c557c6f27
          • Opcode Fuzzy Hash: 3cc8ad5be999d4f192f53e94a36025b138ca730dfce5d08584d01042f3a5cb91
          • Instruction Fuzzy Hash: 62F10271B00296EFDB25CF6CC588BAABBF5FF09714F088059E5869B282C774A945CB50
          Function 01AE0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
          • API String ID: 0-1700792311
          • Opcode ID: d8683b7c6a625210e685845c49ea3833d56d8a6d586642d72d098eeb7dece1c1
          • Instruction ID: 0659c37cc6f8e604cacfa22b2b09231b5793d77d75753bb7be068da8daf6b914
          • Opcode Fuzzy Hash: d8683b7c6a625210e685845c49ea3833d56d8a6d586642d72d098eeb7dece1c1
          • Instruction Fuzzy Hash: A2D1EF31600686EFDB22DF68C648AAEBBF1FF5A710F188049F4459B662C7B49945CF20
          Function 01AB89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
          Download Yara Rule
          Strings
          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01AB8A3D
          • AVRF: -*- final list of providers -*- , xrefs: 01AB8B8F
          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01AB8A67
          • VerifierDebug, xrefs: 01AB8CA5
          • VerifierDlls, xrefs: 01AB8CBD
          • HandleTraces, xrefs: 01AB8C8F
          • VerifierFlags, xrefs: 01AB8C50
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
          • API String ID: 0-3223716464
          • Opcode ID: 9e1596b5a74c16a756e0e054c748fe83f1a5e49d8dcb60856fae9e4aebf46380
          • Instruction ID: 8363a73bfa9c997faeb2fd27b0382acef8acac6c295bd25cb0b694a92400619e
          • Opcode Fuzzy Hash: 9e1596b5a74c16a756e0e054c748fe83f1a5e49d8dcb60856fae9e4aebf46380
          • Instruction Fuzzy Hash: C79123B2645792AFD331DF2CC9C0BEB7BACAB95714F450459FA446B282C738AC08C795
          Function 01A3EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
          • API String ID: 0-1109411897
          • Opcode ID: bbd06b8780f9dcae6c9e9e963dd8e318e1592e2351193ed891039a29d6d15b28
          • Instruction ID: 4c150498f6dcf875a151b1646276dd55f85788d271c965ece935517b5064a39e
          • Opcode Fuzzy Hash: bbd06b8780f9dcae6c9e9e963dd8e318e1592e2351193ed891039a29d6d15b28
          • Instruction Fuzzy Hash: 61A24974E0562A8FDF64CF19CD887A9BBB5AF89304F1442E9E909A7251DB309EC5CF40
          Function 01A2F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-523794902
          • Opcode ID: f533941902586c3388adc99b6769dc179f9f2a41edc3bfd02c0bfe3e39f9613a
          • Instruction ID: d9fa8d58437d1eead98890941cd15a2e90fc5c8bccfeb7810411a136fdc9195c
          • Opcode Fuzzy Hash: f533941902586c3388adc99b6769dc179f9f2a41edc3bfd02c0bfe3e39f9613a
          • Instruction Fuzzy Hash: CC42EB71208392DFD715EF2CC984A6ABBF5FF89604F08496DE896CB292D730D845CB52
          Function 01A3ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
          • API String ID: 0-4098886588
          • Opcode ID: 95436795472e379636338a165181527835a0205957be804a7256509bab71d748
          • Instruction ID: 778f96c84360b9fc19ad9498af07af41d141bd200d15cceef5dec627ec03b5f8
          • Opcode Fuzzy Hash: 95436795472e379636338a165181527835a0205957be804a7256509bab71d748
          • Instruction Fuzzy Hash: 04329271E042698BDF22CF28C894BEEBBB6BF85340F1441E9E949A7251D7719EC18F50
          Function 01A4B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
          • API String ID: 0-122214566
          • Opcode ID: 7d9ddbc5100aa334ce7b648ae100d6663ce6036f9733f2ba358142aedc3b19e9
          • Instruction ID: 6183145a6a9cbce7529b3330563bdd0bfcf8e0a4039ec56c2fd0a63993c31210
          • Opcode Fuzzy Hash: 7d9ddbc5100aa334ce7b648ae100d6663ce6036f9733f2ba358142aedc3b19e9
          • Instruction Fuzzy Hash: BCC12A31A00219ABDF258F69C881BBEBBB5BFC5310F184169ED069B692D774DD84C3B1
          Function 01A663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
          • API String ID: 0-792281065
          • Opcode ID: 79f0b1e0b5ac48d3a3c5bb300669a5b5336bfa284a057fecb2fa5729da26a2b6
          • Instruction ID: 0eb16bd6aa819bd81b8d60aef07a43736db95561a9a5269468418e1c0d19ff86
          • Opcode Fuzzy Hash: 79f0b1e0b5ac48d3a3c5bb300669a5b5336bfa284a057fecb2fa5729da26a2b6
          • Instruction Fuzzy Hash: CB917970B00315DBEB35DF28DA48BEA7BB5FF48B24F580129F9086B296D7B49805C790
          Function 01A2645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
          Download Yara Rule
          Strings
          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01A89A2A
          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01A89A01
          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01A899ED
          • LdrpInitShimEngine, xrefs: 01A899F4, 01A89A07, 01A89A30
          • minkernel\ntdll\ldrinit.c, xrefs: 01A89A11, 01A89A3A
          • apphelp.dll, xrefs: 01A26496
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-204845295
          • Opcode ID: dc361e729ea26c7c0b0b7250af14db5776d6dfadc1fc63c3a0431132ece83931
          • Instruction ID: efd99b6860f8fc3430442151dac6c0fa53e5d7e5093e56a898b1b8c3b6282880
          • Opcode Fuzzy Hash: dc361e729ea26c7c0b0b7250af14db5776d6dfadc1fc63c3a0431132ece83931
          • Instruction Fuzzy Hash: D151B171248305AFE721EF28D981FABB7E4FBC8648F14091EF98997164D730E905CB92
          Function 01A6C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
          Download Yara Rule
          Strings
          • LdrpInitializeImportRedirection, xrefs: 01AA8177, 01AA81EB
          • LdrpInitializeProcess, xrefs: 01A6C6C4
          • minkernel\ntdll\ldrredirect.c, xrefs: 01AA8181, 01AA81F5
          • Loading import redirection DLL: '%wZ', xrefs: 01AA8170
          • Unable to build import redirection Table, Status = 0x%x, xrefs: 01AA81E5
          • minkernel\ntdll\ldrinit.c, xrefs: 01A6C6C3
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
          • API String ID: 0-475462383
          • Opcode ID: db8acf3607bc8abef604e6536c60e1399bd40e57326bffb04b8ae8c78183305e
          • Instruction ID: aaa27dc46674bb361bc4548bce04473e31feada1121bfb93e1602e81d254d4da
          • Opcode Fuzzy Hash: db8acf3607bc8abef604e6536c60e1399bd40e57326bffb04b8ae8c78183305e
          • Instruction Fuzzy Hash: 5531F371644342AFD320EF29DE46E2AB7E4FF94B20F040558F985AB295E734ED04C7A2
          Function 01A62674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
          Download Yara Rule
          Strings
          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01AA219F
          • SXS: %s() passed the empty activation context, xrefs: 01AA2165
          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01AA2180
          • RtlGetAssemblyStorageRoot, xrefs: 01AA2160, 01AA219A, 01AA21BA
          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01AA2178
          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01AA21BF
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
          • API String ID: 0-861424205
          • Opcode ID: ba2949af645fcd54b64c5de904fed70afef15738166000c76542b4e2b84d81f8
          • Instruction ID: 40da8c4254e6577991141d7cc4f3fb82ae5e390b88a2defcd0400bda8dbdb9db
          • Opcode Fuzzy Hash: ba2949af645fcd54b64c5de904fed70afef15738166000c76542b4e2b84d81f8
          • Instruction Fuzzy Hash: 8C31E736B403157BE7228B9A8C81F5A7A7DEB94A50F09405AFA04B7145D370AA40C7E1
          Function 01A49950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
          • API String ID: 0-3393094623
          • Opcode ID: 2f839ecedf0f750c11ba68f04677e19bf71fb942301248a73ff2d3708c5106a8
          • Instruction ID: 2e8121a2e4bd0eb5386c59537633d546a372215f8a9659f6940bf60b148ac1f0
          • Opcode Fuzzy Hash: 2f839ecedf0f750c11ba68f04677e19bf71fb942301248a73ff2d3708c5106a8
          • Instruction Fuzzy Hash: 3F0259715083418FDB21CF68C184BABBBE5BFC8718F44891EE989C7251E770D895CBA2
          Function 01A7096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 01A72DF0: LdrInitializeThunk.NTDLL ref: 01A72DFA
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A70BA3
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A70BB6
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A70D60
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A70D74
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
          • String ID:
          • API String ID: 1404860816-0
          • Opcode ID: d0aab457fe87894618f8351b372eb1a88e57ec9d14a08d5af0b0413e03d108f1
          • Instruction ID: 3d42c0810ef56370e21eedf1671e2b4295b3a5f06f9449a3a354f0e8d8e85e87
          • Opcode Fuzzy Hash: d0aab457fe87894618f8351b372eb1a88e57ec9d14a08d5af0b0413e03d108f1
          • Instruction Fuzzy Hash: 18427D71900715DFDB61CF28C980BAAB7F4FF09314F1445AAE999DB241E770AA85CF60
          Function 01AB4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
          • API String ID: 0-2518169356
          • Opcode ID: 52b0d1d06c0216c4b0a00d98058d314216c85371cccfa185495813f0f0ba6b12
          • Instruction ID: 4ac6d160380ca7f2839bae78f09f56fa3d7886f2a283c8542883c885474b4bf4
          • Opcode Fuzzy Hash: 52b0d1d06c0216c4b0a00d98058d314216c85371cccfa185495813f0f0ba6b12
          • Instruction Fuzzy Hash: 8A91BC72D0065A9FCB21CFACC880AEEB7B8EF48710F594169E911E7352D735DA01CB91
          Function 01A470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
          • API String ID: 0-3178619729
          • Opcode ID: 8ee1f55e147df4b473dda2d6c86235eb23f17b0dce94f958737b0c7fcedb0925
          • Instruction ID: 7a3110b56217c2aab872267a999954b9c0db38f2f45ec70d3cc81abf047f1c82
          • Opcode Fuzzy Hash: 8ee1f55e147df4b473dda2d6c86235eb23f17b0dce94f958737b0c7fcedb0925
          • Instruction Fuzzy Hash: F513B170A00655DFEB25CFA8C4907A9FBF1FF89304F1881A9D959AB382D734A945CF90
          Function 01A4A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
          Download Yara Rule
          Strings
          • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01A97D39
          • SsHd, xrefs: 01A4A885
          • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01A97D56
          • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01A97D03
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
          • API String ID: 0-2905229100
          • Opcode ID: 68c0feb38f167a93cab2f5b533ca6766a7e4bbe852bdeb145303783816900608
          • Instruction ID: ced665300cdcf7f59eafee2d1fd8cfd179ee1572fbebda894c1a191a57bd7bb1
          • Opcode Fuzzy Hash: 68c0feb38f167a93cab2f5b533ca6766a7e4bbe852bdeb145303783816900608
          • Instruction Fuzzy Hash: A6D1803AA402159FDF25CF98C9C06ADBBF5FF88310F194069E946AB346D3719985CBA0
          Function 01A3A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
          • API String ID: 0-379654539
          • Opcode ID: 28114a089deff72493fff00f3ee4f434cd388d0d88f3f49a8f1a4b74cd5cf642
          • Instruction ID: 379a17e0ece7cc5777e5e1a49fba75bc42f4740cfcaf19353d7a211aabb13290
          • Opcode Fuzzy Hash: 28114a089deff72493fff00f3ee4f434cd388d0d88f3f49a8f1a4b74cd5cf642
          • Instruction Fuzzy Hash: ECC167752083929FDB11CF68C144B6AB7F4AFC4704F08896AF9D6CB291E734CA49CB56
          Function 01A68402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
          Download Yara Rule
          Strings
          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01A6855E
          • @, xrefs: 01A68591
          • LdrpInitializeProcess, xrefs: 01A68422
          • minkernel\ntdll\ldrinit.c, xrefs: 01A68421
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
          • API String ID: 0-1918872054
          • Opcode ID: ee2e6dcdb14735160690647395b7f64f4e9ba56fe49f138f41da083b5decd88d
          • Instruction ID: da7611eec3579533b31288e01feab1b508ce93eacc20f566b11ebefdb6378eb0
          • Opcode Fuzzy Hash: ee2e6dcdb14735160690647395b7f64f4e9ba56fe49f138f41da083b5decd88d
          • Instruction Fuzzy Hash: A3917971548345AFD722EF65CD40FBBBAECFB84744F40092EFA8492151E738DA448B66
          Function 01A40C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
          Download Yara Rule
          Strings
          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 01A954ED
          • HEAP[%wZ]: , xrefs: 01A954D1, 01A95592
          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01A955AE
          • HEAP: , xrefs: 01A954E0, 01A955A1
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
          • API String ID: 0-1657114761
          • Opcode ID: bffe761ee468ff15884953e2d57eeb951b7a8354a041178e177e50943289e839
          • Instruction ID: 1fc377ab5c8221bd6cccd54834dfaea9876b5d15562f3311b95202212bdf2329
          • Opcode Fuzzy Hash: bffe761ee468ff15884953e2d57eeb951b7a8354a041178e177e50943289e839
          • Instruction Fuzzy Hash: 86A1E470A04346DFDB25DF28C641BBABBF1BF94300F18856DE6968B642D734E848DB91
          Function 01A6273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
          Download Yara Rule
          Strings
          • SXS: %s() passed the empty activation context, xrefs: 01AA21DE
          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01AA21D9, 01AA22B1
          • .Local, xrefs: 01A628D8
          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01AA22B6
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
          • API String ID: 0-1239276146
          • Opcode ID: a8a74fdf3bd1e9156289fe5ea54e2237979dfb3cf217ca3affd5500a5c694bbe
          • Instruction ID: 1d45a2815098085b930fb9f39d78abe5b8768f856118d509ce1d22b0b71cef18
          • Opcode Fuzzy Hash: a8a74fdf3bd1e9156289fe5ea54e2237979dfb3cf217ca3affd5500a5c694bbe
          • Instruction Fuzzy Hash: F0A19F3294022A9BDB35CF68DC84BA9B7B5BF98354F1441EAD948E7251D7309E84CF90
          Function 01A64AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
          Download Yara Rule
          Strings
          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01AA3437
          • RtlDeactivateActivationContext, xrefs: 01AA3425, 01AA3432, 01AA3451
          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01AA3456
          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01AA342A
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
          • API String ID: 0-1245972979
          • Opcode ID: 8bda40525fe865aa9466e255420d66f1c575e1b9cdd7ea0b567036d1ad6f2306
          • Instruction ID: db46289833a58dd7259531513573e10c44749d11cbd7d672d6960dcb118b618c
          • Opcode Fuzzy Hash: 8bda40525fe865aa9466e255420d66f1c575e1b9cdd7ea0b567036d1ad6f2306
          • Instruction Fuzzy Hash: FA610476600712AFDB22CF1DC841B3AB7E9FF94B51F588529E9559B282CB30E801CB91
          Function 01A364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
          Download Yara Rule
          Strings
          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01A91028
          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01A90FE5
          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01A9106B
          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01A910AE
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
          • API String ID: 0-1468400865
          • Opcode ID: ba0d9b4d662cf4e229d6fc6e2d1ff92779239256acf91038df05d4cc09acfb45
          • Instruction ID: 6ec71d3565993c9f2f46e1bf3daa7a4737c93dc2390cda600a4082d0e141ecd9
          • Opcode Fuzzy Hash: ba0d9b4d662cf4e229d6fc6e2d1ff92779239256acf91038df05d4cc09acfb45
          • Instruction Fuzzy Hash: B471E1B1904345AFCB21DF28C984B9B7FA8AF94764F440469F9488B186D734D688CBD2
          Function 01A5245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
          Download Yara Rule
          Strings
          • LdrpDynamicShimModule, xrefs: 01A9A998
          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01A9A992
          • minkernel\ntdll\ldrinit.c, xrefs: 01A9A9A2
          • apphelp.dll, xrefs: 01A52462
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-176724104
          • Opcode ID: 52cbf12065bece81345f0902995dd78b6b966f37409ada69e4b2d8e922cdb7cc
          • Instruction ID: 824344c0b1fa3158aed05e3a9bf01262eef260c43824388fa2109e7b80681fdd
          • Opcode Fuzzy Hash: 52cbf12065bece81345f0902995dd78b6b966f37409ada69e4b2d8e922cdb7cc
          • Instruction Fuzzy Hash: 4F313776A00201EBDF319F5DD981F6A7BF5FB84B04F25001BED05AB269C7B49985C780
          Function 01A429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
          Download Yara Rule
          Strings
          • HEAP[%wZ]: , xrefs: 01A43255
          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01A4327D
          • HEAP: , xrefs: 01A43264
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
          • API String ID: 0-617086771
          • Opcode ID: 6b4fa3d8232fba6996899fb1e919e2c3884b1cc9e334fb29e5fa322d5cf13447
          • Instruction ID: dcf20bc4be692f8c7011faf14d240ff514220d44029bd39161bfe6c16798833e
          • Opcode Fuzzy Hash: 6b4fa3d8232fba6996899fb1e919e2c3884b1cc9e334fb29e5fa322d5cf13447
          • Instruction Fuzzy Hash: D492CE70A042599FDF25CF68D4447AEBBF1FF88300F1880AAE999AB391D734A945CF50
          Function 01AC02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: """"$MitigationAuditOptions$MitigationOptions
          • API String ID: 0-1670051934
          • Opcode ID: b6bcd84be9c00f49cbc7cbeb8645a44c1d3048d8ef6ea9b6783ea4164dae8c9b
          • Instruction ID: f37c920951070129d330b1ce5afcf5411fa8867d073030655c73129b2b7f91d3
          • Opcode Fuzzy Hash: b6bcd84be9c00f49cbc7cbeb8645a44c1d3048d8ef6ea9b6783ea4164dae8c9b
          • Instruction Fuzzy Hash: C8227C76A04702CFD724CF2DCA91626BBE1BBD4710F29892EF29A87650D771E5448B41
          Function 01A40770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-4253913091
          • Opcode ID: 0ed3e020d545d5dd72ca8c388625c38f361d481dfe0e015d1f8ab905cf677a91
          • Instruction ID: 71e9e78cdaeea47a09f9d2e812ed06b2424067f064fb98be3a7df31930d98738
          • Opcode Fuzzy Hash: 0ed3e020d545d5dd72ca8c388625c38f361d481dfe0e015d1f8ab905cf677a91
          • Instruction Fuzzy Hash: 84F1B074A00605DFEB16CF68CA84BAAB7F5FF84300F1441A9E616DB342D734E981DB90
          Function 01A31460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
          Download Yara Rule
          Strings
          • HEAP[%wZ]: , xrefs: 01A31712
          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01A31728
          • HEAP: , xrefs: 01A31596
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
          • API String ID: 0-3178619729
          • Opcode ID: 64d42af9aa2255a2944ae6e1b8e008dadeca5cefd7373516eccaa4db1fbfc3a2
          • Instruction ID: 7c8fe337d56ee3d74eff82ecf40fff05acddeb31a84498d04663005d805ba27e
          • Opcode Fuzzy Hash: 64d42af9aa2255a2944ae6e1b8e008dadeca5cefd7373516eccaa4db1fbfc3a2
          • Instruction Fuzzy Hash: 34E1C070A046469FDB29DF6CC491BBABBF1AF88304F18855DF596CB286E734E940CB50
          Function 00E514E0 Relevance: 4.1, Strings: 3, Instructions: 310COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: U|$c/$vR
          • API String ID: 0-714501589
          • Opcode ID: 034fa08487b7c2f703eba86be2acd26a57d4b82aac2ae9bd562c7d2f94e02d1c
          • Instruction ID: 0aac0becfe0e08086537cacc0b44fe193452bf602a7c1f8e6a45b4ed1c6e2f26
          • Opcode Fuzzy Hash: 034fa08487b7c2f703eba86be2acd26a57d4b82aac2ae9bd562c7d2f94e02d1c
          • Instruction Fuzzy Hash: 50A1A772A09252CFDB26CF74C8457DABBE0FF46301F5819DCC992AB152E771444ACB81
          Function 00E523D0 Relevance: 4.0, Strings: 3, Instructions: 245COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: <g$gfff$gfff
          • API String ID: 0-75412626
          • Opcode ID: cc625a1004c9f7122bfa0e36cee74b23a501215208f6d8348e2cbb2e64e4b715
          • Instruction ID: e19c493e3385aef346d332a2ef89461b3936e57919172c7a45ee1e85bfc37af4
          • Opcode Fuzzy Hash: cc625a1004c9f7122bfa0e36cee74b23a501215208f6d8348e2cbb2e64e4b715
          • Instruction Fuzzy Hash: 1971C371B000098BDB18CE5DCC506ADB3E2EB95306F18A57EEE19EF391E670DD068B80
          Function 01A56962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: $@
          • API String ID: 0-1077428164
          • Opcode ID: b5301a058eee6038f8caf0acae336ca2e6df63e2c1af239185d4ae5cf334d37c
          • Instruction ID: 17ddfbebc7ad5436aa917ebb760bf17c987d96dbabdcd467bcfbb7bcc4c42d1f
          • Opcode Fuzzy Hash: b5301a058eee6038f8caf0acae336ca2e6df63e2c1af239185d4ae5cf334d37c
          • Instruction Fuzzy Hash: E0C2AD7160C7419FEB65CF68C880BABBBE5AF88314F48892DED89D7241D734D844CB92
          Function 01A2A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: FilterFullPath$UseFilter$\??\
          • API String ID: 0-2779062949
          • Opcode ID: 0d60cd83b1b492b5333b39450ab4ca4ec76434afb785c09027fb998f9204e1ff
          • Instruction ID: 8ad179a6bd386a380ad66a1112e8b7453ac66b1d4e661661a8a9d1fe24843efa
          • Opcode Fuzzy Hash: 0d60cd83b1b492b5333b39450ab4ca4ec76434afb785c09027fb998f9204e1ff
          • Instruction Fuzzy Hash: 99A15B719116299BDB31EF68CD88BEAB7B8EF44710F1001EAE909A7250D7359F85CF60
          Function 01A50BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
          Download Yara Rule
          Strings
          • LdrpCheckModule, xrefs: 01A9A117
          • minkernel\ntdll\ldrinit.c, xrefs: 01A9A121
          • Failed to allocated memory for shimmed module list, xrefs: 01A9A10F
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
          • API String ID: 0-161242083
          • Opcode ID: 375baa7754851f96715ec75ae9facfc1cab13435529160c1dc29cc6e6d23eee7
          • Instruction ID: 380fc64120b3f4e23bc13755fcc6e9eb0ec555c72befd0dad460ea1eaa123b60
          • Opcode Fuzzy Hash: 375baa7754851f96715ec75ae9facfc1cab13435529160c1dc29cc6e6d23eee7
          • Instruction Fuzzy Hash: 0271C071A002059FDF25DF68CA85ABEB7F4FB84304F18442EE906DB255E734AD85CB50
          Function 01A6C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
          Download Yara Rule
          Strings
          • LdrpInitializePerUserWindowsDirectory, xrefs: 01AA82DE
          • Failed to reallocate the system dirs string !, xrefs: 01AA82D7
          • minkernel\ntdll\ldrinit.c, xrefs: 01AA82E8
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
          • API String ID: 0-1783798831
          • Opcode ID: 265cb9a30fb13abab5f61134e3f3c97067af3b98d33c4c46c05e36120987c8a6
          • Instruction ID: 626858bb873e1b8b2af187859a4d71467e9e50a228062d5ab48c2313f46fe8c5
          • Opcode Fuzzy Hash: 265cb9a30fb13abab5f61134e3f3c97067af3b98d33c4c46c05e36120987c8a6
          • Instruction Fuzzy Hash: AE41E271944311ABC731EF68D944BAB77E8FF48760F04492AFA88D3254E778D8048B91
          Function 01AEC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
          Download Yara Rule
          Strings
          • @, xrefs: 01AEC1F1
          • PreferredUILanguages, xrefs: 01AEC212
          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01AEC1C5
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
          • API String ID: 0-2968386058
          • Opcode ID: c153d230e4d3d07b20d08c4352a3b8de475fad25fd51a265568c93376d19eda5
          • Instruction ID: f0ac47ebac7577f17702a87f57eb087198e37361dc193da7ba0220a71d4a88af
          • Opcode Fuzzy Hash: c153d230e4d3d07b20d08c4352a3b8de475fad25fd51a265568c93376d19eda5
          • Instruction Fuzzy Hash: 03417372E00219EBDF11EBD8C955FEEBBF8AB54710F14406AE609B7244D7749A44CB50
          Function 01AC4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
          • API String ID: 0-1373925480
          • Opcode ID: 5cadda57284034f85dfaa0761e27b6ddc5ce6331f20e7d14d254ad062112c891
          • Instruction ID: 3350d0e964f2a0d7a3743ab5736f4994823c710de042761e31ad986a3aa44781
          • Opcode Fuzzy Hash: 5cadda57284034f85dfaa0761e27b6ddc5ce6331f20e7d14d254ad062112c891
          • Instruction Fuzzy Hash: EA412671A04758CBEB26DBE8C950BADBBB9FFA9B40F18045DD941EB381D7348901CB14
          Function 01AB4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          Strings
          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01AB4888
          • LdrpCheckRedirection, xrefs: 01AB488F
          • minkernel\ntdll\ldrredirect.c, xrefs: 01AB4899
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
          • API String ID: 0-3154609507
          • Opcode ID: d7d9715ac0a5ba08e088d2568d43da80bc33b60810df892e9732c2c00aeaa38c
          • Instruction ID: 05ebba76fc67ebc7d262617ecbc88214761248ba9f3f64ea7ad871e8c40d8db7
          • Opcode Fuzzy Hash: d7d9715ac0a5ba08e088d2568d43da80bc33b60810df892e9732c2c00aeaa38c
          • Instruction Fuzzy Hash: 4641B272A046D19BCB22CFADD980AA67BECBF4D650F050559ED8A97253D730E840CB91
          Function 01A40BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-2558761708
          • Opcode ID: bcf2c27218375d35ec61fa7a96944155aea1a061263f650208ed0f5749e5b970
          • Instruction ID: bc5a8381cf8878a3e1dd95a4c02dd1d0002202420bdfd71dce18c04f6f07c341
          • Opcode Fuzzy Hash: bcf2c27218375d35ec61fa7a96944155aea1a061263f650208ed0f5749e5b970
          • Instruction Fuzzy Hash: AA11DF317151429FDB6ACB28C542BA6B3E6EFC0715F18812AF606CB252DB30D881D755
          Function 01AB20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
          Download Yara Rule
          Strings
          • Process initialization failed with status 0x%08lx, xrefs: 01AB20F3
          • LdrpInitializationFailure, xrefs: 01AB20FA
          • minkernel\ntdll\ldrinit.c, xrefs: 01AB2104
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
          • API String ID: 0-2986994758
          • Opcode ID: 233069fe2c4a4f5fd67c424fd00ce9361d8600abcf2c0eeb685c69a049c9fbcc
          • Instruction ID: 91c7b2f1590633f29c28df576ef8a5042a32d7c12d43703bef9e993f2c18f828
          • Opcode Fuzzy Hash: 233069fe2c4a4f5fd67c424fd00ce9361d8600abcf2c0eeb685c69a049c9fbcc
          • Instruction Fuzzy Hash: 71F0C835640348BBE734EB4CED52FD9376CFB44B54F14046AFA0067696D2B0A504C651
          Function 01A403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: #%u
          • API String ID: 48624451-232158463
          • Opcode ID: f5741876551097ee8ae40ba1e071160f27753c48ee418792b55eca9c02b98e37
          • Instruction ID: 678443abeb2ac5d7e3a289d910f40a589b0b37f849a4df16aeb5fd7dc7ab9f8d
          • Opcode Fuzzy Hash: f5741876551097ee8ae40ba1e071160f27753c48ee418792b55eca9c02b98e37
          • Instruction Fuzzy Hash: 4C713871A0014A9FDF15DFA8CA90BAEB7F8BF48704F144065E905E7252EA34EE45CB61
          Function 01A452A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: @$@
          • API String ID: 0-149943524
          • Opcode ID: 912af778a428bda5f418de49db5c3247dc02703aa62c92f6c346d9ad450d8762
          • Instruction ID: 379f05d094a8a90678a5e956555c78912f80b727a96a88b9d2315f5a60555df9
          • Opcode Fuzzy Hash: 912af778a428bda5f418de49db5c3247dc02703aa62c92f6c346d9ad450d8762
          • Instruction Fuzzy Hash: 6A328B709083518BDB25CF19C59073EBBF1AFC5744F18492EFA959B290E734D984CB92
          Function 01A3A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
          Download Yara Rule
          Strings
          • LdrResSearchResource Exit, xrefs: 01A3AA25
          • LdrResSearchResource Enter, xrefs: 01A3AA13
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
          • API String ID: 0-4066393604
          • Opcode ID: 60c62abfa36ae786f2dfe155f8c04d57351908ab70935a00bef2b415933882dc
          • Instruction ID: b65dee68c30d2904e250557c799bc9bec8c7f7db14ee36598a95dc5080d63f55
          • Opcode Fuzzy Hash: 60c62abfa36ae786f2dfe155f8c04d57351908ab70935a00bef2b415933882dc
          • Instruction Fuzzy Hash: 29E16371E00229AFEF26CFA9C984BAEBBB9FF84310F144526F941E7251D7749981CB50
          Function 01AFA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: `$`
          • API String ID: 0-197956300
          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
          • Instruction ID: 74827e55aab53ecb4ae2cd930923e6c79169fb079cffc9e0926fb9390439a6ca
          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
          • Instruction Fuzzy Hash: 8BC1C0312043429BE725CFA8C944BABBBE5AFC4358F084A2DF69ACB291D774D505CB51
          Function 01A30CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
          Download Yara Rule
          Strings
          • Failed to retrieve service checksum., xrefs: 01A8EE56
          • ResIdCount less than 2., xrefs: 01A8EEC9
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
          • API String ID: 0-863616075
          • Opcode ID: 18aaa4c0aa179c4ac38d09d32b42353d3895469150cb59aa00ae7d8dad362674
          • Instruction ID: 9263c81fe9ebca245a0b6a2c7577f9c39c43c8f9d3e2e5cdcee6ec24f540e486
          • Opcode Fuzzy Hash: 18aaa4c0aa179c4ac38d09d32b42353d3895469150cb59aa00ae7d8dad362674
          • Instruction Fuzzy Hash: 1EE1E2B19087849FE324CF15C581BABBBE4BB88314F008A2EF59987391DB749909CF56
          Function 00E52730 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: !r6$r6
          • API String ID: 0-3331785523
          • Opcode ID: ae49cfd3c3e7675c8e1edc6bacffc193e4d4f2fb280bc1bee83b1f1ec72f1648
          • Instruction ID: ca4bf9eae7550dc7323955bf113cdf8ebfb52529e88103d3572f0a1ca01bb10f
          • Opcode Fuzzy Hash: ae49cfd3c3e7675c8e1edc6bacffc193e4d4f2fb280bc1bee83b1f1ec72f1648
          • Instruction Fuzzy Hash: 0251D032B005094BDF1CC96CC8912A97796EBE531AF18553EDE05EF385EA35ED198680
          Function 01AAE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: Legacy$UEFI
          • API String ID: 2994545307-634100481
          • Opcode ID: a6461648881eb5972f60c442a3a0b1dd28329d60b00799d95204791597a127a9
          • Instruction ID: 410eac7efc05158c32e3a3148a8634167e126a881c5f465fdbc388cfec81d3fd
          • Opcode Fuzzy Hash: a6461648881eb5972f60c442a3a0b1dd28329d60b00799d95204791597a127a9
          • Instruction Fuzzy Hash: 86614CB1E003199FDB15DFA9C980BAEBBB5FB48700F54406EE659EB291D731AD00CB50
          Function 01AD43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: @$MUI
          • API String ID: 0-17815947
          • Opcode ID: 715526df6c4769c2bf31768fda5a5d32187ecbd88ba443da878b0c781f905304
          • Instruction ID: 2a0e6884a5cbe3399d23a2ed068cc035d92e108372babec5e4120e8c66ed8bbb
          • Opcode Fuzzy Hash: 715526df6c4769c2bf31768fda5a5d32187ecbd88ba443da878b0c781f905304
          • Instruction Fuzzy Hash: 0E5118B1D0061DAFEF11DFA9CD90BEEBBB8EB48754F10052AE611B7690D6309E45CB60
          Function 01A304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
          Download Yara Rule
          Strings
          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01A3063D
          • kLsE, xrefs: 01A30540
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
          • API String ID: 0-2547482624
          • Opcode ID: ce92ef1e3b5f63ec5e8c7cf6139d843705f8794117111840685cc7f8ac5bca53
          • Instruction ID: 2bc2c8bb538adb975f23d2c8b771a7d261fcc4c6151067162800a14cfbedbf0f
          • Opcode Fuzzy Hash: ce92ef1e3b5f63ec5e8c7cf6139d843705f8794117111840685cc7f8ac5bca53
          • Instruction Fuzzy Hash: A2519B716047429BD725EF79C6407A7BBE4AFC4304F14883EFAAA87281E7B0D545CB92
          Function 01A3A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
          Download Yara Rule
          Strings
          • RtlpResUltimateFallbackInfo Enter, xrefs: 01A3A2FB
          • RtlpResUltimateFallbackInfo Exit, xrefs: 01A3A309
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
          • API String ID: 0-2876891731
          • Opcode ID: a8623b46680069efa05b0a11082451247357aeadea80b9cfd1a4213e295659ec
          • Instruction ID: 219bad393818f83bdab1cc713bc5cfaeefa6b356f15b9b22faf5938613e74fdb
          • Opcode Fuzzy Hash: a8623b46680069efa05b0a11082451247357aeadea80b9cfd1a4213e295659ec
          • Instruction Fuzzy Hash: CE41A135A04665DBDB15CF69C880B6D7BF4FF85700F184066E944DB291E375D940CB50
          Function 01AB07C3 Relevance: 2.6, Strings: 2, Instructions: 114COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: ^p=$^p=(
          • API String ID: 0-1245551376
          • Opcode ID: 4de80d7772a51535b810368c0b678b97f35722bd516b92b6f569ecfd7d60d5a8
          • Instruction ID: c0e5a29d1f4b4207b724fb31ad723a563b3cd325853cbcf0614a876df0b6eda7
          • Opcode Fuzzy Hash: 4de80d7772a51535b810368c0b678b97f35722bd516b92b6f569ecfd7d60d5a8
          • Instruction Fuzzy Hash: 59419D72508345AFD321DF69C984B9BBBE8FF88764F004A2EF998C7251D7709905CB92
          Function 01A6A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: Cleanup Group$Threadpool!
          • API String ID: 2994545307-4008356553
          • Opcode ID: 6373d0d2a873ed6bf9108f6d8b768b8b012bcaff88bbbe9198f11b3ee213d190
          • Instruction ID: 57fb5879e13c091ff70214abbf57359001f3501ffbaa15ae1ddc6e67d1e2072d
          • Opcode Fuzzy Hash: 6373d0d2a873ed6bf9108f6d8b768b8b012bcaff88bbbe9198f11b3ee213d190
          • Instruction Fuzzy Hash: 9201DCB2640740AFD322DF24CE49B2677E8E784B25F048939F658C71D0E334E808CB46
          Function 01A3C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: MUI
          • API String ID: 0-1339004836
          • Opcode ID: bb91e810df7f190e42f0fc39ff451a0379b5f6cb258663bf0663c52c6b58a76b
          • Instruction ID: fe7a006f8154ed1c5c1baf6b7f2dbba68887d5d14c9973e5007ae2ebc582a77a
          • Opcode Fuzzy Hash: bb91e810df7f190e42f0fc39ff451a0379b5f6cb258663bf0663c52c6b58a76b
          • Instruction Fuzzy Hash: E3826A75E00218DFEB25CFA9C980BEDBBB5BF88720F14816AE919AB255D7309D41CB50
          Function 01A82F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: P`vRbv
          • API String ID: 0-2392986850
          • Opcode ID: 2f64576f67eef19d3bc91f935893d4e412d681a5b98a753d04495711c38ef5dc
          • Instruction ID: 96420efc27ca8f653300897a44f9e2e48b09c964eab55fa3c4629beaefe4978a
          • Opcode Fuzzy Hash: 2f64576f67eef19d3bc91f935893d4e412d681a5b98a753d04495711c38ef5dc
          • Instruction Fuzzy Hash: A842D271D0425AAEEF29FBACD8446BDBFB1FF04B14F18806AE541AB291D774CA81C750
          Function 01ADCD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: @
          • API String ID: 0-2766056989
          • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
          • Instruction ID: 4a54476488853af4b1f43575019e23a578d202c11efbd09998f01a8ecaf8b9da
          • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
          • Instruction Fuzzy Hash: C2621870D012188FCB98DFAAC4D4AADB7B2FF8C311F648199E9816B745C7356A16CF60
          Function 01A52E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: eae40d56828bd937581a5cebbf908e6418c44283828980988b6f4e7cf2b630ee
          • Instruction ID: 503af0884103875c9b9d7f0b56d8e1b036da94799bf1b3c8630b8b3a6f01c374
          • Opcode Fuzzy Hash: eae40d56828bd937581a5cebbf908e6418c44283828980988b6f4e7cf2b630ee
          • Instruction Fuzzy Hash: DEF16E71608746DFDFA5CF28C580A6ABBE1BFC87A0F04486DED4987241DB34D949CB52
          Function 00E663EE Relevance: 1.7, Strings: 1, Instructions: 424COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: (
          • API String ID: 0-3887548279
          • Opcode ID: 28720dce4b2af20554d71485ce126e1e39c579eba80ffa1510c2560cce79f364
          • Instruction ID: 40fda2ac450e5867d77a4b5403d36f125c1548aff7395af4ac21c4c77d6cbf7f
          • Opcode Fuzzy Hash: 28720dce4b2af20554d71485ce126e1e39c579eba80ffa1510c2560cce79f364
          • Instruction Fuzzy Hash: 14021CB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
          Function 00E663F3 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: (
          • API String ID: 0-3887548279
          • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
          • Instruction ID: 32605ff9ef2852aa74102258308b93a5b7d39f35d5bba182162737e86e7eb5e2
          • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
          • Instruction Fuzzy Hash: 39021DB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
          Function 01A32FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: PATH
          • API String ID: 0-1036084923
          • Opcode ID: d9ead8cbc15f20a958e030b259598ca9d538a682eb583df7b530b33bcb5d54a3
          • Instruction ID: cc109a0d7acb333e9af586c270527ff9fafa853d4c37fa6bf3694761bd490a5b
          • Opcode Fuzzy Hash: d9ead8cbc15f20a958e030b259598ca9d538a682eb583df7b530b33bcb5d54a3
          • Instruction Fuzzy Hash: 7BF19B71E042199BDF25CFA9D980BBEBBB1FF88710F488029F945AB350D734A945CB61
          Function 01ABEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: __aullrem
          • String ID:
          • API String ID: 3758378126-0
          • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
          • Instruction ID: d9ac74772c76a2c87d6e4b9619b2bd114cafa8dfb8d21f92583fc67d92ab6c46
          • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
          • Instruction Fuzzy Hash: 0C417E71F001199FDF18DFB9C8805AEB7F6FF88320B188239D615E7291E634A9518780
          Function 01A30100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: cc04c55b69961e822af68118db755deeb3ea7865973cef788190bac9027a1adf
          • Instruction ID: c3ceebfc0f8280ac30434e03b74966ec19a94fb04a81537010666515dfb660fd
          • Opcode Fuzzy Hash: cc04c55b69961e822af68118db755deeb3ea7865973cef788190bac9027a1adf
          • Instruction Fuzzy Hash: A7A14E31A04369ABDF29DB698B45BFE7BB45FD5304F084099FE86A7282D674C940CB50
          Function 01AE4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 51de9f29af5d27969f10e886c1bf41a02e04067b4bc45ec0e2a6e8b03e74d426
          • Instruction ID: f8d06288191966de6c6468e654a7d13167c2d8f8f9959f4350802b5d862ed840
          • Opcode Fuzzy Hash: 51de9f29af5d27969f10e886c1bf41a02e04067b4bc45ec0e2a6e8b03e74d426
          • Instruction Fuzzy Hash: 57A106316043686ADB358B288D4CBFA7BEC9F5E714F080498FE85DB281D7749950CBA0
          Function 01AB6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 26b4bf9932a6b83a82efee2f79d32336fefa78785a86938a1d275cc29648a23e
          • Instruction ID: fa584ec1cd75fb6c7f86ef6b0c9470183822cf2cfcb1898ed55da1522d11bf5d
          • Opcode Fuzzy Hash: 26b4bf9932a6b83a82efee2f79d32336fefa78785a86938a1d275cc29648a23e
          • Instruction Fuzzy Hash: F6918372900259AFEB21DFA5CD85FEEBBB8EF58B50F100065F604AB191D774AD04CBA0
          Function 01ADE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 2f406a0f9a508597b8a9bada5e9512f2439b7417363f95f76f6d31a60a5aa980
          • Instruction ID: ec3c203591a0944ea6a62b07e0e8ede494990395f25d5c9c5f93e89d18efe316
          • Opcode Fuzzy Hash: 2f406a0f9a508597b8a9bada5e9512f2439b7417363f95f76f6d31a60a5aa980
          • Instruction Fuzzy Hash: 2391AE71A00A49AFDF22AFA5DD84FEFBB79EF95740F040029F502AB250DB749901CB90
          Function 01A6A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: GlobalTags
          • API String ID: 0-1106856819
          • Opcode ID: f6a95ee0d6e6909b3fc3d23cab39025acb73f80b8c69cc69e803f2d209ad998a
          • Instruction ID: 053789715e241e4e7689af7215bc815d29365e2c7e442e7e123dd69e9226dc22
          • Opcode Fuzzy Hash: f6a95ee0d6e6909b3fc3d23cab39025acb73f80b8c69cc69e803f2d209ad998a
          • Instruction Fuzzy Hash: 24717DB5E0021ADFDF29CF9CD590AADBBB1BF58700F58812EE90AA7241E7359941CF50
          Function 00E51260 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: sHM
          • API String ID: 0-1294282591
          • Opcode ID: 678f2e120bb2f3c93f06eb1fc0f7005874e72c9aaa72bc5fce1cf236d45105b1
          • Instruction ID: 27330183ed92e8258f78ba485b90b037f1ab7e564e7cd492c02ff90e001989e7
          • Opcode Fuzzy Hash: 678f2e120bb2f3c93f06eb1fc0f7005874e72c9aaa72bc5fce1cf236d45105b1
          • Instruction Fuzzy Hash: D0618C71E1060A8BCF08CF99C8501EDB771FF99318F25969AE9187F250EB759A81CB81
          Function 01AD4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: .mui
          • API String ID: 0-1199573805
          • Opcode ID: 5761176a9104a3daccfd94928a38416901b1565ac8c234eaa0652e20ba742bd8
          • Instruction ID: 3c7e45db47d82252c0afaeb5e960e94c68a9372d25b4946b1402eb3dadddc474
          • Opcode Fuzzy Hash: 5761176a9104a3daccfd94928a38416901b1565ac8c234eaa0652e20ba742bd8
          • Instruction Fuzzy Hash: 3A51A472D0062A9FDF11DF99D940BAEBBB4BF18A10F094129EA12BB650D7349D01CFE5
          Function 01A4E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: EXT-
          • API String ID: 0-1948896318
          • Opcode ID: aaaa028135f69cb1ff70cba2c3d2246d037080324f4df1e9632784a44543a2be
          • Instruction ID: 5dfab2bb0fd58fee095f923dfd186b4771284ed8f12129585f7b2bb0f0142f3f
          • Opcode Fuzzy Hash: aaaa028135f69cb1ff70cba2c3d2246d037080324f4df1e9632784a44543a2be
          • Instruction Fuzzy Hash: 99416072608352ABD711DB79D980B6BBBE8BFC8724F440D2DFA84D7180E778D9048796
          Function 01AAC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: BinaryHash
          • API String ID: 0-2202222882
          • Opcode ID: c54381e745fbe489812e571d9c53aae65c4e542c7ad901c133c3f7a837297fcf
          • Instruction ID: 0b525d613e1c40900d89654ffbf05699665c76df32e30fabdef12857c046d108
          • Opcode Fuzzy Hash: c54381e745fbe489812e571d9c53aae65c4e542c7ad901c133c3f7a837297fcf
          • Instruction Fuzzy Hash: E44145B1D0012DABEB21DB60CD84FDEB77CBB55724F4045A5EB08AB144DB709E898FA4
          Function 01AC6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: #
          • API String ID: 0-1885708031
          • Opcode ID: 1219159d134e60f72c5b50e4ba4bc91c332c95e895dd2680fa303dc49934a272
          • Instruction ID: 17163c4e67f9e6828f9ba17d26d34ca12d37245eda2bd6689e9cdaf6e1a97d8a
          • Opcode Fuzzy Hash: 1219159d134e60f72c5b50e4ba4bc91c332c95e895dd2680fa303dc49934a272
          • Instruction Fuzzy Hash: FC31E331A046199BEB22DF69C850BFE7BB8EF45B04F14402CE959AB382DB75D905CB50
          Function 01AB892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
          Download Yara Rule
          Strings
          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01AB895E
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
          • API String ID: 0-702105204
          • Opcode ID: 3bec69069aa92c107f896c777cde5006c8458a846eaf8e296037e20fc90419ce
          • Instruction ID: dcff3c4344f8ffd8e1032c36e7dee53adde0c33c0f64928e4d81a4b3fc0a761e
          • Opcode Fuzzy Hash: 3bec69069aa92c107f896c777cde5006c8458a846eaf8e296037e20fc90419ce
          • Instruction Fuzzy Hash: DB01F7322002A1AFEB355F5ED9C4BE67F6DEF86654B04041CF64587153CB24A845C792
          Function 01A6E8F0 Relevance: 1.0, Instructions: 985COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b56b4655b1c081252fe64e419f3ea8144a3bd27f5421627aeec3f25d934ba842
          • Instruction ID: 6be3232482d52de3e7e58bd84e226c03038be288386badf01ecf6297e373a557
          • Opcode Fuzzy Hash: b56b4655b1c081252fe64e419f3ea8144a3bd27f5421627aeec3f25d934ba842
          • Instruction Fuzzy Hash: 8E825472F102188BCB58CFADDC916DDB7F2EF88314B19812DE416EB349DA34AC568B45
          Function 01A7516C Relevance: .8, Instructions: 785COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 068b94a5adaac3a1f7f4aa1973507ddf2138e1f06d78ad8bc6d5c5c3340c4b63
          • Instruction ID: 67b766405ae31e553ba869b33f7672a416ebceaa5b8195e1de9029fc15f51b5f
          • Opcode Fuzzy Hash: 068b94a5adaac3a1f7f4aa1973507ddf2138e1f06d78ad8bc6d5c5c3340c4b63
          • Instruction Fuzzy Hash: 20628C32D0868AAFCF25CF08D8904AEBB72FE95314B49C65CC89A67605D371BB45CBD1
          Function 01AD2000 Relevance: .8, Instructions: 757COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a70716e336d1bb2554f69b13a37a96df1b3580f58cb3ef4583cf2252be1c71c4
          • Instruction ID: f1864db6f34fe6c7112b44c59ce7a1002fb2c9dd7d824831c599028785c78957
          • Opcode Fuzzy Hash: a70716e336d1bb2554f69b13a37a96df1b3580f58cb3ef4583cf2252be1c71c4
          • Instruction Fuzzy Hash: E742D171608B418BE726CF68C991B6FBBE5BF88700F08492EFA8387250D771D945CB52
          Function 01A8739A Relevance: .7, Instructions: 705COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dfe0e27a7b6d9db52389cdb041abb2831f80e9f0dce257c82f8376c9af94746c
          • Instruction ID: 722916f17505a83853a83b2a33e2c6a2e08a57ede648adb7a241af200df9f227
          • Opcode Fuzzy Hash: dfe0e27a7b6d9db52389cdb041abb2831f80e9f0dce257c82f8376c9af94746c
          • Instruction Fuzzy Hash: 5A429271A006168FDB19EF9DC490ABEFBB2FF88314B28856DD556AB341D734E841CB90
          Function 01A5B2C0 Relevance: .6, Instructions: 629COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 11fbaa2b1b4ad6d988ae8415fdaaaa25a0b64e5696cd83d42c791f416be00952
          • Instruction ID: 79f9474dac5b636edd42d3a581b6e7d9afdb64f8efaaa5a78ef9abad51bfb93a
          • Opcode Fuzzy Hash: 11fbaa2b1b4ad6d988ae8415fdaaaa25a0b64e5696cd83d42c791f416be00952
          • Instruction Fuzzy Hash: CD329E71E04219DBDF24CFA8D990BAEBBB2FF54714F180029ED05AB391E7359941CBA1
          Function 01AC8158 Relevance: .6, Instructions: 617COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0f93d4cb442f7092e0e0fc65e1845c29c250fb819db3a6f35ee73de00f485333
          • Instruction ID: 28b26288c3ba6018edc9b2dc2815adec98b10a747feb9254708d23c83ae411ca
          • Opcode Fuzzy Hash: 0f93d4cb442f7092e0e0fc65e1845c29c250fb819db3a6f35ee73de00f485333
          • Instruction Fuzzy Hash: 3A425F75E002199FEB25CF69C841BADBBF5BF88700F18819DE949EB242D7389985CF50
          Function 01A42840 Relevance: .6, Instructions: 605COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 508b8f17759e5d5a9e768ca0313f504372df42bb27484cca8f8d4a75d1e17ba4
          • Instruction ID: 3ee0c6d416b3030c120f71ad1bfb59f43bb0a3485eab3ecfc8300c50b230a88b
          • Opcode Fuzzy Hash: 508b8f17759e5d5a9e768ca0313f504372df42bb27484cca8f8d4a75d1e17ba4
          • Instruction Fuzzy Hash: 6232D274A007558FEF25CF69C9447BEBBF2BF84304F14811DE58A9B285DB35A885CB90
          Function 01ADA118 Relevance: .6, Instructions: 591COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 693510215dac74aeb67a791db9127266ac78ebb1e3b514e50ee63de585f291bf
          • Instruction ID: 97bc0235c1dec91403e4f46256a05e45684b55cd1d247f2817e97a1bbff2e7f8
          • Opcode Fuzzy Hash: 693510215dac74aeb67a791db9127266ac78ebb1e3b514e50ee63de585f291bf
          • Instruction Fuzzy Hash: FC22BD74204E618BEB25CF2DC094772BBF1AF45300F08849AE997CF286E775E592DB60
          Function 01AF16CC Relevance: .6, Instructions: 571COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eb4878ef629c1b9da9abe0ba376dfb4bd860593a9497433c2a07830957b2e73c
          • Instruction ID: e26f0eaaaa52f3abe86b3084afabb1f3c84464c8b1fed0829ac742787d205db4
          • Opcode Fuzzy Hash: eb4878ef629c1b9da9abe0ba376dfb4bd860593a9497433c2a07830957b2e73c
          • Instruction Fuzzy Hash: E922A035A00216CFDB19CF99C590ABAB7F2FF88314F28456DEA55DB345DB30A942CB90
          Function 01A58DBF Relevance: .6, Instructions: 554COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 499732006d93438ccb7f8d5bd976a0438dc5a19622bdeb859b3e07a15f82200b
          • Instruction ID: 95ea3b9107d1f0fc47f88ddfb1cc9221d6ef8c599c4706fd2ba823eb15326039
          • Opcode Fuzzy Hash: 499732006d93438ccb7f8d5bd976a0438dc5a19622bdeb859b3e07a15f82200b
          • Instruction Fuzzy Hash: 14223E70E04116DBCF55CFAAC5809BEFBF6BF48714B18805AE945AB242E738D981DB60
          Function 01AF2446 Relevance: .5, Instructions: 485COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e4c65f50a0872beeceafebc0fe4f23ae61e8273b7b4ee3543d8d8b31c082b7b8
          • Instruction ID: 18e22348f6c8634d77ad593ef32db5931814445577dc12510fd4895a70cd886e
          • Opcode Fuzzy Hash: e4c65f50a0872beeceafebc0fe4f23ae61e8273b7b4ee3543d8d8b31c082b7b8
          • Instruction Fuzzy Hash: D102D2746046518BDB65CFADC4903B5BBF1AF85300B58819FFAD6CB282D738D846DB60
          Function 01A85630 Relevance: .5, Instructions: 458COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
          • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
          • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
          • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
          Function 01AF41A2 Relevance: .5, Instructions: 452COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3a7939163bcd6e81c895abe508375f9fbab01129e8d50fef55743233767091b7
          • Instruction ID: acf7962d3b0523204dfa7e570952bdb230ff7644dfe0725a9f536af378174ce8
          • Opcode Fuzzy Hash: 3a7939163bcd6e81c895abe508375f9fbab01129e8d50fef55743233767091b7
          • Instruction Fuzzy Hash: AD028D71E00219CFCB15CF99C4906AEBBB2FF8C314F29856DE656AB351E730A942CB50
          Function 01B0B16B Relevance: .4, Instructions: 450COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 39cef6853d2ee7b9e2f9e2e0bea281f6b1a87f1e370fc92fabe6f35a3a583b0a
          • Instruction ID: ce1ce3961302bdf7c70b2f470eb93873260b548eff9c531a64a6146a6da54c36
          • Opcode Fuzzy Hash: 39cef6853d2ee7b9e2f9e2e0bea281f6b1a87f1e370fc92fabe6f35a3a583b0a
          • Instruction Fuzzy Hash: B2F1D276E002118BCB1DCE69CAA067EBFF5EF9821071A41A9D856DB2C1E734EA41CB50
          Function 00E5FC63 Relevance: .4, Instructions: 435COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
          • Instruction ID: 6c5267110870e2132185e229fccb3be54fe4f9d8c90235a0cf8ac0498139aebb
          • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
          • Instruction Fuzzy Hash: 5F026E73E547164FE720CE4ACDC4765B3A3EFC8311F5B85B8CA142B613CA39BA525A90
          Function 01B0A9A6 Relevance: .4, Instructions: 425COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8329d44eda1ca7d5e437065b9f274025c07f326d5f147a4e956b3592985439cc
          • Instruction ID: 1670c33b19e23d8035169a11bae968e45b329c498b904cbc28ef646b835795ca
          • Opcode Fuzzy Hash: 8329d44eda1ca7d5e437065b9f274025c07f326d5f147a4e956b3592985439cc
          • Instruction Fuzzy Hash: 19F1B472E006269BCB2ECE68C9A05BDFFB5EF5420071946A9D856EB3C0D734DE41CB90
          Function 01A54A35 Relevance: .4, Instructions: 423COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
          • Instruction ID: ce56c8ef9105c29e90566d30d229a7b3fc766d83098149ed789c67f431a45996
          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
          • Instruction Fuzzy Hash: C2F15C71E0421A9BDF55CFA9D580BAEBBF5AF48714F098129ED05AB340E774E881CB60
          Function 01AE2F30 Relevance: .4, Instructions: 412COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b0334e57ca8ff545103dd1ca905563f70e7494b6bd5df442752d8b3a6527f778
          • Instruction ID: 314080e4f3762eb6597bec6a5bcc9c5f7df3c248ffbb4298e66f128580ce5c19
          • Opcode Fuzzy Hash: b0334e57ca8ff545103dd1ca905563f70e7494b6bd5df442752d8b3a6527f778
          • Instruction Fuzzy Hash: DDE1E171A042869FDF24CFACD4487BEBBF1BF48310F08845EE486AB281D775A985CB51
          Function 01AC892B Relevance: .4, Instructions: 386COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a3874f1b274045e154a5493baf8b3d350e7bdf8e0a3efa6c270fab703d6e1dbe
          • Instruction ID: c9b2b08d1d970f02464d33991c1ed84e6050aa55d883365b2127a1fe97ba6ee6
          • Opcode Fuzzy Hash: a3874f1b274045e154a5493baf8b3d350e7bdf8e0a3efa6c270fab703d6e1dbe
          • Instruction Fuzzy Hash: 85D1FDB1A0060A9BDF15CF68C841AFEBBF1BF88B04F19816DD855E7241E739E9058B60
          Function 01A365D0 Relevance: .4, Instructions: 383COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: caece917a4b2e834d2c4bbabd2fee88eaf9539a47c5dc3fd8fd9cad8e8404eaa
          • Instruction ID: 7de556d0f2a03b8b03e73b8e349f2c1e3c4f04165c541aba7117aae453cfd05a
          • Opcode Fuzzy Hash: caece917a4b2e834d2c4bbabd2fee88eaf9539a47c5dc3fd8fd9cad8e8404eaa
          • Instruction Fuzzy Hash: F2E17A716083429FC715CF28C590A6ABBE0BFC9314F15896DF99987351EB31EA05CB92
          Function 01A28397 Relevance: .4, Instructions: 380COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1407f96fe66603e9ddd50459c042fbe033c3067ada09d90a37b024b00745cfd0
          • Instruction ID: 7fdd1a28a25fd29128c0875d721e1bc8296c0d5465ac0a82cf5b9850f4e87618
          • Opcode Fuzzy Hash: 1407f96fe66603e9ddd50459c042fbe033c3067ada09d90a37b024b00745cfd0
          • Instruction Fuzzy Hash: B7D10371A002269BDB14DF6CC990ABA77F5FF54308F08462DF916DB281E738E954CB60
          Function 01A5C6E0 Relevance: .4, Instructions: 367COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8c6e2c8204ebeb1445482a2ff55d679535c5b6dfbac7f40ae2d2195cbfb8235b
          • Instruction ID: c531f5d2544f293d75ad1c3dc2c1a8b1f5b7fee3d81c607507ce9f22c64d6ccf
          • Opcode Fuzzy Hash: 8c6e2c8204ebeb1445482a2ff55d679535c5b6dfbac7f40ae2d2195cbfb8235b
          • Instruction Fuzzy Hash: 3ED15F31E083198BEF69CF9CC5453BDBBB9EB44320F18801AD942A769ED7748981CB45
          Function 01A438E0 Relevance: .3, Instructions: 349COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 600fe50e7d8211cb7c8dcf7154df972726645650d92f1b96cc3f84932739df13
          • Instruction ID: 7d90297c0288d1c451d9093e6cdca32947bf26206364228b37ae4f35cf1ea7bf
          • Opcode Fuzzy Hash: 600fe50e7d8211cb7c8dcf7154df972726645650d92f1b96cc3f84932739df13
          • Instruction Fuzzy Hash: 5FE1AF75A00215CFDB28CF59C890BAABBF1FF98310F288159E855EB391D734EA45CB90
          Function 01A4CFE0 Relevance: .3, Instructions: 345COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e6bcb052973f4c00bcba2a47bb455df003d0e672183aeefe279504e127d93540
          • Instruction ID: 597190f6d8d052cb781bb6b62e3796a58c2748b479a5ff702b4b1491b4208c0f
          • Opcode Fuzzy Hash: e6bcb052973f4c00bcba2a47bb455df003d0e672183aeefe279504e127d93540
          • Instruction Fuzzy Hash: 59D1B631B003258FEB35CF99C894BAAB7B5BBE9314F0440E9D909A7241DB74AD85CF51
          Function 01B095C3 Relevance: .3, Instructions: 326COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6fa37850de56ebd89a121df60052d7988e9aa96addcecfa24182d83265531c77
          • Instruction ID: 7181650ec972afcd9522ef3af62922382f23b80607650cc19f0b6452ae766598
          • Opcode Fuzzy Hash: 6fa37850de56ebd89a121df60052d7988e9aa96addcecfa24182d83265531c77
          • Instruction Fuzzy Hash: 61B19DB1910215AFFB2A8B24CC55FBB7AADEB04754F0442D9B91DE62C1DB709F848B60
          Function 01AB8243 Relevance: .3, Instructions: 322COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
          • Instruction ID: 1c18299c762aa02e1961fa71cb590ed377e1b46e2b0effae56793c5615bb5485
          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
          • Instruction Fuzzy Hash: 20B17F74A00745AFDB24DF9DC980AEBBBBDFF84304F14446DAA1297796DA38E905CB10
          Function 01A40535 Relevance: .3, Instructions: 300COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
          • Instruction ID: 06167caacea5cc730e198a24a89ee2c977a65bf601ee9310eff540cb99b5af21
          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
          • Instruction Fuzzy Hash: 3AB107316006469FDF25DB68CA50BBEBBF6EF88300F184555E652D7281D730ED81DB91
          Function 01A383C0 Relevance: .3, Instructions: 281COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 456e4bc2425234520f8c152858a477dd63b9934d450f833818dfd724ccfe64b4
          • Instruction ID: b597e1e1d3f316d7c8ef0a80185fb57ea37cfa6515977c530674bca1c7e839b9
          • Opcode Fuzzy Hash: 456e4bc2425234520f8c152858a477dd63b9934d450f833818dfd724ccfe64b4
          • Instruction Fuzzy Hash: A4C149741083818FDB64CF19C484BABB7E5BF88304F44496DF98987291D778EA49CF92
          Function 01A2C427 Relevance: .3, Instructions: 280COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d9bdbc032592a61ddab97be304a8b58fc2e1884dc55d4cbb020449e32e3aff22
          • Instruction ID: a20ed503111003a04603cf57fea791ac782f4520551d1b74fb7062dc9a9e29a8
          • Opcode Fuzzy Hash: d9bdbc032592a61ddab97be304a8b58fc2e1884dc55d4cbb020449e32e3aff22
          • Instruction Fuzzy Hash: 13B17070A402668BDB74DF68C990BADB3B5EF44710F0485EAD50AEB245EB70DDC6CB21
          Function 01A5E5E7 Relevance: .3, Instructions: 278COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ec6e4106c7f8ed36e13713cbd25ad413577e5a76d0c70f310e21a9c8b8df4b82
          • Instruction ID: 99d6f4038d196040610b5e57d57132ad9f26d5a06eaa95c9757408ab03cca884
          • Opcode Fuzzy Hash: ec6e4106c7f8ed36e13713cbd25ad413577e5a76d0c70f310e21a9c8b8df4b82
          • Instruction Fuzzy Hash: 0DA12231E04259AFEF21DF98C944BAEBFF4AF04754F084121EE50AB691D7749E80CB91
          Function 01A70185 Relevance: .3, Instructions: 276COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 646dd38011567310639d63274b635a9ee1a29011a242960a28aa86173ddf9d10
          • Instruction ID: 8845ef24934e709ccea183f4a4f1527fbae11caec15794d95f1b8252594926e2
          • Opcode Fuzzy Hash: 646dd38011567310639d63274b635a9ee1a29011a242960a28aa86173ddf9d10
          • Instruction Fuzzy Hash: 94A1D171B00616DFDB25CF69CA90BAAB7F5FF55318F044029EA45D7282DB34EA05CB90
          Function 01B04500 Relevance: .3, Instructions: 275COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e290be0bc33cb3fdcbaa42ec052614d5adeb3fe749f6890475051fe32b883741
          • Instruction ID: 381f26bfb9ec9b9ef8334accac116647ad428ff1229583074c696d3974c7469f
          • Opcode Fuzzy Hash: e290be0bc33cb3fdcbaa42ec052614d5adeb3fe749f6890475051fe32b883741
          • Instruction Fuzzy Hash: D2A1C172A04611DFC72ADF18C980B6ABBE9FF88704F0509ADF6459B691D334ED05CB91
          Function 01B02B57 Relevance: .3, Instructions: 266COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
          • Instruction ID: 209c6bb535ed234c667bfcce09f1183b54da63a4e14437c396126fce5a1e287b
          • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
          • Instruction Fuzzy Hash: 2BB13D71E0061ADFDF2ACF99C984AADBBB5FF48310F1481A9E915A7390D730AD45CB90
          Function 01AB60E0 Relevance: .3, Instructions: 264COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0fda75d6c1535aa6498c725aca6fb294dbbba6237ef0ea09ce4e061581336e10
          • Instruction ID: dee429198cce276245e60b1092a13fadf036d4ef111c676ffa77cbd4ffbf9351
          • Opcode Fuzzy Hash: 0fda75d6c1535aa6498c725aca6fb294dbbba6237ef0ea09ce4e061581336e10
          • Instruction Fuzzy Hash: 6891B171D00256AFDB15CFA9D8C4BFEBFB9AF48710F154169EA19AB342D734D9008BA0
          Function 01A4E3F0 Relevance: .3, Instructions: 261COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fd07f769d54f652b0ecdc6817533522b6c5ca986b7239543565d8601f4b186f9
          • Instruction ID: 4b59b61aaddadfffeca43ba5084432385b8706ed64671c4d3aae43131723aac2
          • Opcode Fuzzy Hash: fd07f769d54f652b0ecdc6817533522b6c5ca986b7239543565d8601f4b186f9
          • Instruction Fuzzy Hash: 02912331A00622DBEB25DB68C980BBEBBF1FFD4714F098069ED059B251E738D941C792
          Function 01A64750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
          • Instruction ID: 9e0acfd5c11a7c643a3b30f5ff69dfd21d71ea6114c0b68b86d9c0dd8f336238
          • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
          • Instruction Fuzzy Hash: 94812831A043968FEF224EACC8C126DBF79FF56200B6C467AD5429B241C375AC86C791
          Function 01AFF7B0 Relevance: .2, Instructions: 242COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d547920d1e9d8ca5f1471c4499460d36397410d9472a85adb62362386601ead1
          • Instruction ID: ee70e6908a8590b93b7bc2001e58675052e4d40ac854dfcaf3f25b7fafc83b88
          • Opcode Fuzzy Hash: d547920d1e9d8ca5f1471c4499460d36397410d9472a85adb62362386601ead1
          • Instruction Fuzzy Hash: B191D273A00216AFEB26CFA8C98076ABBE1EF44310F04857DFA55DB295D774E905CB90
          Function 01AFF43F Relevance: .2, Instructions: 241COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 796e723575c5e2da7bc5b595219320060852269f34c11806c3f2d380a77aa592
          • Instruction ID: 87d4351143a774d3c32e08ae71be9e86f1885582b5559fe4eaf3e23d331bc071
          • Opcode Fuzzy Hash: 796e723575c5e2da7bc5b595219320060852269f34c11806c3f2d380a77aa592
          • Instruction Fuzzy Hash: A791E032A001058FDB19CF79C8906BABBF1EF88311F19826EE955DB38ADB34D905CB50
          Function 01AF81CC Relevance: .2, Instructions: 232COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a044a2913b20e28f3e353aabdb4b15c86db2a71574e1c50e39343832cc4347f5
          • Instruction ID: ba04aad810f3e6d1727a10367ead090ac3c45271e02f12fe0ccd7f62dbd196b7
          • Opcode Fuzzy Hash: a044a2913b20e28f3e353aabdb4b15c86db2a71574e1c50e39343832cc4347f5
          • Instruction Fuzzy Hash: 3B819676E005159BCB14CFADC8805AEB7F5FF88325B18432EEA21E7294D778E951CB90
          Function 01A40E59 Relevance: .2, Instructions: 231COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c0528b60c182e606e0d2ad37282d8697d06fda58b907e47c2d1d37fd014f2cd6
          • Instruction ID: 4b2ba37a8545b8dfb6a38a01d456c997babe5cb09ed1d4c4ccf593c207e07470
          • Opcode Fuzzy Hash: c0528b60c182e606e0d2ad37282d8697d06fda58b907e47c2d1d37fd014f2cd6
          • Instruction Fuzzy Hash: 5681B471A00519DFDB25CF6DC9809AEBBB2FFC5310B28C2A9E9549B349D730E941DB90
          Function 01A86ACC Relevance: .2, Instructions: 226COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a15827913d8eeff7d598d4462c106f45577af2122516e37989a9b11daa22f0ea
          • Instruction ID: d0cc6a06c5c8314aa3ab7ce661665feeaaf8cc2180dc9166785e295106fcc130
          • Opcode Fuzzy Hash: a15827913d8eeff7d598d4462c106f45577af2122516e37989a9b11daa22f0ea
          • Instruction Fuzzy Hash: AB81A4B1E006169BEB25DF69C940ABEBBF9FF48700F04852EE449D7640E334D941CBA4
          Function 01AEE4F6 Relevance: .2, Instructions: 224COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d9349396dc952fcd4ab929bafb409da1ac96052b12f67f50e1da367df6aada0c
          • Instruction ID: 01bc541e8bcda86bc5e9bd9c911758e77ac3d8ceac8fa0fc1fc8bb7a07516a4d
          • Opcode Fuzzy Hash: d9349396dc952fcd4ab929bafb409da1ac96052b12f67f50e1da367df6aada0c
          • Instruction Fuzzy Hash: 76818072E002159BDB28CFA9C9946ADFBF1EF88310F19816AD916EB385D734DD41CB90
          Function 01AFAB40 Relevance: .2, Instructions: 222COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
          • Instruction ID: 6a72f104e7725033707b84ebca5d89e0f10222de45bb753ccdbad158419a1c04
          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
          • Instruction Fuzzy Hash: 22817131A002099FDF19CFD9C590AAEBBB6AF84310F18856DEA199B385D734D906CB50
          Function 01A6E284 Relevance: .2, Instructions: 212COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b0cd540807d6b58b550c9f2102cf206af8fd0fcdf4c9981c072cef582dc37f21
          • Instruction ID: 79da00344aa2eeefbd9a6bf7722f9f88e9bfa32aa1964804c15e1cbc366dce63
          • Opcode Fuzzy Hash: b0cd540807d6b58b550c9f2102cf206af8fd0fcdf4c9981c072cef582dc37f21
          • Instruction Fuzzy Hash: 34818E75A00609EFDB25CFA9C980BEEBBFAFF88354F144429E555A7250D730AC05CB60
          Function 01A5B950 Relevance: .2, Instructions: 209COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2fe005929ccd45b4cb44010c5958022ee44e9688580dbc8075b269ff65a39ca6
          • Instruction ID: 1af29e66aab683d1a46e957bfe53fe80e02c072b8fd64b5abc3018ca0e821560
          • Opcode Fuzzy Hash: 2fe005929ccd45b4cb44010c5958022ee44e9688580dbc8075b269ff65a39ca6
          • Instruction Fuzzy Hash: 7E71D5302086519FEBA4CF29C94073677E2AB84706F18855DEE96CB1C6D735E846CB70
          Function 01A4C640 Relevance: .2, Instructions: 206COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d167ae2bb841ab9fd52a0af5951c1ba55a083a6d1f543be8c92e4fea9ff59123
          • Instruction ID: c20afebd32764ea750579d451c152858c673e0170b18d48186b25d64e54c5f21
          • Opcode Fuzzy Hash: d167ae2bb841ab9fd52a0af5951c1ba55a083a6d1f543be8c92e4fea9ff59123
          • Instruction Fuzzy Hash: 2D71DFB5D05269DBCB25CF59C8907BEBBF0FF99720F18411AE846AB354D7389844CBA0
          Function 01AE47A0 Relevance: .2, Instructions: 202COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 393cd995104f7ad9b73b64c054f5d392e5e065b92cc15e25a1ab6082c6742852
          • Instruction ID: 3bb71c21b32faf613d9f6e9c12e5d7d340c794cba3614de05c4450ca09493c5c
          • Opcode Fuzzy Hash: 393cd995104f7ad9b73b64c054f5d392e5e065b92cc15e25a1ab6082c6742852
          • Instruction Fuzzy Hash: 0D71B6B0A00209EFDB34EF99DA48E9ABBFCFF98350F10415AEA14E7258D7359944CB54
          Function 01A4260B Relevance: .2, Instructions: 201COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5bf2b2a069265fc26746114b1fef6f9ebc5fc385a30e6a3fb6c6f431d24b3b63
          • Instruction ID: b9168b0f9a1f685f9fea80466b12f7328e0cd72098c08d2f85b4791e60c6dc9d
          • Opcode Fuzzy Hash: 5bf2b2a069265fc26746114b1fef6f9ebc5fc385a30e6a3fb6c6f431d24b3b63
          • Instruction Fuzzy Hash: 3071AD356046428FD712DF28D484B2AB7E5FFC8310F0885AAF8998B352DB74D845CB91
          Function 01AF70E9 Relevance: .2, Instructions: 201COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fc79a9a08554acada1be5bac75c194ae59b375f2b6900505b465c056c650c242
          • Instruction ID: d656541af2ced144436c9f5d46f893f8ef4ded1b50a79ebe6a46408d6a290657
          • Opcode Fuzzy Hash: fc79a9a08554acada1be5bac75c194ae59b375f2b6900505b465c056c650c242
          • Instruction Fuzzy Hash: F061C175E0031BABDB11EFE9C981ABFB77AAF54210F14442EFB11A7240EB74D9458B90
          Function 01AEF0CC Relevance: .2, Instructions: 199COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f2c386f5f7b9f7140300cc9a23ea16b8fb5fdf31921595914d4bd94a04a2b871
          • Instruction ID: 0ac8122a2fc7165d1e48101d706c9d77edd55bade380cd8c2ee10bfc4bfdfb42
          • Opcode Fuzzy Hash: f2c386f5f7b9f7140300cc9a23ea16b8fb5fdf31921595914d4bd94a04a2b871
          • Instruction Fuzzy Hash: EA719D79A01726DFDB24CF5AC48417ABBF1FF89704B69486EDA8297240D374E980CB90
          Function 01AB035C Relevance: .2, Instructions: 198COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
          • Instruction ID: 7fa1aae7dc732d5122aed7dc892adf58a5e4a0049f261bafd6c87c156b16c68d
          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
          • Instruction Fuzzy Hash: 09716F71E0065AAFDB10DFA9CA84EEEBBB8FF88710F104569E505A7251DB34EA05CB50
          Function 01AC62A0 Relevance: .2, Instructions: 198COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8c0c2456f622bd4e72bff3031cfca2b78b858c5c4f35f857b8a9ab43f8be5f56
          • Instruction ID: f78049e3a00f3d798cf93e5f7134845f95d840f820832cd61e75414cbabc4169
          • Opcode Fuzzy Hash: 8c0c2456f622bd4e72bff3031cfca2b78b858c5c4f35f857b8a9ab43f8be5f56
          • Instruction Fuzzy Hash: CB71D232240701AFEB32DF18CA44F66BBB6EF44B60F14452CE6599B3A1D775E944CB50
          Function 01A38AA0 Relevance: .2, Instructions: 197COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5d842bc2b55e51a495580a4519921644fe83067451196ce3c9b0096799540233
          • Instruction ID: 4a3ea0f4eb310a7b9e7117a9af125b5cdf9d043cc134a83c790e33c980edfc1b
          • Opcode Fuzzy Hash: 5d842bc2b55e51a495580a4519921644fe83067451196ce3c9b0096799540233
          • Instruction Fuzzy Hash: D581D372A043469FDF28DF98D584BAEBBF1BF88310F15426AE9046B685C7349D80CB90
          Function 01B08324 Relevance: .2, Instructions: 192COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e17660ee823adad911d0a7ac446b271358a43884b3fa36fce43b18019b5b8a3f
          • Instruction ID: ac2cd6e6754e99e7894e3471ce7239530da2f427506d8e50caae3c92996fecaf
          • Opcode Fuzzy Hash: e17660ee823adad911d0a7ac446b271358a43884b3fa36fce43b18019b5b8a3f
          • Instruction Fuzzy Hash: 28711971E00219AFDF16DF94CD81FEEBBB9FF44350F104269E611A6290D774AA05CB90
          Function 01AF132D Relevance: .2, Instructions: 188COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4c6551dd174dc6fc736739288220bd1daf3e6b404cd4cfe03a151fcb810890b7
          • Instruction ID: 1c0b1442fc149724fb9a159c4c884d36d7e17e61a62e16e649cbf736e5d88fed
          • Opcode Fuzzy Hash: 4c6551dd174dc6fc736739288220bd1daf3e6b404cd4cfe03a151fcb810890b7
          • Instruction Fuzzy Hash: 36815B75A00205DFCB09CFA8C590AAEBBF1FF88310F1581ADE959AB345D734EA41CB90
          Function 01AEA250 Relevance: .2, Instructions: 184COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f1ec3657616d2179c6e144bdc7e9f939ca276082f9d259607e0930253c4b5209
          • Instruction ID: 2a6168091425ea3faa14f96c1b2e2bc570e940d38cf440fb506eba2db122c31b
          • Opcode Fuzzy Hash: f1ec3657616d2179c6e144bdc7e9f939ca276082f9d259607e0930253c4b5209
          • Instruction Fuzzy Hash: 1B51CF72504712AFD722DE68C988E5BBBE8EBC8750F014929FA41DB151D770ED05CBA2
          Function 01AFCE93 Relevance: .2, Instructions: 172COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
          • Instruction ID: 6e14327da27bdf38b799db7e7a62f6bd66804492dbb2305a6720b549a58923bb
          • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
          • Instruction Fuzzy Hash: 6D51253260430A4BD715CFAEC850B6BFBE6AFD1260F19846DFA56C724ADA30D909C791
          Function 00E5FA43 Relevance: .2, Instructions: 165COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
          • Instruction ID: 048d65227247dce495efadc1ff44b2397cfa1d277b14868f832cc56ff8c2f49a
          • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
          • Instruction Fuzzy Hash: 825171B3E14A254BD318CE09CC40631B792FFD8312B5F81BADD199B357CA74E9529A90
          Function 01AD8350 Relevance: .2, Instructions: 161COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f140711b12bebde7cea1bc4034b07e1196497804f904b214b550433d16be6d58
          • Instruction ID: a963d4047ab0f0a11361cb003073c3315e5c747027b81568492aba1d883b2781
          • Opcode Fuzzy Hash: f140711b12bebde7cea1bc4034b07e1196497804f904b214b550433d16be6d58
          • Instruction Fuzzy Hash: B751B070900B05DFD721DFAAC980AABFBF8BF94710F10461ED297976A1C774A545CB50
          Function 00E5FA41 Relevance: .2, Instructions: 158COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ebf1c1a76cc33b29d70a96688345b93b081d77bedee19c732f95166d16f10598
          • Instruction ID: e30e3c9c21cda450a2aab61696745f60ca1b477b393d0d342f3565a0b67fa48d
          • Opcode Fuzzy Hash: ebf1c1a76cc33b29d70a96688345b93b081d77bedee19c732f95166d16f10598
          • Instruction Fuzzy Hash: 485170B3E14A214BD318CE09CD40631B692EFD8312B5F81BEDD199B357CA74E9529A90
          Function 01A6E443 Relevance: .2, Instructions: 158COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bbcb9b77f65b1a33b4c6e5b4e444f984e503744a73247414f70ee6c413d00abd
          • Instruction ID: b769ab3009c102277847e39c383d5b388d74194d22d8916266dd1e2a4c24f929
          • Opcode Fuzzy Hash: bbcb9b77f65b1a33b4c6e5b4e444f984e503744a73247414f70ee6c413d00abd
          • Instruction Fuzzy Hash: 4B516871200A15DFCB22EFA9CA84FAAB7FDFF58784F40042AE54297661E734E944CB50
          Function 01AD4180 Relevance: .2, Instructions: 156COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c91f52adbc9ab24779745d78d3b9964ac735b1ba89edfb4faedf7236b374871b
          • Instruction ID: 70c9a9b0eb11333550f6a3e44e0780453cb921b595c555ced51caeef3ed85809
          • Opcode Fuzzy Hash: c91f52adbc9ab24779745d78d3b9964ac735b1ba89edfb4faedf7236b374871b
          • Instruction Fuzzy Hash: C95187B16087028FD754DF2DC980A6BBBE5BFC8208F44492DF59AC7650EB30DA05CB92
          Function 01A545B1 Relevance: .2, Instructions: 156COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
          • Instruction ID: e43f8d9b91aa5f8a64e4b4774049da826006771f44ea4a45b65ef6b7aa1e5368
          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
          • Instruction Fuzzy Hash: 0F519271E0821AABDF55DF94C940BEEBBF5AF49754F044069EE01AB240E734ED84CBA0
          Function 01AAD800 Relevance: .2, Instructions: 155COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3ef4b29fe7070d70546ddd640b38bd52374a702d73c4f5409a843f13236ba061
          • Instruction ID: 0a419217c6e08e2f5875ca1b1598e264e423b4223e22feb275ff47cf3802980e
          • Opcode Fuzzy Hash: 3ef4b29fe7070d70546ddd640b38bd52374a702d73c4f5409a843f13236ba061
          • Instruction Fuzzy Hash: 26510170A00216EBDB15DFA9C480ABEBBF5FF45700F844169E985DBE80E734D950CB91
          Function 01ABE9E0 Relevance: .2, Instructions: 154COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
          • Instruction ID: b16524437626dfc8eaf3c1431d016119bab96a566c8405dd2a709062289919bb
          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
          • Instruction Fuzzy Hash: 0C51A571D0025AEFEF219B94CDD4BEEBBBDEF00324F158669E51267192D7309E448BA0
          Function 01AF7571 Relevance: .2, Instructions: 153COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2408ec519448a9fc076690414db1e836fb9f973637c3c646f754c0ec9892cf7e
          • Instruction ID: b7e2bd405bd7f2ac2053973fe15c82878f58d71940d579ff9bb9dacc94f85a0c
          • Opcode Fuzzy Hash: 2408ec519448a9fc076690414db1e836fb9f973637c3c646f754c0ec9892cf7e
          • Instruction Fuzzy Hash: 4251F431A0012AABDB25DFE8D884A7EBBB5FF48350F14412DFA05E7254DB70AD15CB80
          Function 01AF8B28 Relevance: .2, Instructions: 152COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2e569581cfa1f4c158bcc575860f5ca8d85d3416432f580d2901794628128719
          • Instruction ID: 3390bebbd110fe3528324bd64e84e71831abe0fe48772a63a0a9d7c6fb5a263d
          • Opcode Fuzzy Hash: 2e569581cfa1f4c158bcc575860f5ca8d85d3416432f580d2901794628128719
          • Instruction Fuzzy Hash: 2941E5707016159BD729DBADC995B7FBB9AEF90620F08821DFB55C7280DB3CD802C691
          Function 01ABCBF0 Relevance: .1, Instructions: 148COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7c55285ea155623d3e26aa69e77b1806a0591deafa45fc7b0120c9eb8730cb8f
          • Instruction ID: 65b7dfa7ce27107a901056882d2b20fa543b54d70c85dece887a047504e26e1d
          • Opcode Fuzzy Hash: 7c55285ea155623d3e26aa69e77b1806a0591deafa45fc7b0120c9eb8730cb8f
          • Instruction Fuzzy Hash: 12518E75A00256DFCB30DFA9C9C0EEEBBB9FF98324B144519E905A730AD730A905CB90
          Function 01A6A430 Relevance: .1, Instructions: 139COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 29e7f2552fba67b3cc51d5ad25d2e35a26053094110be9d0e908172fdf94475a
          • Instruction ID: 3dcd470af3f08e1582104f531ae4d2086c4d48cc2ac70ea82e01226cc991bc54
          • Opcode Fuzzy Hash: 29e7f2552fba67b3cc51d5ad25d2e35a26053094110be9d0e908172fdf94475a
          • Instruction Fuzzy Hash: 734139717402219BCB39EF68DD80B6A7779EB55318F04102DEE0AAB242D7B1D804CB51
          Function 01AFA9D3 Relevance: .1, Instructions: 139COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
          • Instruction ID: c3a4143c3e5aef6de10b6fd1ae9af26eb04e83859ba0c645f62d26e976db2721
          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
          • Instruction Fuzzy Hash: 8641FA716047169FD725DFA8C984AAAB7A9FF80210F05462EFB5A87240EB31ED1CC7D0
          Function 01A601F8 Relevance: .1, Instructions: 138COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 01652c5fb0eee98a61bebac3d462f1548ef70fcad4fe4881e724bcd7acecca0a
          • Instruction ID: d6e83996862d877e9ee032bf44b1df7cc63884973faa5dcc1778953256dbc903
          • Opcode Fuzzy Hash: 01652c5fb0eee98a61bebac3d462f1548ef70fcad4fe4881e724bcd7acecca0a
          • Instruction Fuzzy Hash: CB41DD36900219DBDB15DFA8C640AEEBBB8BF88710F18816AF915F7240D7359D81CBA4
          Function 01A5EBFC Relevance: .1, Instructions: 138COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 29f1ec3767bed5ea8134584931db7056acaf05649ce9dd99cfdafc47b86852ae
          • Instruction ID: f9b6711a01c439b19ecc5cb3123b3a0c114df51e07eb8e668c369fe74aad7b2e
          • Opcode Fuzzy Hash: 29f1ec3767bed5ea8134584931db7056acaf05649ce9dd99cfdafc47b86852ae
          • Instruction Fuzzy Hash: 0341B6722083019FDB65DF28C984A67BBF9FF88214F04482EF957C7611DB35E9488B91
          Function 01A72750 Relevance: .1, Instructions: 137COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
          • Instruction ID: 478fd4d295385ed8839fa5c75721f3a126cfe33107d397d6f2acbf087d6ad418
          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
          • Instruction Fuzzy Hash: 29515975A00215CFDB15CF98C580AAEF7F2FF84710F6881A9D915A7351D770AE82CBA0
          Function 01A36154 Relevance: .1, Instructions: 133COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 73bbdd774134e13d21032b6393b9c7ef0ae20b705965eb5b1f88c3af982805c6
          • Instruction ID: c1d038bf6219ee880d7ab93bb5f6a10f64630696eac78c80c036e6da99de4abf
          • Opcode Fuzzy Hash: 73bbdd774134e13d21032b6393b9c7ef0ae20b705965eb5b1f88c3af982805c6
          • Instruction Fuzzy Hash: 3E51E470900256EBDB358B68CD04BF8BBB5FF51314F1482A6F529972C1E7749A81CF80
          Function 01A30BCD Relevance: .1, Instructions: 130COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d8e40cccee20537def34c2a3803c1dba5ddd38b25da17f97a917e9c63364232a
          • Instruction ID: b5ff87a268dd263e582358fac13ac8235e4363d66cccabd6f8f4588a1f3655fa
          • Opcode Fuzzy Hash: d8e40cccee20537def34c2a3803c1dba5ddd38b25da17f97a917e9c63364232a
          • Instruction Fuzzy Hash: 3E417271A00329DBDB61EF68CA40BEA77B4FF85750F0500A5F908AB241D7749E88CB95
          Function 01AF866E Relevance: .1, Instructions: 129COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
          • Instruction ID: 92c157db93e19563503151d6fa14bfbd44d12c3fe315803f961e077d1759e895
          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
          • Instruction Fuzzy Hash: 1641A475B00205ABDB15DFD9CD85AAFBBBAAF88640F14406DFA04A7341D778DD05C7A0
          Function 01AFF0E0 Relevance: .1, Instructions: 129COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e91b4ea9dab1b858285fb9e401492e359eaee9dded57a523177b2c38fab0c34d
          • Instruction ID: 8711a2431505390930c9f8cc7684fb2cb68acf89a419fd4aa334bd131d1ea7d4
          • Opcode Fuzzy Hash: e91b4ea9dab1b858285fb9e401492e359eaee9dded57a523177b2c38fab0c34d
          • Instruction Fuzzy Hash: 1941DD752083418FD709CF69D8A497ABBE1EBC4325F05895EF9D58B282CB30D809CBA1
          Function 01A30887 Relevance: .1, Instructions: 128COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 63ab4a509aeda136ef2b7d55b3775603ca93383299740bf0302ed3a8521f5746
          • Instruction ID: 7f4843f7d53d53a73ff40415455ecf81f5b7ad5dfcd5940c8ecaecee38c07969
          • Opcode Fuzzy Hash: 63ab4a509aeda136ef2b7d55b3775603ca93383299740bf0302ed3a8521f5746
          • Instruction Fuzzy Hash: F841AEB06007029FE325DF28D680A22BBF9FF88314B148A6EF556C7A51E730E845CB90
          Function 01ADD5B0 Relevance: .1, Instructions: 128COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b6bde786571bfbf0d13ef4732ecf81c87be4f8a907db42ded5fd0ff3424e69ef
          • Instruction ID: 37a931f8fb0c389745aa22d374db98aaf0456d8ad7d67cd4ec9a363f89e595a7
          • Opcode Fuzzy Hash: b6bde786571bfbf0d13ef4732ecf81c87be4f8a907db42ded5fd0ff3424e69ef
          • Instruction Fuzzy Hash: 13410230A186959FCB15CF6CC495ABAFFF1AF59300F098489E5C68B286C734A456DBA0
          Function 01A5A470 Relevance: .1, Instructions: 127COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 65fc8213b5bb1fd48f3de7b4968f28712c2c04fb943cfe9f31a138e6ca9079c5
          • Instruction ID: 30a04bd61489a7b2f596a389fa796e535c06699d868bba06e8920d1b054f8f6c
          • Opcode Fuzzy Hash: 65fc8213b5bb1fd48f3de7b4968f28712c2c04fb943cfe9f31a138e6ca9079c5
          • Instruction Fuzzy Hash: 0D412132A08205CFDF61EF68D994BED7BB0FF58314F1806A5D915AB692DB309944CFA0
          Function 01A38BF0 Relevance: .1, Instructions: 124COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d3033c8931f256a2fc31c98ae9cee2b7a2dc5658e486dd24989a771d4943c13a
          • Instruction ID: d4484be9e545128019c50fe2c2bddc727d8b7323b9c1d15d48775edfc717a26c
          • Opcode Fuzzy Hash: d3033c8931f256a2fc31c98ae9cee2b7a2dc5658e486dd24989a771d4943c13a
          • Instruction Fuzzy Hash: F4410272900202DBDB34EF58C984BAABBB1FFD4704F15822AF9059BA55C73DD846CB90
          Function 01A28918 Relevance: .1, Instructions: 123COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5054474b17558c953fcf53b95d7dee517be26cb09cb38c9c8fed8522ec4f2fd3
          • Instruction ID: 0b03a75eba4f5b7b627adabb606bf05f25b926c5b4ed053baf8d926e67f91036
          • Opcode Fuzzy Hash: 5054474b17558c953fcf53b95d7dee517be26cb09cb38c9c8fed8522ec4f2fd3
          • Instruction Fuzzy Hash: 894160316083169ED312EF69C940B6BB7E9EF88B54F44092AF984D7250E734DE458BA3
          Function 01A2A020 Relevance: .1, Instructions: 122COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
          • Instruction ID: ce1b378547ce7a85d27e3fb8666a98baaeb621e41021f723564c52e817d04b02
          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
          • Instruction Fuzzy Hash: 23416E31A08221DFDB25EF5C84407BEBB71EB50774F19C06AE9458B641D63BDD40CBA0
          Function 01A309AD Relevance: .1, Instructions: 122COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 26ff3d8eebf639bbd1761aa6b6821da6cc984ba09b64755eb75e9d8c10f07064
          • Instruction ID: d6b8081c33758cf0fd4ae10f091fc4b87f4ce3ba71a7762d2fc7055159984da7
          • Opcode Fuzzy Hash: 26ff3d8eebf639bbd1761aa6b6821da6cc984ba09b64755eb75e9d8c10f07064
          • Instruction Fuzzy Hash: 514156B1A40701EFD721DF28D940B26BBF5FF98714F248A6AF449CB251E771E9428B90
          Function 01A60710 Relevance: .1, Instructions: 121COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
          • Instruction ID: 38799266d594fb53fb4434cd8e2caa5b52fd342091ead98c267811f271920f8f
          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
          • Instruction Fuzzy Hash: 87414F71A00705EFDB25CFA9CA80AAABBF8FF18700B10496DE556D7690D730EA84CF50
          Function 01A3262C Relevance: .1, Instructions: 119COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 87dbd2f9ef39e4ec983e9dae16b2af791556c16ed5936df5ee4c5e413f57b7a4
          • Instruction ID: beb8beb2f750f0766015e2679f6162f570605404d0e3a41e3ff3bb19a750c839
          • Opcode Fuzzy Hash: 87dbd2f9ef39e4ec983e9dae16b2af791556c16ed5936df5ee4c5e413f57b7a4
          • Instruction Fuzzy Hash: 4841C1B1901711DFCB26EF28CA00B69B7B1FFD4310F1482ABE41A9B2A1EB309941CB51
          Function 01A6C8F9 Relevance: .1, Instructions: 116COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 82c14f767422339e8fa7ec2de5578426be8e3ba045abb7108c3e6e94b8e1c04d
          • Instruction ID: c01c08e1e20a48589ac2192e55e618691317946bbe8713446b6a0df52d0087c3
          • Opcode Fuzzy Hash: 82c14f767422339e8fa7ec2de5578426be8e3ba045abb7108c3e6e94b8e1c04d
          • Instruction Fuzzy Hash: 213189B2A00345DFDB16DFA8C540799BBF4FB09724F2081AED119EB291D3369902CF90
          Function 01AFEEDB Relevance: .1, Instructions: 113COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 48775cbb4afa35e241a7f2b40a95cd270a0ae3f8a1b3595bdc60702b5a734fcc
          • Instruction ID: a87095946eb5e40e0d178f8ada965eb0f141b5fe4940ec9646b10be17739d991
          • Opcode Fuzzy Hash: 48775cbb4afa35e241a7f2b40a95cd270a0ae3f8a1b3595bdc60702b5a734fcc
          • Instruction Fuzzy Hash: 8741A533E0402A8BCB28CFA8D49157AB7F1FF4830475642BDE906AB295DB34AD05CB90
          Function 01A280A0 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4212d5026e9a848d82a2cbaa0d587ba5c10ee591ecaba76cc0bf376a0f73aaf0
          • Instruction ID: b5aaab84643e1fe61ac8fbde75ac5e4e660450a95b53f3aac932d4f9aeb91d65
          • Opcode Fuzzy Hash: 4212d5026e9a848d82a2cbaa0d587ba5c10ee591ecaba76cc0bf376a0f73aaf0
          • Instruction Fuzzy Hash: F741B171A05726AFDB15DF5CCA406A9B7F1BF54760F248229F816A72C0D738ED418B90
          Function 01AB05A7 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 55cd06b6db1037229fdfb4959e78dd76f1ce3b841a53026feebbe87a1e763fb3
          • Instruction ID: c3e4e275cff61880bd0c1fd9f06eea7d767cbe7a15ef1e870e7771e578e97b1b
          • Opcode Fuzzy Hash: 55cd06b6db1037229fdfb4959e78dd76f1ce3b841a53026feebbe87a1e763fb3
          • Instruction Fuzzy Hash: 9241D2726047829FC320DF68CA90AABB7F9BFC8700F144619F99487681E770E904C7A6
          Function 01A34859 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2ebdef5a401fb432c0df3317ff38a90e7ca04659cf9506a7508917516cb91122
          • Instruction ID: dd26a791edf25f675272f109a1793c924914e012c5b3a6e65051be1cf159d26a
          • Opcode Fuzzy Hash: 2ebdef5a401fb432c0df3317ff38a90e7ca04659cf9506a7508917516cb91122
          • Instruction Fuzzy Hash: 3B41BF306003028BDB25DF28D984B2ABBEAEFC8360F14446DFA45CB2A1DB70D845CB91
          Function 01A28B50 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 01678993e0420dfd62309c4b1d45a2e9d44ac676133dffd502e8f85eea66e402
          • Instruction ID: cf773cd704ebd4109d8fe7ea33e4f607091c6b4029a1c78dfcb63159d31d42e8
          • Opcode Fuzzy Hash: 01678993e0420dfd62309c4b1d45a2e9d44ac676133dffd502e8f85eea66e402
          • Instruction Fuzzy Hash: EB41A571E01625CFCB15DF6DC9809ADBBF1FF98320F14866EE466A72A0D738A941CB50
          Function 00E5DCE3 Relevance: .1, Instructions: 108COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
          • Instruction ID: 1c364c6c40b8242a47d59c1b45265310bf841540218e9257419a3eaa8e299ce2
          • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
          • Instruction Fuzzy Hash: 5B31725165C6F14ED31E836D08BD675AED18E9720174EC2FEDADA6F2F3C4888408D3A5
          Function 01A402E1 Relevance: .1, Instructions: 106COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
          • Instruction ID: e9d49a5bb82f70ac4707c4c231b424bbeab26557f01c3eddfe0d0705107068a5
          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
          • Instruction Fuzzy Hash: B4311831A04244AFDB229B68CD44BEBBFF9EF94350F088565F855D7352C774A984CBA0
          Function 01ADE3DB Relevance: .1, Instructions: 105COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cb8483b8e0fd500796f5e2970ce7bf68c9f3ffa51275ef6e006b29ce342ba106
          • Instruction ID: fb27d37d8588ed1078dd58152fdbb9052c64b6d5bd0e4e00e72058cfafcd57d5
          • Opcode Fuzzy Hash: cb8483b8e0fd500796f5e2970ce7bf68c9f3ffa51275ef6e006b29ce342ba106
          • Instruction Fuzzy Hash: 0231B975740716ABD7329F55CD41F6F76B8AF58B50F000028FA05AF292DAB5DC01C7A4
          Function 01AE4B4B Relevance: .1, Instructions: 104COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f5890aaec3b6a8f76f0621d89e3b67fb737cb482d0daec25364bbe30fb2e66ea
          • Instruction ID: 30f8e3a44c9be6c4146104501e57a116869301b6c44334170aa724d396a61da4
          • Opcode Fuzzy Hash: f5890aaec3b6a8f76f0621d89e3b67fb737cb482d0daec25364bbe30fb2e66ea
          • Instruction Fuzzy Hash: 5431CF326052018FC731DF19D884E26B7F9FBC8360F0A446EE999CB255D730A854CB91
          Function 01A34260 Relevance: .1, Instructions: 102COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1a2b8d89b32d5980d975ef6476c78719ce632a6bcd0479ff748be09de0bf35c5
          • Instruction ID: 96eb5f59bd6eda971fa4792921a2d72c2ecfddb6e6325a8e10941b3232a8a80c
          • Opcode Fuzzy Hash: 1a2b8d89b32d5980d975ef6476c78719ce632a6bcd0479ff748be09de0bf35c5
          • Instruction Fuzzy Hash: 2C419D71200B45DFDB22CF68CA81BD67BE9BF89354F058469FA9A8B250C774E844CB90
          Function 01AE4BB0 Relevance: .1, Instructions: 101COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4463aaa6a7eedea42bd7540dec82a3533b082cd1192a8fd8a573505f99184fa6
          • Instruction ID: d6aecef2196179dbda6e4cad09486cefe8e8f30a84b599046872c74a68fcd067
          • Opcode Fuzzy Hash: 4463aaa6a7eedea42bd7540dec82a3533b082cd1192a8fd8a573505f99184fa6
          • Instruction Fuzzy Hash: 2C31AB716042019FD720DF29D885A2AB7E9FBC8720F09496DFA59DB394E730EC14CB92
          Function 01AAEB1D Relevance: .1, Instructions: 100COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8ce6f3bfe0c073ea1724f3b961fcc2fb098a5f4ac46fba5a5b12754515b74eb8
          • Instruction ID: 77ae800eefc819f77f4b52a9262a5e5982115791c0bb89e91e9f661cec2b29ea
          • Opcode Fuzzy Hash: 8ce6f3bfe0c073ea1724f3b961fcc2fb098a5f4ac46fba5a5b12754515b74eb8
          • Instruction Fuzzy Hash: B031F3313416D29BF7225B6CCE4CB657BE8BF40B40F5D84A4AB868B6D2DB28DC40C270
          Function 01AF61C3 Relevance: .1, Instructions: 97COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2ab9f6bb24f6ebc8f57be2a987f4d4378534ee78f1e7ec3645adfaceb03b4268
          • Instruction ID: 43c251daee17db33c286a4235312b95694e3cb23bf636579fff6378960ed6b2a
          • Opcode Fuzzy Hash: 2ab9f6bb24f6ebc8f57be2a987f4d4378534ee78f1e7ec3645adfaceb03b4268
          • Instruction Fuzzy Hash: 2431B27AE00116EBDB15DFD8CD80BAEB7B5FB48740F454169FA04AB244D770AD01CB94
          Function 01AD483A Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8df3f15c46dd3902cfd2ccabf9ce35deeb4d47901d41a5eba8f45385ed4aa738
          • Instruction ID: e41df71e1080502423221a3812c2754e8e27e55b8040bfd442b0ce33565c7f29
          • Opcode Fuzzy Hash: 8df3f15c46dd3902cfd2ccabf9ce35deeb4d47901d41a5eba8f45385ed4aa738
          • Instruction Fuzzy Hash: AF318176A4012DABCF21DF55DD84BDEBBBAAB9C310F1000A5E909E7250CA30DE91CF90
          Function 01AF6BD7 Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6d7354a54c45d29d18a7189daecaef7e8bb0658efcba980232f794d2f8fc4960
          • Instruction ID: 5199e0d25ae8770c3112fceaebf344dcc16a1d1cd77ee016ba92d0e451a627ab
          • Opcode Fuzzy Hash: 6d7354a54c45d29d18a7189daecaef7e8bb0658efcba980232f794d2f8fc4960
          • Instruction Fuzzy Hash: 04316C31A002049BCB24CF69D9C5B5B7BF4FF89250B4584AAFA08DF249D370E949CBA4
          Function 01A5EB20 Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b77fba28c105fdde643f5b9c1de736bf6ae7335e1c0b8f46882cad59648b1a5e
          • Instruction ID: 3d379a400c1826107aa7061fbc4c48b1c9beeda83b6214647a3894bc3e366019
          • Opcode Fuzzy Hash: b77fba28c105fdde643f5b9c1de736bf6ae7335e1c0b8f46882cad59648b1a5e
          • Instruction Fuzzy Hash: CD31A472E04219AFDB71DFA9CD40AAEFBF9EF44750F018426E916D7250D2709F408BA0
          Function 01AF60B8 Relevance: .1, Instructions: 95COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e3beb42307d24851db98a3ec9ba2c4a70555b168f79efb155becf548fec31b77
          • Instruction ID: 8d2f1d5784423ed17589634fb24360cd80e0c1e6f833a9d18e17112a53fa8959
          • Opcode Fuzzy Hash: e3beb42307d24851db98a3ec9ba2c4a70555b168f79efb155becf548fec31b77
          • Instruction Fuzzy Hash: 5331D171B00716ABDB229FE9CD50B6ABBB9AF84354F14406DF609DB352DB30DD008B94
          Function 01A307AF Relevance: .1, Instructions: 95COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4fb0a383aa135e2d0c5db75991fab7c190e56755cb5e363d9bb90b5227135e09
          • Instruction ID: 310d1be0bcb6b297b3f8a960cfabcefcf2eef8138c2d1869c9d1a7aef174cf44
          • Opcode Fuzzy Hash: 4fb0a383aa135e2d0c5db75991fab7c190e56755cb5e363d9bb90b5227135e09
          • Instruction Fuzzy Hash: F131BF72A04752DBC723EF28CA80B6BBBA5AFD4660F054529FD59A7210DA30DC0187E1
          Function 01A38550 Relevance: .1, Instructions: 94COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 92b894389bfb30d3b88bab25f936e8f7e121b7c8956e0049da6d492685beae9e
          • Instruction ID: 06ed604cc8538d4db58bef0c43a9f4e1b20dde07e1df81198b88109bcc77596f
          • Opcode Fuzzy Hash: 92b894389bfb30d3b88bab25f936e8f7e121b7c8956e0049da6d492685beae9e
          • Instruction Fuzzy Hash: 64317A716093019FE721CF19C840B2ABBE5FF98710F094A6EF9899B291D775EC84CB91
          Function 00E7E8E3 Relevance: .1, Instructions: 93COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7969aa0752727e1554cee8d46dae4cafee785f79c7b74ad0643cabfa696fd974
          • Instruction ID: a27716b6577460ee9a633cb0eb786dcc0b6a5b32a0217ebf3c9404c10bcb6db2
          • Opcode Fuzzy Hash: 7969aa0752727e1554cee8d46dae4cafee785f79c7b74ad0643cabfa696fd974
          • Instruction Fuzzy Hash: C331CC72B00A265BD754CE3AD880256B7E6FB88320B54C679DA19D3B40E774F962CBD0
          Function 00E52F50 Relevance: .1, Instructions: 92COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463423251.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E50000, based on PE: true
          • Associated: 00000000.00000002.2463398501.0000000000E50000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e50000_VzJM9stirU.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4d89c1412caf9254ab50795eae9590a61496897269ea0fa85013a8c7723f8ca4
          • Instruction ID: ab0ada26b5074ab4aeb39354bd29db478b6ca975ed658aada871c00a87efe2bc
          • Opcode Fuzzy Hash: 4d89c1412caf9254ab50795eae9590a61496897269ea0fa85013a8c7723f8ca4
          • Instruction Fuzzy Hash: CC31AEB2B10A148FD368CE6DE841617F3E1EB88310B018A2DE999E7B40D674E9058BD0
          Function 01A6A6C7 Relevance: .1, Instructions: 92COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
          • Instruction ID: 5157fd565a7fc01747d95c7cc646ec2c889a9615881667ab2d51e6560c5ed54c
          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
          • Instruction Fuzzy Hash: FC312AB2B00B01AFD761CF69DE41B57BBFCAB08A50F08492DA59AD3650E734E900CB60
          Function 01ADEBD0 Relevance: .1, Instructions: 91COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 29f8dcf0963a7e30bd2ecb8d9d4f61d1c053088e603226be3e266c81f8899968
          • Instruction ID: d86c5f714a3ccfa8874c7e9c33ad1983071e196ffc2dae928e96f1b2b9c38a41
          • Opcode Fuzzy Hash: 29f8dcf0963a7e30bd2ecb8d9d4f61d1c053088e603226be3e266c81f8899968
          • Instruction Fuzzy Hash: 0C31A7B1505712CFCB25DF19C54096ABBF1FF89214F0449AEE8899B221D330D948CBD2
          Function 01A5438F Relevance: .1, Instructions: 89COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d8f6f43b47dd267add9b6d69170cf719a2b48e6a47ab89cca52c95f561a32cc8
          • Instruction ID: fb84f1723984952369cae408e876a2107f396f9a5c3c0903d0de864aeb340bfb
          • Opcode Fuzzy Hash: d8f6f43b47dd267add9b6d69170cf719a2b48e6a47ab89cca52c95f561a32cc8
          • Instruction Fuzzy Hash: 1931F631B042059FDB64EFB8C980B6F7BF9AF98304F00842AD905D7251E730E985CB90
          Function 01A2CB7E Relevance: .1, Instructions: 89COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
          • Instruction ID: 40a2b7dd2686ec716a129046bf757b6dec277994e4c59f9c5601670538a3f3b8
          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
          • Instruction Fuzzy Hash: AD21E636E4066AAADB11ABB9C841BBFBBB5EF54750F058036DE55E7340E270D90087A0
          Function 01A2C156 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7019f282c56097902acabbd88df70ce0d2bd311fac9bdf74332f00b0a8bd2905
          • Instruction ID: 45fd7fce3a1679cf396db162784d82d69e05184d1fb55f0cf39eada65f51d3ef
          • Opcode Fuzzy Hash: 7019f282c56097902acabbd88df70ce0d2bd311fac9bdf74332f00b0a8bd2905
          • Instruction Fuzzy Hash: 6531F7B15002118BDB35BF68CC41BB97BB4EF90314F5481A9ED869B3C2DA74D986CBA0
          Function 01AEC3CD Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
          • Instruction ID: e9e25ef6e8a94b749548bf0d0c3dad74c36e071398a6c2c617d67cdd7926cd2a
          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
          • Instruction Fuzzy Hash: C0213036600656B7CB15ABA5CD08ABBBBF4EF50720F40801AFE5587553E634D940C360
          Function 01A2E420 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1f5a90834bfd03b495caddbd657cbd24897a8c380a1a1c5f7a0d21288e8a5078
          • Instruction ID: 4e7766f8e2a3b648be8d6e7357d3aa8a0f1530a26b9cfca9308ae7d23e746559
          • Opcode Fuzzy Hash: 1f5a90834bfd03b495caddbd657cbd24897a8c380a1a1c5f7a0d21288e8a5078
          • Instruction Fuzzy Hash: A731CE32A0012C9BDB31DF28CD41BEAB7B9AF15740F0500A1E645AB291D6B5AEC08FA0
          Function 01A64588 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
          • Instruction ID: 6c1e122e3229ef30b12e2ce61931a68eb64abeaa6badd031ea9658ba7704f937
          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
          • Instruction Fuzzy Hash: 4D215375A00609EFCB19CF59C980A9EBBB9FF4C714F108065EE259F241D671EE45CB90
          Function 01A644B0 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5c46f8113b06dadcaca9316255790f9b065b04e5a7e06549d05d95ada12ea507
          • Instruction ID: 5c05ff30f368bc1e796f028b54de693a2b35338d84a0442892550479ce5856e3
          • Opcode Fuzzy Hash: 5c46f8113b06dadcaca9316255790f9b065b04e5a7e06549d05d95ada12ea507
          • Instruction Fuzzy Hash: 2D21BF726047459BCB22DF68CA80B6B77E8FF8C760F044529FD549B641D730ED008BA2
          Function 01A2E388 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
          • Instruction ID: c8803879a442bc930dae2c01eedd76470eca457acb0df99d9c99e30d523cb142
          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
          • Instruction Fuzzy Hash: BD31A731600614AFEB21DBA8C984F6AB7F9EF84314F1448A9E542CB681E730EE42CB50
          Function 01B003E6 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 628bc8a5d5de80fd83b24f1393be24e856e15cc771954b1ddd9786f62d477990
          • Instruction ID: 5dcd409a944ed9001bf94582ca1ecafe622465599045ddfb57e02ff99868c599
          • Opcode Fuzzy Hash: 628bc8a5d5de80fd83b24f1393be24e856e15cc771954b1ddd9786f62d477990
          • Instruction Fuzzy Hash: 02314171A00119AFCF19DFA5D894B9FBBB9FF88254F014169F909E7240DB30AD05CBA4
          Function 01AAE609 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c951191f2709d6108cbc7874a8da287998c10ae10f4842d0b1db25282ac5fa88
          • Instruction ID: f430f799cdc8fc7d21004ce370bb2e9d97c5796924c45601e32b124e39569f19
          • Opcode Fuzzy Hash: c951191f2709d6108cbc7874a8da287998c10ae10f4842d0b1db25282ac5fa88
          • Instruction Fuzzy Hash: 4831AE75A00205DFCB18CF1CC8849AEB7B6FF88304B55885AF8099B391E731EA44CB90
          Function 01B00591 Relevance: .1, Instructions: 84COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5b95a6e198bc49ff87497dd56f5de402391ee77efa87a40ea9599b685f75b934
          • Instruction ID: 36a44af4a51d07db5f82d173890d8dd4924d3e92d24bd3c12b00b50225910c8c
          • Opcode Fuzzy Hash: 5b95a6e198bc49ff87497dd56f5de402391ee77efa87a40ea9599b685f75b934
          • Instruction Fuzzy Hash: E721CE326002058FD72EDE29CC807A6BBA2EBD4350B6545B8FA05CB285D731F845C750
          Function 01AB06F1 Relevance: .1, Instructions: 79COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6147f42468b688cb4cf440b1258b2192426b0026565611bc78c746fcec930a3b
          • Instruction ID: 868a523307d709c77b368e1233cc1b2384b46821308487cb3578cd73b86b0851
          • Opcode Fuzzy Hash: 6147f42468b688cb4cf440b1258b2192426b0026565611bc78c746fcec930a3b
          • Instruction Fuzzy Hash: 14218D71900629ABCF21DF59C981ABFB7F8FF48740B540069F941AB241D778AD42CBA1
          Function 01AB019F Relevance: .1, Instructions: 78COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2238c143811a3377f70a80611322e00a6add8f7c82eb8145279ebf7ed8b152ac
          • Instruction ID: 3a6d0ff7a4d739134e0a0cdc95171841f806393fe86c3c08a95b0369e548535a
          • Opcode Fuzzy Hash: 2238c143811a3377f70a80611322e00a6add8f7c82eb8145279ebf7ed8b152ac
          • Instruction Fuzzy Hash: F521BC71600645AFDB25DB6CDA80F6AB7B8FF88740F140069F904DB7A1D638ED40CB68
          Function 01AB0283 Relevance: .1, Instructions: 74COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d64d682625740bfac007637e6c7dc0738113f94f599251839b7f9c6eb31ecc1c
          • Instruction ID: 9eacd3995133299c020881de03ab045072e1d74c7b7218507c86e292b8be22fa
          • Opcode Fuzzy Hash: d64d682625740bfac007637e6c7dc0738113f94f599251839b7f9c6eb31ecc1c
          • Instruction Fuzzy Hash: 1921C5729053869FD711DF69CA88BABBBFCBF90240F084456BE80C7252D734D948C6A1
          Function 01A52835 Relevance: .1, Instructions: 73COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2a2e2e88dd4ddbdbfed3801fd0fd79310bf5544bdcb7ea985804ef8af769b7c9
          • Instruction ID: 807209a0404134d977e1a02e022fd4288d3e5daf330ba8cf28a265e438c584b4
          • Opcode Fuzzy Hash: 2a2e2e88dd4ddbdbfed3801fd0fd79310bf5544bdcb7ea985804ef8af769b7c9
          • Instruction Fuzzy Hash: 4221F932709691DBEB23576C8D44B253BE4AF41774F2D0362FE609B6E2D778C8458240
          Function 01B001AA Relevance: .1, Instructions: 71COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 00bd1c8bcd920bf2d913e4c2ec5d95b243603cdb52bdaf999a0c29e30beec1de
          • Instruction ID: 8893c54552aca42ce95c1559ff4c8306bc04e25829ddf442616863236d17c9f1
          • Opcode Fuzzy Hash: 00bd1c8bcd920bf2d913e4c2ec5d95b243603cdb52bdaf999a0c29e30beec1de
          • Instruction Fuzzy Hash: 3B21E4652042504FE706CF1A88B44B6BFE5EFC6225B0A81E6E8C4CB747C535990AC7B0
          Function 01A6A30B Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 02d35b91ec1e574fa6c294fde80687b117e34d47d6e7e3871a0667c29f015b1f
          • Instruction ID: 6390c162e20751a9472ec61642c953d8b6df9c151f8839b8645ea3ecf470b022
          • Opcode Fuzzy Hash: 02d35b91ec1e574fa6c294fde80687b117e34d47d6e7e3871a0667c29f015b1f
          • Instruction Fuzzy Hash: 3321AC792006119FCB25DF29C901B56B7F5BF58704F1884A8E549CBB61E371E846CF94
          Function 01AEA49A Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1074c50c37325d9558297422fda58e2b13e7e9f6dd3f64e5299af0bc3a53af4d
          • Instruction ID: 3537777749fcb98543e70cffd9366fbfa54aafe86f27882601436d6b18cfa0a5
          • Opcode Fuzzy Hash: 1074c50c37325d9558297422fda58e2b13e7e9f6dd3f64e5299af0bc3a53af4d
          • Instruction Fuzzy Hash: 63112972380B11BFE72256799C05F2776D9DBD4B60F150428F708CB284EB70EC0187A5
          Function 01AB0946 Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f2caa184a904910e1514e412bc9ec102c745bf8149a6c92c32235ecbd69d70fe
          • Instruction ID: 55eb04dc122a794d0c964e5492cc7055c53c8fe5e09dec98b9dcfcf7133dcd11
          • Opcode Fuzzy Hash: f2caa184a904910e1514e412bc9ec102c745bf8149a6c92c32235ecbd69d70fe
          • Instruction Fuzzy Hash: 9B21E6B1E00259ABDB24DFAAD9809EEFBF8FF98710F10012EE505E7251D7749945CB50
          Function 01AC80A8 Relevance: .1, Instructions: 69COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
          • Instruction ID: 00b28d2af23647e3fb964c00073a3b7fe2ed8875b378208250dd5b3d50f693f9
          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
          • Instruction Fuzzy Hash: AA218C72A00209EFDF129F98CC40BAEBBF9FF88720F204419F900A7251D778D9508B50
          Function 01AFEE26 Relevance: .1, Instructions: 69COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0ffbe366302c332f4e2227e9762475d14a22d379b90ed0cf649b9462d499d9db
          • Instruction ID: d97e2b9b4a109bd90525f3df4a33e5d17f3d17f4fce981e59432b70749ba8e6b
          • Opcode Fuzzy Hash: 0ffbe366302c332f4e2227e9762475d14a22d379b90ed0cf649b9462d499d9db
          • Instruction Fuzzy Hash: 9321B433A104119B9B28CF7DD844466F7E6EFCC31436A427AE512DB668D770BD158B84
          Function 01A60124 Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
          • Instruction ID: faa5e82d7278c99888bb822f6239d9169efe9bd6790c74c0d2ce365627e0fea2
          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
          • Instruction Fuzzy Hash: 9111E272600705EFD7229F58CE41F9ABBBCEB80754F110029F6008B180D675ED84CB60
          Function 01A38770 Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4213b12076303391b698706afe3f81a807f156a172cd3cd0c54e115732ed047a
          • Instruction ID: cde3aef7d474aeb3ad329b5ea06cd55eadb9dc00e252111b31d6c471417cb45b
          • Opcode Fuzzy Hash: 4213b12076303391b698706afe3f81a807f156a172cd3cd0c54e115732ed047a
          • Instruction Fuzzy Hash: 5E11E231701611DBDB16CF4DC580B16BBEAAFCA750B18416DFE08CF204D6B6E9018790
          Function 01A6AAEE Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
          • Instruction ID: 341ae50203ee2994eae0f49c9fa97654c723da213212cd727386a04289833124
          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
          • Instruction Fuzzy Hash: 7C215B72640A41DFDB369F49C540A66FBFAEB94B50F19887DE94AAB610C770EC01CF90
          Function 01A380E9 Relevance: .1, Instructions: 66COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 568e66e781cbb71da3fea52297a8b4cca303c4180681bb1f8a7dd79f6111cdf4
          • Instruction ID: c5aadab421f0b6b7c5929df54e55c997d922acd5bbca8c76b132b8f238201c26
          • Opcode Fuzzy Hash: 568e66e781cbb71da3fea52297a8b4cca303c4180681bb1f8a7dd79f6111cdf4
          • Instruction Fuzzy Hash: 7A216D75A00206DFCB14CF98C581BAEBBB5FB88718F24426DE505AB311CB75AD06CBD0
          Function 01A6674D Relevance: .1, Instructions: 65COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 443e7ac72c57976c85d2551fd5741c7762b5bf1e70ede7f2a49a742b0fffa384
          • Instruction ID: 939a64ff9eb48f1bacd3dc567626f99130c2fe5997b80d0ee2655acbc23985f8
          • Opcode Fuzzy Hash: 443e7ac72c57976c85d2551fd5741c7762b5bf1e70ede7f2a49a742b0fffa384
          • Instruction Fuzzy Hash: F7218971600A01EFD7318F69C881B66B7F8FF84250F44882DE5AEC7650EB74AC40CBA0
          Function 01A5E8C0 Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9df21e28806b79b8f294c8d7cb966450a02a78dfc3a6074e7bd367fd07b6aa77
          • Instruction ID: eae7e2eab2ec87010931db5c3f66386745cee7d3ed5a06e04804babbe84b624e
          • Opcode Fuzzy Hash: 9df21e28806b79b8f294c8d7cb966450a02a78dfc3a6074e7bd367fd07b6aa77
          • Instruction Fuzzy Hash: 731129333041209FCF1DDB29CD80A7BB666DBD5374B284539DD26CB250EA308C01C290
          Function 01AC6870 Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 98d381410db400a8de8319f2f28f5ca7a2bbe047642e4a9a0ee2dfbe5cbec240
          • Instruction ID: 0dd518f6da1cff7dc95f0538a78b42034688e55f5684929e82102b985a7b9143
          • Opcode Fuzzy Hash: 98d381410db400a8de8319f2f28f5ca7a2bbe047642e4a9a0ee2dfbe5cbec240
          • Instruction Fuzzy Hash: DF11A072240615EFC722DB9DCD40FDA77A8EF99BA0F114029F619DB361DA70E905CBA0
          Function 01A666B0 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ad253325e1026f9e28fd68b5b81b45f0af59c8c5716192e550c8a89b31b1f323
          • Instruction ID: 10760622004054084d1d27d0e9879e2d4bd8bda7d8e1a4752ad6a0da1b7b25ec
          • Opcode Fuzzy Hash: ad253325e1026f9e28fd68b5b81b45f0af59c8c5716192e550c8a89b31b1f323
          • Instruction Fuzzy Hash: 0711BC76A01245ABCB25CF59D580A5ABBF8AF94610F05407AED09AB311E638DD00CBA0
          Function 01AFA8E4 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
          • Instruction ID: bc499805b588ea294d3c1d1e14e358612d6cbdbe21bdd4822729f090fb67f7af
          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
          • Instruction Fuzzy Hash: 84110436A00915AFDB19CB98CC45B9EBBF5EF84210F058269F955D7340E635AD01CB80
          Function 01A30AD0 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
          • Instruction ID: 1261e746785b5b862af489aad54507e4b04d53696c0dabe1b7182dc011037004
          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
          • Instruction Fuzzy Hash: 2E2106B5A00B059FD3A0CF29C541B52BBF4FB48B20F10492EE98AC7B40E371E814CB94
          Function 01ABE7E1 Relevance: .1, Instructions: 59COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
          • Instruction ID: 87cf9c8807574935d39c95759b5fabd9a00ceeb5a01f905e3da006256f7e712b
          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
          • Instruction Fuzzy Hash: F011C631600A41EFE7329FC9C980BD6BBE9EF45754F058428FA099B162D771DC40D790
          Function 01A527ED Relevance: .1, Instructions: 58COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 24fdfa54b835c538a87783b468b0c7fceb16b4127375e5c1d798d914d9e0cd33
          • Instruction ID: 04663471040e2e61aa8babc3f591b62c8c89ff6113d9155558babd900e0fac4f
          • Opcode Fuzzy Hash: 24fdfa54b835c538a87783b468b0c7fceb16b4127375e5c1d798d914d9e0cd33
          • Instruction Fuzzy Hash: 1201D231709685ABE727A3AED984F676BECEF90394F094076FD018B651DA24DC04C2A1
          Function 01A34690 Relevance: .1, Instructions: 57COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b6373b475637e6c3d012c67cae4e80be9638c026fe361613fe9bdb6c7fa19e57
          • Instruction ID: d1be97c924a34061eeb162c06b998f50ce20b84521ea2a72db0a340a23662c74
          • Opcode Fuzzy Hash: b6373b475637e6c3d012c67cae4e80be9638c026fe361613fe9bdb6c7fa19e57
          • Instruction Fuzzy Hash: 0511CE76200645AFDB37CF59D980F567BA8EBCAB64F044119F9048B690C370E800CF60
          Function 01B04B00 Relevance: .1, Instructions: 57COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cdff41df32d0f0700ebbcbbc8ad1d3b519cdac6a47a174c37edabb899eb134a6
          • Instruction ID: 34ac844809d22a294013c9b878cf4f3bc41a5413d4ffd57c8502ff19d7a03ad1
          • Opcode Fuzzy Hash: cdff41df32d0f0700ebbcbbc8ad1d3b519cdac6a47a174c37edabb899eb134a6
          • Instruction Fuzzy Hash: 9B110632200A119FD7279A29D940F26BFA5FFC4310F144559EB86C72D0DB30E802C790
          Function 01A66620 Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 46a61b090f1e921445f028b13eda2f853ac5d1d78354ba1623c31c6b33c19ee9
          • Instruction ID: 9eb230cfa4458ac1eec74f7b0390b1152695b871d6dfd4e25faa872aaeb29e00
          • Opcode Fuzzy Hash: 46a61b090f1e921445f028b13eda2f853ac5d1d78354ba1623c31c6b33c19ee9
          • Instruction Fuzzy Hash: 0311E576A00716ABDB26EF5DDA80B9EFBBCFF84750F500454EA09A7200D770ED058B90
          Function 01A5EA2E Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 28ae6d4fbdc2323358c65c912ab33feb4af32a9585a30eadf0923cc9b3a43770
          • Instruction ID: 9a52f4bb121c282376524905163dd6eb9ee01bdc1f954db544d8e5c75467354c
          • Opcode Fuzzy Hash: 28ae6d4fbdc2323358c65c912ab33feb4af32a9585a30eadf0923cc9b3a43770
          • Instruction Fuzzy Hash: 3801DE71504109AFC335DF28D504FA6BBF9EB81315F2081AAE5088B261D770AD86CBA0
          Function 01A5E53E Relevance: .1, Instructions: 55COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
          • Instruction ID: 4d73e0b1fda59774a3bb91506fcca893a05ab531c03d42cde1971aa6c276e0dc
          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
          • Instruction Fuzzy Hash: 8811A57260A6D29FEF63972CC954B257FE4AF41758F1D04A1DE41C7A52F738C982C250
          Function 01ABE75D Relevance: .1, Instructions: 54COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
          • Instruction ID: e851cd9a1194ff8f6b421134672d6b7a00f3af096d460b786aff22d00269b696
          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
          • Instruction Fuzzy Hash: A501F572600145AFE7219F58CD80FDBBBADEF80750F058024FA059B262E775DD80C790
          Function 01A2A250 Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
          • Instruction ID: b5ea237598875cfa6c8937463a695d6f426f80f195b815d04fa7f08a767adc3c
          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
          • Instruction Fuzzy Hash: 2D01D6725057329BCB318F1DD840A367BB6EF56760705892DFD958BAA1D735D400CB60
          Function 01B04940 Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d6703f9553a707c6b722c7f8ca05aaf66bcc65c9bb2b453555ee20943a674b40
          • Instruction ID: 6e4fe9b1109772f7d97f88ee071a33bbd59690a4627b9a0a7486343e6203a0a1
          • Opcode Fuzzy Hash: d6703f9553a707c6b722c7f8ca05aaf66bcc65c9bb2b453555ee20943a674b40
          • Instruction Fuzzy Hash: 00010032441611AFC337DF1C9904E22BBA8EB81370B2642B5EAA89B1E2D730D801CBC0
          Function 01AAE1D0 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 845763f9e4277986ea0ccceb900137bb4f3461aa5af7356750c6a7d97d46d7f6
          • Instruction ID: 0d655a3fe5149c069dbe6f6685b0609670490b2f5b590aaa3cae02c3d1c5309c
          • Opcode Fuzzy Hash: 845763f9e4277986ea0ccceb900137bb4f3461aa5af7356750c6a7d97d46d7f6
          • Instruction Fuzzy Hash: C4118E31241241EFDB16EF19CD80F56BBB8FF94B54F140065F9059B661C335ED01CA90
          Function 01A36259 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3b0ecbe597337be8f91c046e7d74154c12be70fd1700fdfe4201cc3afad5c7e6
          • Instruction ID: ae97fbbc73c1def3d6b13afc9acfd2e170bb1e4be0398eff755218e33837f931
          • Opcode Fuzzy Hash: 3b0ecbe597337be8f91c046e7d74154c12be70fd1700fdfe4201cc3afad5c7e6
          • Instruction Fuzzy Hash: E1114870941229ABDB65AB64CE42FE9B2B8EF84710F504195A318A60E0DB709E85CF84
          Function 01A3208A Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
          • Instruction ID: a9414733230557105e67e5b26aa461cd84e6e10d65ccd2633bd476c36677ebee
          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
          • Instruction Fuzzy Hash: 340128322002118FDF15AB2DD880B66B767BFC5710F1944A6FD458F246DA71CC85C390
          Function 01AB6050 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 931ef178c45637c1c7058b89bc6354bc40d305470923d2fcd2cdbc9c281e1eda
          • Instruction ID: a6905dd8dcd7e049b97a049166edeb50d1efce4ddfdec92e5901968e1fa47eac
          • Opcode Fuzzy Hash: 931ef178c45637c1c7058b89bc6354bc40d305470923d2fcd2cdbc9c281e1eda
          • Instruction Fuzzy Hash: 58112973900019ABCB21DF95CD84DEFBB7CEF48254F044166E906E7211EA34EA15CBE0
          Function 01AC6500 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3596c4264d9214eaae4b19595922c1b06474885472334045b8034e397d5a1dc7
          • Instruction ID: 9e48d1d009a29f2b5b4851b145485d41b8be47bcbe70dad01cfab3eac2579eb8
          • Opcode Fuzzy Hash: 3596c4264d9214eaae4b19595922c1b06474885472334045b8034e397d5a1dc7
          • Instruction Fuzzy Hash: 2B11043264014ADFC311CF68C800BA2BBB9FBAA714F188159E848CB315D732EC80CBA0
          Function 01ABC810 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2858ccebeb713a43c5d0f5a0969cac6fb2d0ef213c7378ef8da3eb0cba5be7b3
          • Instruction ID: dcdf0af671e5b2963eb88215a45518900eb1a6204cc90b84657a90367d0e7f32
          • Opcode Fuzzy Hash: 2858ccebeb713a43c5d0f5a0969cac6fb2d0ef213c7378ef8da3eb0cba5be7b3
          • Instruction Fuzzy Hash: 631118B1A002599BCB00DFA9D581AAEBBF8FF58250F10806AE905E7351D674EA018BA4
          Function 01ADEA60 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1859cbe77ccccf5d10237a0fd0fa2b35f94bfa18762da25a8db4d8b95130c9a4
          • Instruction ID: 632cf83c25d98287834bbf81c67cdd6ee4523268c9fb1532561ba19ebdd22e28
          • Opcode Fuzzy Hash: 1859cbe77ccccf5d10237a0fd0fa2b35f94bfa18762da25a8db4d8b95130c9a4
          • Instruction Fuzzy Hash: 3701B1321406229BCB36AB29C540E76BBB9FF91692F44446AF5465F221CB249C41CBD2
          Function 01A720F0 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c3f0520251526820a8eac02f9402f480e11dee46d4152d9e33fba76aa9e2ef85
          • Instruction ID: 6fc0c37378f5da6d245ff1abd2469ff1b29a7f897ac83d80ccd2dc905bb99266
          • Opcode Fuzzy Hash: c3f0520251526820a8eac02f9402f480e11dee46d4152d9e33fba76aa9e2ef85
          • Instruction Fuzzy Hash: 18116935A0020DEBDF15EFA4DD50FAE7BB9FB48240F008059E9019B290DB35AE11CB90
          Function 01A2C020 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
          • Instruction ID: 9e64dc24c68467e1448106d089aa2f6c6ccf2b832547e52cff5641b18c54b19f
          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
          • Instruction Fuzzy Hash: E00128321007059FEB26A7BDC900EAB77F9FFC5264F04881AEA468B580DE74E401C760
          Function 01A6E5CF Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 06b44fc4a00d321553924c05f4c28ce6b2cbf7155c3ea5219ac8ee64bf70c779
          • Instruction ID: 5ae8c671b3f6c0351f0f0d938cb5f653babe3570ff8a6afd1620f0dc4bd23667
          • Opcode Fuzzy Hash: 06b44fc4a00d321553924c05f4c28ce6b2cbf7155c3ea5219ac8ee64bf70c779
          • Instruction Fuzzy Hash: C601F771201511BFC711BB39CE40F23BBACFF94654B000626B50987551DB74EC05C6E0
          Function 01AC69C0 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7c47b1dffd4edb83ac6db29cadce97a6013bd0ab90f61e977a028862772d011c
          • Instruction ID: 08f2e29e7d27b95402dbebd1522b8f6110f2ebde7b61ccefcb20e5cc2372d8a6
          • Opcode Fuzzy Hash: 7c47b1dffd4edb83ac6db29cadce97a6013bd0ab90f61e977a028862772d011c
          • Instruction Fuzzy Hash: 7001F732224212DBD724DF6EC8889A7BBB8FF98A60F11462DE95D87280E7309905C7D1
          Function 01ABC460 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 43609845ba0b56cb8726cc3032d061351f3b74c390aed6c055888684520400df
          • Instruction ID: 38150c7f45e328fd9180a30a73c7e4a3cd485d3c61bd838c3c180778cc62ea9d
          • Opcode Fuzzy Hash: 43609845ba0b56cb8726cc3032d061351f3b74c390aed6c055888684520400df
          • Instruction Fuzzy Hash: 87115B71A00249EBDB15EF68C984EEE7BB9EB48250F004059F90197346DA39EE11DB90
          Function 01ABC97C Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9fb52e1af68f2b73805c22fdd6d73e1791601071e21c87b6ec3b6b0de387f3ac
          • Instruction ID: 564ba076c8ae25c247111704143d2e0a22b7155b4fe837de35e3dc878c53825e
          • Opcode Fuzzy Hash: 9fb52e1af68f2b73805c22fdd6d73e1791601071e21c87b6ec3b6b0de387f3ac
          • Instruction Fuzzy Hash: 771139B16183499FC710DF69D98199BBBF8FF98710F00891AF998D7395E630E901CB92
          Function 01B04A80 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
          • Instruction ID: ac586e0cb3919ab4c7fd5b254a4027cbcf2243b3d092c2e46275cc143785867f
          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
          • Instruction Fuzzy Hash: CC01D8322046019FDB2A9AA9D844F57BFE6FFC5310F044859EB438B690DB70F880C754
          Function 01ABCA11 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fc9a04727facad66a2740270c990a2c37c00dee3f6e4fc1f53cec8d59a10dcfd
          • Instruction ID: 47bd3a7524813d94df4a6bb9993324b44c2892112ea0f9561a6cdfd43b6212f5
          • Opcode Fuzzy Hash: fc9a04727facad66a2740270c990a2c37c00dee3f6e4fc1f53cec8d59a10dcfd
          • Instruction Fuzzy Hash: AF115A716043049FC710DF69C98195BBBE8BF99350F00851EF958D7355E630E9008B92
          Function 01A4E016 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
          • Instruction ID: 54530651306aa5da5c5a510399863b68c77f6f5504043d4421f23c142fe60190
          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
          • Instruction Fuzzy Hash: 2A015632240A809FE322971DCA48F777BE8FFC5764F0D44A5E915CBAA2D628DC40C621
          Function 01A2826B Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f3462dd1ce5e11b7d454594b3e3cb37240f9e5149e6b8317edcbae50e8c44887
          • Instruction ID: 4378c30a80613e0431d9105b52eabc86f6a1f36d3df7539b59571b8b44189987
          • Opcode Fuzzy Hash: f3462dd1ce5e11b7d454594b3e3cb37240f9e5149e6b8317edcbae50e8c44887
          • Instruction Fuzzy Hash: 0701F232700515DBD718EB6DEE50AAF77FDFF85210B194029EA02A7680EE34DD01C790
          Function 01ADEB50 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 5b1a0510d63263caa8895052384748b5542a38ad2e41cc48b7387d32233dcf31
          • Instruction ID: b095e1545a6316e62252ff60e6c758159367de28e6579079ea658748e7bc99da
          • Opcode Fuzzy Hash: 5b1a0510d63263caa8895052384748b5542a38ad2e41cc48b7387d32233dcf31
          • Instruction Fuzzy Hash: 6701A271280B11AFD3355F29D941F56BAA8EF99B50F01482AF60A9F3A0D7B4A8408B94
          Function 01A32582 Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3bb6d717fe16b87b39b7d1cf41ced0fe95317494cba913621d386c2d6334792d
          • Instruction ID: ca2c1e237b0133e2355bf6bfd96f4bddaddd898ccebf93d8b53f47f259d08879
          • Opcode Fuzzy Hash: 3bb6d717fe16b87b39b7d1cf41ced0fe95317494cba913621d386c2d6334792d
          • Instruction Fuzzy Hash: A4F0F472A41B21BBC7319B5A8D40F17BAA9EFC4A90F044029B60597640DA34ED01CAA0
          Function 01A5C073 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
          • Instruction ID: 15e8a9b437f66c0eac052338063b44af639348313adbb6531e23b666f878a077
          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
          • Instruction Fuzzy Hash: B5F0C2B2A00611ABD334CF4DDD40E57FBEEDBD1AA0F048129A905C7224EA31DD05CB90
          Function 01A2C310 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
          • Instruction ID: fa6e34e6e31ebd7c877f870f88455440a2cc69d393cc4f415c6981c2e5ad9da9
          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
          • Instruction Fuzzy Hash: 12F0FC732446339BD732175D4940B6FE5A58FD5AB4F190435E6099B208CA648D0256D0
          Function 01B0634F Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 64238488ee817aaa5b9954cc06beb116123e9616d2edef5c0245acb18600ba71
          • Instruction ID: 56021dda2a527c4d8393b672b4a6b87053bff797b617140e9fef2528f9fe1dc7
          • Opcode Fuzzy Hash: 64238488ee817aaa5b9954cc06beb116123e9616d2edef5c0245acb18600ba71
          • Instruction Fuzzy Hash: 0E014F71A10209EFDB04DFA9D991AAEBBF8FF58304F10406AF904E7390D7749A019BA1
          Function 01B062D6 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dcb45eb45abef254ce0e2c0b950b59a6bc5cee5059706973054bb3b63cbb5b1a
          • Instruction ID: cf63d0fa1b1de5215bcba66d7b849bca2c59133fa0024d0d8e54e0f4887d8215
          • Opcode Fuzzy Hash: dcb45eb45abef254ce0e2c0b950b59a6bc5cee5059706973054bb3b63cbb5b1a
          • Instruction Fuzzy Hash: 54014471A0020AEFDB04DFA9D941AAEBBF8FF58304F50405AF914E7390D7749E018BA1
          Function 01B0625D Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 187b4b14d1eed4525a495346403f1e236ee2b15d1d7db4263bc28aad71ed78f1
          • Instruction ID: 3e1d7ae5aa641f1be9eae8b844c95492f75c31660c9b13c68e6032f81d5700f5
          • Opcode Fuzzy Hash: 187b4b14d1eed4525a495346403f1e236ee2b15d1d7db4263bc28aad71ed78f1
          • Instruction Fuzzy Hash: DF014471A10219EFDB04DFA9D9519AEB7F8FF58304F10405AF904E7391D7749A01CBA1
          Function 01A6CA6F Relevance: .0, Instructions: 42COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
          • Instruction ID: e734cd6b4b7157ff5ace73d17700b4fbf6c6ded4901caafdda7f17b78b948020
          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
          • Instruction Fuzzy Hash: CB01F4322006859BE722971DC905F59BBADEF91760F0C84A5FA848B6A2D77DC800C210
          Function 01B061E5 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ea0c583e2e94250dc0aa460d027f41604b517802e86411b30d0bafe11604677b
          • Instruction ID: 682793b766d3ffe8997521ae8db13a8f96fa5e9bcf19297406f3c584be7385db
          • Opcode Fuzzy Hash: ea0c583e2e94250dc0aa460d027f41604b517802e86411b30d0bafe11604677b
          • Instruction Fuzzy Hash: 51014F71A00259DBDF05DFA9D945AEEBBF8FF58310F14405AE501A7280D774EA01CB95
          Function 01AB63C0 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
          • Instruction ID: 17720f6c6aa9887eaa51c9b6389b8057b9628f0c88b2cdc0aab3c01dc792ae06
          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
          • Instruction Fuzzy Hash: 80F06D7220001DBFEF019F94DE80DEF7B7EEF582A8B104124FA1492020D231DD21ABA0
          Function 01ABA4B0 Relevance: .0, Instructions: 40COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d338aaa3ac4f1f0f0ce1e0e467970babb70fc4b6eba9a9ddcd10357643b43dcc
          • Instruction ID: 72caf6edab12cdb5e3ecc24b3fd6049bec68e62e54a1e68d21e0d269c46cc67b
          • Opcode Fuzzy Hash: d338aaa3ac4f1f0f0ce1e0e467970babb70fc4b6eba9a9ddcd10357643b43dcc
          • Instruction Fuzzy Hash: CF018936100259ABCF229F94D840EDA7F6AFB4C754F058201FE1966221C336D971EB81
          Function 01A2C0F0 Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c0c4592c32c59bfd4c7f2f760c0afe106f929187c7f8188049b0d73b596c3596
          • Instruction ID: bcb1458133dd9dc15d2b4db359c79b8afb596fa47ff7886b839771bf828d5d2f
          • Opcode Fuzzy Hash: c0c4592c32c59bfd4c7f2f760c0afe106f929187c7f8188049b0d73b596c3596
          • Instruction Fuzzy Hash: FAF024712043615BF311966DAC02B6636A6EBC0760F39802AEB098B2C5FA71EC018394
          Function 01A6656A Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b482add33522078fde117051d833ed2610d9db613be080e28623e0e1a2de7327
          • Instruction ID: cba3314c89169121375a2953fbc9a0631872bb1eb846438a4c5f9c4e7d4da461
          • Opcode Fuzzy Hash: b482add33522078fde117051d833ed2610d9db613be080e28623e0e1a2de7327
          • Instruction Fuzzy Hash: 67014F702006C19BE7329B7CCE49F653BACBB84B44F8C4694FA458BAD6DBA8D4018620
          Function 01AD437C Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
          • Instruction ID: 3c6be49894695e2023ac079ead85599febe27eafa1cbf8cff76c03bd8cfbb5d3
          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
          • Instruction Fuzzy Hash: 0FF02E31745E1347E775AB2D8510B2FB6969FD4D00B09052C9603CBE40DF30DC00D790
          Function 01ABC89D Relevance: .0, Instructions: 36COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5066c5598c196050a4039158c95a027800e7cffa36af0bd4a3db86919678ff46
          • Instruction ID: 2faa2de43c71dd3eacdfee8bb07718b33fc58435a326d1244510322a35216e39
          • Opcode Fuzzy Hash: 5066c5598c196050a4039158c95a027800e7cffa36af0bd4a3db86919678ff46
          • Instruction Fuzzy Hash: 74F0C2706053459FC710EF68C941E2BB7E8FF98720F40465AB898DB395EA34EA01C796
          Function 01ABE872 Relevance: .0, Instructions: 36COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
          • Instruction ID: 0475bcd03bfc3edb61c09bf6abf18c9f9c831d752ada4cc4d90c16d7f95031f0
          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
          • Instruction Fuzzy Hash: 6AF054337119A19BD7229B8DDCC0F96B77CAFD5A60F190065A6049B261C761EC0187D0
          Function 01A60854 Relevance: .0, Instructions: 35COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
          • Instruction ID: 99fd3e282547920123273f7d44de7ec85c26d40ec87722aecc3adb0ac5f8b38a
          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
          • Instruction Fuzzy Hash: B8F0E272610204AFE725DF29CE01F96B7EDEFA8344F148078A945D72A0FAB0EE41C694
          Function 01ABC912 Relevance: .0, Instructions: 34COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f7ab7c2ecd35bbf979147dfce251bf24c60e4a22f3ce490b84342aaa5238465e
          • Instruction ID: 778d213add16ab736379e69cad47ad849b4fda5a6362d525e4cbaa83d4d49cb7
          • Opcode Fuzzy Hash: f7ab7c2ecd35bbf979147dfce251bf24c60e4a22f3ce490b84342aaa5238465e
          • Instruction Fuzzy Hash: A3F04F70A01249DFDB14EF69C655EAEB7B8FF58300F008056A955EB385DA38EA01CB51
          Function 01A347FB Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1710268863d182cc7134963896bf635904bf848ff3b6673e434ded269c3b09d8
          • Instruction ID: d7904cb700b7eec1a7f6f3dba0e1345e138ed05da834cdfda040155d7bf70a93
          • Opcode Fuzzy Hash: 1710268863d182cc7134963896bf635904bf848ff3b6673e434ded269c3b09d8
          • Instruction Fuzzy Hash: B7F0E2359167E19FE733CB6CC544B61BBD49F88770F0889AAF58987542C764DC81CA50
          Function 01AF0115 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 493efe753c2248949cf241e6d924ec86e031e3cb3d54b192bb0b40499ac32691
          • Instruction ID: c37b927536f98caabcc0e6c1b28ebd38fe3861db73c8866061986459aa640076
          • Opcode Fuzzy Hash: 493efe753c2248949cf241e6d924ec86e031e3cb3d54b192bb0b40499ac32691
          • Instruction Fuzzy Hash: 5AF027365167C00ACF325F6C66943D12F96A75E210F19148DFAA157207CA748487C728
          Function 01A6C5ED Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8b258dd22248dfc467d319fbdd5012bfacc4a163609737de081da4782f702165
          • Instruction ID: 96ddde6467379dfb31dee47d210df14cc6c17a9988d14e1e5001e2a6933cd5d8
          • Opcode Fuzzy Hash: 8b258dd22248dfc467d319fbdd5012bfacc4a163609737de081da4782f702165
          • Instruction Fuzzy Hash: 8CF027795116919FE733D71CC148B61BBEC9B407B0F08B465D58AC7956C364FC80CA58
          Function 01A72619 Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
          • Instruction ID: 99cfc69b6fc6b48999201c9d06274ac569e03f7d5c6bc94a3dc9ad06f7349ae4
          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
          • Instruction Fuzzy Hash: CAE0D8723006012BE7229F598DC0F47776EEFD2B20F04007BB5045F251C9E2DD0982A4
          Function 01AC6030 Relevance: .0, Instructions: 29COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
          • Instruction ID: 9423f4ed60f0dc770d3fea0df5d63af43326208d2fa0a82064d0db6d783617c8
          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
          • Instruction Fuzzy Hash: E0F03072104204DFE321CF49D944F92B7F8EB45775F45C029E609AB661D379EC40CBA4
          Function 01A30710 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
          • Instruction ID: da90d093c48eb8f433bb36f10d234bc1cebb6ca8d9b3c47e962c9aa0d90f321b
          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
          • Instruction Fuzzy Hash: 8CF0ED3A204B41DBEB17DF1AC240AA57BE8FF81360F044494F8828B301EB31E982CB90
          Function 01A649D0 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
          • Instruction ID: 0fa1c90adda25c22a37edf92a2440cb6481c23eec2c80d52103ab901402f2a31
          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
          • Instruction Fuzzy Hash: 41E0D832244145BFD3311E598800F6E7FADDBF8BA0F150429E2508B550DB70DC40C7E8
          Function 01B04164 Relevance: .0, Instructions: 27COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d757f96e909f5cbd4c05ab6548099a53d7d7c8fd1beeacea49c718974b3a10e0
          • Instruction ID: 295f056f16db4b3b7c10119c1a81cb45783e34a9209890db00e39c38295e5af7
          • Opcode Fuzzy Hash: d757f96e909f5cbd4c05ab6548099a53d7d7c8fd1beeacea49c718974b3a10e0
          • Instruction Fuzzy Hash: F8F0ED31A26A918FE77BD72DE680B527FE0EF10730F0A05E4D50187992CB24EC80C650
          Function 01AD678E Relevance: .0, Instructions: 27COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
          • Instruction ID: beef9ff58fd92e1362a386b5b0bc170c9226c2abdb1574b27902e51f0decd99f
          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
          • Instruction Fuzzy Hash: BBE0DF72A00514FBDB219B998E01F9ABEACDBA4EA0F060054B605E7090E530DE00C690
          Function 01B008C0 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
          • Instruction ID: 6c94ac52865f937e03a05b82ab3dd8cf3fda85842d8b49dc948d38d078f005a0
          • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
          • Instruction Fuzzy Hash: FBE09B316403508BCB2A9A1DC140B73BFE8FF957A0F1580E9E94547652D331F942C6D0
          Function 01A325E0 Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: b0e9300ddb9d95a5fc0e7730354d96ce5bf0db10a0c0be104c61176a21850eaf
          • Instruction ID: 1a863835cc901520e77f07547a65fa1547fa4109849b245ff2b6018f502943d3
          • Opcode Fuzzy Hash: b0e9300ddb9d95a5fc0e7730354d96ce5bf0db10a0c0be104c61176a21850eaf
          • Instruction Fuzzy Hash: 1EE092321006549BC722BF29DE01F9A779AEFA4360F014516F11557190CB30A910C788
          Function 01AEA456 Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
          • Instruction ID: 0dcb88b7c85c78a5f125e1fc02d78ef48fa5b833a7e014358b7af169ca9c621f
          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
          • Instruction Fuzzy Hash: 00E01A31010A52DFEB366F2ADE5CB62BAE5FF90711F148C2DE19A124B1C7B599C1CA40
          Function 01AB4000 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
          • Instruction ID: c45f974162e994c9e39cedde60ebc0666278a06cb9ba5a9170287d85ef381df0
          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
          • Instruction Fuzzy Hash: 62E0C9343003458FE715CF19C080B927BB6BFD9A10F28C068A9498F206EB36E842DB40
          Function 01A6CA38 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d540d07efa79b2a9248746a9dfbb5a9c59e63ee450aa33ba5599177a2066919e
          • Instruction ID: 838ee73156e225864d16998379e085dca895c6a511e8cbaa4de793c999f1e5c3
          • Opcode Fuzzy Hash: d540d07efa79b2a9248746a9dfbb5a9c59e63ee450aa33ba5599177a2066919e
          • Instruction Fuzzy Hash: BCD02B724850306BCB75E6197D04FAB3A5E9B60370F054861F60893015D534CC8192C4
          Function 01A2823B Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
          • Instruction ID: d66d935f8671599a442075b0188c11ac2937db249226efdb0936d48e08935618
          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
          • Instruction Fuzzy Hash: EEE08C31000A30EFDB323F2ADE00B6276E1FFA5B10F14482AF082064A487B8A881DB58
          Function 01A32050 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5a7dab148939c0ef2317dbffee0722fb2f8351a0e252282000bdffae87fa023e
          • Instruction ID: 48811c7da5ded31cf7323d110bf893cba16773d4e22d27bfb028070af5113551
          • Opcode Fuzzy Hash: 5a7dab148939c0ef2317dbffee0722fb2f8351a0e252282000bdffae87fa023e
          • Instruction Fuzzy Hash: B4E0C2321005606BC722FF5DEE00F9A739EEFE4360F000122F15087690CB60AC00C798
          Function 01A68A90 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
          • Instruction ID: e5429837c693941efa2e534affa01b046360a2598bf911dfb411009c0f21b247
          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
          • Instruction Fuzzy Hash: C1E08633111B1487C728DE18D511B7677ACEF55720F09463EAA5347780C534E544C794
          Function 01A86AA4 Relevance: .0, Instructions: 17COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
          • Instruction ID: 27ba2ed9c086b2569fb06894db2917da03027e4dd861505f8e1985fa0287a7fe
          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
          • Instruction Fuzzy Hash: 8CD05E36511A50EFD732AF1BEA00D13FBF9FFC4A10705062EA54583920C670A806CBA0
          Function 01A6E59C Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
          • Instruction ID: ee6f7685ddc40abfc7b6507c9c94dd235d3a8f22cacc91d83361fb20fb7f540d
          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
          • Instruction Fuzzy Hash: F7D0A932204620ABDB32AA1CFC00FD333E8BB88720F060459B009C7050C3A0AC81CA88
          Function 01AAE908 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
          • Instruction ID: 2f65c85036337536ed8caaa319e4b078c08bb77bb3d132d203a6727f94513f40
          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
          • Instruction Fuzzy Hash: 31E0EC359507849BDF12EF59D640F5ABBB5BB94B40F550058A1089B660C724A900CB40
          Function 01A2A0E3 Relevance: .0, Instructions: 15COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
          • Instruction ID: 66b5a8adad518b0d327dba15cfa55a45e6480367302888049a649af11a7166bf
          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
          • Instruction Fuzzy Hash: B6D0123231617197DF29A7596914F676915AFC1AA4F1A006DB90AD3D00C5198C42D6E0
          Function 01A6A830 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
          • Instruction ID: b747e1a8199185e0ca87123c0299cf4339f097d095a8efa8946c8cfb76c3c690
          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
          • Instruction Fuzzy Hash: 0CD012371D055DBBCB11AF66DD01FA57BA9EBA4BA0F444020B504875A0C67AE950D584
          Function 01A6CA24 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fddcc253a9040234d17594f92092cefffee613de2aa1526916e3019fed43afe9
          • Instruction ID: d938c82b31f62567c1fccc5662498401b7ba91c850af5d162db66e484b117f01
          • Opcode Fuzzy Hash: fddcc253a9040234d17594f92092cefffee613de2aa1526916e3019fed43afe9
          • Instruction Fuzzy Hash: D4D052306810028BDF2ADF08CA10A6E3AB9EB20641F800068EA4092421E328D8018B00
          Function 01A402A0 Relevance: .0, Instructions: 13COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
          • Instruction ID: 1a2720622f76f2e758e4f1f8ef26517e0a4f96c29b5fd25a4770a24d37d404b4
          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
          • Instruction Fuzzy Hash: 42D09235212A80CFDA1A8B0CC6A4B5633B4BB84A44F850490E641CBB62D678D980CA00
          Function 01A6C700 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
          • Instruction ID: 4fa3e661257e4ef77fd1d0bc1e7d3a3b73b5d901db3264ba2e0cf5e0fd046f67
          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
          • Instruction Fuzzy Hash: 05C01232150644AFC711AA95CD01F1177A9EB98B40F000021F20447570C571E810D644
          Function 01A50310 Relevance: .0, Instructions: 11COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
          • Instruction ID: bd6e61fe4c334cba52fcc2434fb0bba0e437635ce8b7cf88eda692d02121a61e
          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
          • Instruction Fuzzy Hash: 19D01236100248EFCB01DF41D990D9A772AFBD8710F149019FD19076118A31ED62DA50
          Function 01A30750 Relevance: .0, Instructions: 9COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
          • Instruction ID: c13aa219691a39d71744b5c564680d5a241ee9391a4ea4466a0f512d4bf4440c
          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
          • Instruction Fuzzy Hash: 1FC048B9B01A42CFCF16EB2AD394F5977E4FB84740F154890E845CBB22E624E805CA10
          Function 01A74340 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fc916a41aacd355740e7ec9ed79ab7152cb2f3a6fd2675a2a44b3e35b6c3ebb1
          • Instruction ID: 3967e079d5dd97ea8402feda5d11cf0edfd8598351d8480f4991a40e65c7962d
          • Opcode Fuzzy Hash: fc916a41aacd355740e7ec9ed79ab7152cb2f3a6fd2675a2a44b3e35b6c3ebb1
          • Instruction Fuzzy Hash: 22900231605800129140715848C4546D006A7E0301F96C011E0424558CCE188A565361
          Function 01A74650 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b13d5480a7f27cf7f16e329dff0f1baf46220b68db7b5ec325e76e3dd51d1ee7
          • Instruction ID: de0dda4cff080e0743eb4629776d332dc10ef8936b083a627a6d2928b51a17c5
          • Opcode Fuzzy Hash: b13d5480a7f27cf7f16e329dff0f1baf46220b68db7b5ec325e76e3dd51d1ee7
          • Instruction Fuzzy Hash: A890026160150042414071584844406F006A7E13017D6C115A0554564CCA1C89559369
          Function 01A72BA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 80f1c05dc91613f9967f3b9f5f425e1f40470d5665f05ebe8e2d16494770451c
          • Instruction ID: c162010903e49ec1551de33b03ed26aa941652fb2bbdfee9b04d676275ce5974
          • Opcode Fuzzy Hash: 80f1c05dc91613f9967f3b9f5f425e1f40470d5665f05ebe8e2d16494770451c
          • Instruction Fuzzy Hash: 6290023160540802D15071584454746900697D0301F96C011A0024658DCB598B5577A1
          Function 01A72B80 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4e6c53dde0331abde9c3e31742d78344e8021daf068de40af63da14b328a6c10
          • Instruction ID: 50e014d694836b4b09357f6916e0bc6ce950b8eb3d36e8755ff1b3c6b858a903
          • Opcode Fuzzy Hash: 4e6c53dde0331abde9c3e31742d78344e8021daf068de40af63da14b328a6c10
          • Instruction Fuzzy Hash: 5C90023120140802D10471584844686900697D0301F96C011A6024659EDA6989917231
          Function 01A72BE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5166a68b0786f21bff4efe3fba2389f7feff6308c5bfdc7a88bd8bd0770a5b78
          • Instruction ID: 9b32df6dea9be17b01ddf2d2ab025601c0fc9ec2c2a5dbff3ce8db92ed09026f
          • Opcode Fuzzy Hash: 5166a68b0786f21bff4efe3fba2389f7feff6308c5bfdc7a88bd8bd0770a5b78
          • Instruction Fuzzy Hash: 7990023120544842D14071584444A46901697D0305F96C011A0064698DDA298E55B761
          Function 01A72BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9cf3e28ff96c893473b33526700d9c1ad1d1b241e8e1fcbb3dc0233cff4448ab
          • Instruction ID: 0af81df89db72b5d6cc9e642a90187aae13c45db98073b942993c52b5270d8f6
          • Opcode Fuzzy Hash: 9cf3e28ff96c893473b33526700d9c1ad1d1b241e8e1fcbb3dc0233cff4448ab
          • Instruction Fuzzy Hash: AC90023120140802D1807158444464A900697D1301FD6C015A0025658DCE198B5977A1
          Function 01A72AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e9e6b6f1b9479ef9a8b95b670e8372e9fe2d43f8997d3bd40bc4e7b2545a7823
          • Instruction ID: 0e757692de8506255294659f9e194c00a87c5de97ed7a300b02192f78832a2b0
          • Opcode Fuzzy Hash: e9e6b6f1b9479ef9a8b95b670e8372e9fe2d43f8997d3bd40bc4e7b2545a7823
          • Instruction Fuzzy Hash: 059002A1201540924500B2588444B0AD50697E0301F96C016E1054564CC92989519235
          Function 01A72AF0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7754ecc88bc72db5d58e0bf32bde3e5fe83af2e7922173c2eb6ee97d1e2788d1
          • Instruction ID: a150ef81a3e75324d944cd49db779d07f2396fbb445e4844854de6e87be2667e
          • Opcode Fuzzy Hash: 7754ecc88bc72db5d58e0bf32bde3e5fe83af2e7922173c2eb6ee97d1e2788d1
          • Instruction Fuzzy Hash: 31900225221400020145B558064450B9446A7D63517D6C015F1416594CCA2589655321
          Function 01A72AD0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 84846a22ea75b7cbda76b5efcd20c526f3ed2a5366b8ede823f8c947f3c3f04c
          • Instruction ID: 9df588f0e987f267b0f792dd779affc29fe15d906222835be3a663d2b847a339
          • Opcode Fuzzy Hash: 84846a22ea75b7cbda76b5efcd20c526f3ed2a5366b8ede823f8c947f3c3f04c
          • Instruction Fuzzy Hash: F9900435311400030105F55C0744507D047D7D53517D7C031F1015554CDF35CD715331
          Function 01A72DB0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 56a0d1e57f255cd34286b5b4d94bbe192afc06143bfc7090370d4497c6d6d2cc
          • Instruction ID: 73299bd02377072eb8c8e40e63927a9d70ed4a75ea79c59122a6b474059bfe4d
          • Opcode Fuzzy Hash: 56a0d1e57f255cd34286b5b4d94bbe192afc06143bfc7090370d4497c6d6d2cc
          • Instruction Fuzzy Hash: 4B90023124140402D14171584444606900AA7D0341FD6C012A0424558ECA598B56AB61
          Function 01A72DD0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c4f4296fc274b73126ca8a99716030803bcac6efdde76dc51c13ae4a7ca8fb58
          • Instruction ID: 9706aff88f3bd91197c5f211321ff7d45f438105a5e28432dbe54f873f8e2cc4
          • Opcode Fuzzy Hash: c4f4296fc274b73126ca8a99716030803bcac6efdde76dc51c13ae4a7ca8fb58
          • Instruction Fuzzy Hash: 31900221242441525545B1584444507D007A7E0341BD6C012A1414954CC92A9956D721
          Function 01A72D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7a7b3233e987366ea300d88fb47a059c9116f231df8ffa22d730427b9d102bd0
          • Instruction ID: b263e706e0dcd2e24fa026c459e1cf829fa248f8be0f522f62df6f9ca9c22f49
          • Opcode Fuzzy Hash: 7a7b3233e987366ea300d88fb47a059c9116f231df8ffa22d730427b9d102bd0
          • Instruction Fuzzy Hash: A590022130140003D14071585458606D006E7E1301F96D011E0414558CDD1989565322
          Function 01A72D00 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8a1061009428fdc7fbf1eb66c442146564f1863646e5be70566ff2d831037b3c
          • Instruction ID: cd95c61c4c98cd6b5bfc66336b68ed7effc793f103d559126935d339a0f23570
          • Opcode Fuzzy Hash: 8a1061009428fdc7fbf1eb66c442146564f1863646e5be70566ff2d831037b3c
          • Instruction Fuzzy Hash: 6490022120544442D10075585448A06900697D0305F96D011A1064599DCA398951A231
          Function 01A72D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 51215c6876a0f6641c013f8e979d434d7aecfffdc786c63970f60c32b61b3da8
          • Instruction ID: 7eb50dee987f969c8c4f32a0c67b8c6575a21410f3b0760b191d35298140845f
          • Opcode Fuzzy Hash: 51215c6876a0f6641c013f8e979d434d7aecfffdc786c63970f60c32b61b3da8
          • Instruction Fuzzy Hash: B190022921340002D1807158544860A900697D1302FD6D415A001555CCCD1989695321
          Function 01A72CA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: be2f61f5ad71f9d12666563690c590c3c01b319d042b7c5bf1290a414b276867
          • Instruction ID: 5a8b764062d5272e4b4a9b7a76f58c1dbcffebe3f8d15d65d6060494337556cf
          • Opcode Fuzzy Hash: be2f61f5ad71f9d12666563690c590c3c01b319d042b7c5bf1290a414b276867
          • Instruction Fuzzy Hash: 8D90023120140402D10075985448646900697E0301F96D011A5024559ECA6989916231
          Function 01A72CF0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 44e38f138f29481fa21818084d1dc3e0e09d5d286e7af7de1cacd566ce9bb4eb
          • Instruction ID: 7403012901554bafebfcde02786c3436cf24829f7aaf30bc6f43d97792e6120f
          • Opcode Fuzzy Hash: 44e38f138f29481fa21818084d1dc3e0e09d5d286e7af7de1cacd566ce9bb4eb
          • Instruction Fuzzy Hash: EB90023120140403D10071585548707900697D0301F96D411A042455CDDA5A89516221
          Function 01A72CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f4d2680a52cee1e9f112e806fedfd70be2fe835916a03d999cf6bf924f82c523
          • Instruction ID: c5c29438cf384bca3b12c9042d5e297e9986630efec604c616d6906a3ae955fa
          • Opcode Fuzzy Hash: f4d2680a52cee1e9f112e806fedfd70be2fe835916a03d999cf6bf924f82c523
          • Instruction Fuzzy Hash: 8F90022160540402D14071585458706901697D0301F96D011A0024558DCA5D8B5567A1
          Function 01A72C60 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c6d377ce43988576504db32a99889cdc9e9cb4dcaa640d063ad277b48a84d85c
          • Instruction ID: 1f49ec43e8a25253b1a0342bf81a4e1312c38886365e03a13893955b28dc53a4
          • Opcode Fuzzy Hash: c6d377ce43988576504db32a99889cdc9e9cb4dcaa640d063ad277b48a84d85c
          • Instruction Fuzzy Hash: D790023120140842D10071584444B46900697E0301F96C016A0124658DCA19C9517621
          Function 01A72FA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9101fb7ee4a3eb5186fbb71508fa7d1a69cfa216771a421a112f6195739931a6
          • Instruction ID: 9fe737c842bab2063f9e84d0931f1bfe226c9cc5e5ebfc2ce91e288f7ba58eff
          • Opcode Fuzzy Hash: 9101fb7ee4a3eb5186fbb71508fa7d1a69cfa216771a421a112f6195739931a6
          • Instruction Fuzzy Hash: 9990023120180402D10071584848747900697D0302F96C011A5164559ECA69C9916631
          Function 01A72FB0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c2fdb853c4c743c848f7fd2ebcdacf2da48ffc977e6c5d3119dad3a31fdd36eb
          • Instruction ID: 4e80417eb277d7cb4b9e3f4705b0774f89f1b063f9faa3e088faf8fc35904a28
          • Opcode Fuzzy Hash: c2fdb853c4c743c848f7fd2ebcdacf2da48ffc977e6c5d3119dad3a31fdd36eb
          • Instruction Fuzzy Hash: 5090022160140042414071688884906D006BBE1311B96C121A0998554DC95D89655765
          Function 01A72F90 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dd2c712f27d4d95dd41016b7594788b8e1afcd41b24b51dadf3de724de73bd94
          • Instruction ID: fe463f1c40f707ee24b894652f8e043f1d3158b8bb6703b9feea563fcdd11623
          • Opcode Fuzzy Hash: dd2c712f27d4d95dd41016b7594788b8e1afcd41b24b51dadf3de724de73bd94
          • Instruction Fuzzy Hash: DA90023120180402D1007158485470B900697D0302F96C011A1164559DCA2989516671
          Function 01A72FE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 84a69d2429a43f98eda73082cc7b7f49cd99f69077e242522a64246078f8e1bc
          • Instruction ID: 191d568b1df44a74ea257a20087c121e79946f7577364569371beb8f8ef458bb
          • Opcode Fuzzy Hash: 84a69d2429a43f98eda73082cc7b7f49cd99f69077e242522a64246078f8e1bc
          • Instruction Fuzzy Hash: 5D900221211C0042D20075684C54B07900697D0303F96C115A0154558CCD1989615621
          Function 01A72F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eb82c59cab4ae9aa5e9f3bdb838203361aeda6ddd55d623ca2127bc23a492004
          • Instruction ID: e872fcaf9a92a3f0dc325997ce1907676f32dc4bece6f716d725e8b96afa0350
          • Opcode Fuzzy Hash: eb82c59cab4ae9aa5e9f3bdb838203361aeda6ddd55d623ca2127bc23a492004
          • Instruction Fuzzy Hash: 7D90026134140442D10071584454B069006D7E1301F96C015E1064558DCA1DCD526226
          Function 01A72F60 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d22236e8cf5b35053a5470570ec9381d70ea9856743648fa97b903ec9a36be15
          • Instruction ID: 70ac7a9c0498f79b3e55d06ea8be4b843c201fc879345e0480f753638c3f181b
          • Opcode Fuzzy Hash: d22236e8cf5b35053a5470570ec9381d70ea9856743648fa97b903ec9a36be15
          • Instruction Fuzzy Hash: 4790026121140042D10471584444706904697E1301F96C012A2154558CC92D8D615225
          Function 01A72EA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4972d4a8aba1def4c073d45829eda2866eff433a8ca79ed87a294a21d4e4b388
          • Instruction ID: d65b383cd3beba14edc9e3801875e56cacb940ce6929104de88469ac9f3c52f8
          • Opcode Fuzzy Hash: 4972d4a8aba1def4c073d45829eda2866eff433a8ca79ed87a294a21d4e4b388
          • Instruction Fuzzy Hash: E590027120140402D14071584444746900697D0301F96C011A5064558ECA5D8ED56765
          Function 01A72E80 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 864bce36451c0f5fb3c4da6ece616518094a61a79ba984408e3ec766321fbd90
          • Instruction ID: 5c65955acfe2ee4a02fd534a81e6b001e165dd71fb0de900c0934905929400a3
          • Opcode Fuzzy Hash: 864bce36451c0f5fb3c4da6ece616518094a61a79ba984408e3ec766321fbd90
          • Instruction Fuzzy Hash: 9290022160140502D10171584444616900B97D0341FD6C022A1024559ECE298A92A231
          Function 01A72EE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c2ed0ce64350a7f1259bcb9a33764ee3a00035552dfa9ed2aa7bb8dda2f6fb34
          • Instruction ID: 9978d56f4f107dcb1faa8dabb934563bbf9c4b2d7970f8e98ced6e389346d199
          • Opcode Fuzzy Hash: c2ed0ce64350a7f1259bcb9a33764ee3a00035552dfa9ed2aa7bb8dda2f6fb34
          • Instruction Fuzzy Hash: 5790026120180403D14075584844607900697D0302F96C011A2064559ECE2D8D516235
          Function 01A72E30 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0a72ebcb5a1aa5cb49518e8542fac4bd5b55d6fdc79c89c9f683b5b1ee2056e6
          • Instruction ID: 917ba78672ca044540b6f1928451cb1ac5a5f7619b9aa85249112c7fecdd2c33
          • Opcode Fuzzy Hash: 0a72ebcb5a1aa5cb49518e8542fac4bd5b55d6fdc79c89c9f683b5b1ee2056e6
          • Instruction Fuzzy Hash: 8590022130140402D10271584454606900AD7D1345FD6C012E1424559DCA298A53A232
          Function 01A73090 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2faa9b0c5ba5c685b5cbc3eeffed3c1cce43d7ee2d20d1deba0b1db674468010
          • Instruction ID: 7930696c6d1f030a3d7cf1447547986b745df1783f6f5f5c75006b827773a218
          • Opcode Fuzzy Hash: 2faa9b0c5ba5c685b5cbc3eeffed3c1cce43d7ee2d20d1deba0b1db674468010
          • Instruction Fuzzy Hash: C690022124140802D140715884547079007D7D0701F96C011A0024558DCA1A8A6567B1
          Function 01A73010 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b76a37c2878585a47f5b29d31e2d51ad9b3cddf1e291804d85b2d834698438c2
          • Instruction ID: 5a8c91ec3a405b30b1de921a0d20de0e38de7e32555d4184f59f1fede4e0a93e
          • Opcode Fuzzy Hash: b76a37c2878585a47f5b29d31e2d51ad9b3cddf1e291804d85b2d834698438c2
          • Instruction Fuzzy Hash: B590022120184442D14072584844B0FD10697E1302FD6C019A4156558CCD1989555721
          Function 01A739B0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a38edac6b7a0f5c3d909b2c2233033304057fbedd616b3e2d7586e007345b146
          • Instruction ID: d6cc1f573890dd434b65d48bd3114fa9dbb8701c1ea8e688df4b3ece5f635534
          • Opcode Fuzzy Hash: a38edac6b7a0f5c3d909b2c2233033304057fbedd616b3e2d7586e007345b146
          • Instruction Fuzzy Hash: E990022124545102D150715C4444616D006B7E0301F96C021A0814598DC95989556321
          Function 01A72C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
          • Instruction ID: 9273192d2a0b87b57e3a41d5011fd60890a67506c8b5815046845f0fcd3f8fe9
          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
          • Instruction Fuzzy Hash:
          Function 01A72890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
          • API String ID: 48624451-2108815105
          • Opcode ID: 5e3cd32e2883f3e781b0b95687b25a561a15e9367f7e86953c62e4069d6db0b6
          • Instruction ID: 7c21d6822d236131b9913913ef5a0dfbf250e4b4edfd2c9a628b0870a7658dca
          • Opcode Fuzzy Hash: 5e3cd32e2883f3e781b0b95687b25a561a15e9367f7e86953c62e4069d6db0b6
          • Instruction Fuzzy Hash: 7951B7B5A00117BFDB11DBAD8D90A7EFBF8BB48240B54816AE495D7641D334DF44CBA0
          Function 01AE2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
          • API String ID: 48624451-2108815105
          • Opcode ID: 7cc57e52cd0284592ea7fc573caac9c536cfb870ac1c709cb341b4a91e75aa74
          • Instruction ID: 5cb726c11dac4c1db8f912808bc8ff33a3e805fb2fe0567d806c93f9a428626d
          • Opcode Fuzzy Hash: 7cc57e52cd0284592ea7fc573caac9c536cfb870ac1c709cb341b4a91e75aa74
          • Instruction Fuzzy Hash: 6351E671A00645AEDF35DF6CCA94A7EB7FCEF48300B04846AE596D7642D6B8EA408770
          Function 01A67630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
          Download Yara Rule
          Strings
          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01AA4742
          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01AA4655
          • Execute=1, xrefs: 01AA4713
          • ExecuteOptions, xrefs: 01AA46A0
          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01AA4725
          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01AA46FC
          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01AA4787
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
          • API String ID: 0-484625025
          • Opcode ID: ac44a5223d726df1e72995eb1a31bc55c7e9c4c9abe11eb472ef77a76b056c8d
          • Instruction ID: 43a3ad6897486dfd38d4388aa1192d99df8d7a39edcd60d5b5f66365a95418c9
          • Opcode Fuzzy Hash: ac44a5223d726df1e72995eb1a31bc55c7e9c4c9abe11eb472ef77a76b056c8d
          • Instruction Fuzzy Hash: 42513A356102197AEF21ABE9DD85FBE77BCEF18308F4800A9E605A7181E7709E458F50
          Function 01B06940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
          • Instruction ID: 400669211b449cf24f77edba6439714da1c1083712eb7b79c9dbc97647423b66
          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
          • Instruction Fuzzy Hash: 69021A71508742AFD70ADF18C990A6FBBE5EFC8700F048A6DF9894B294DB31E945CB52
          Function 01A7B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: __aulldvrm
          • String ID: +$-$0$0
          • API String ID: 1302938615-699404926
          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
          • Instruction ID: 680f3dd72b9caef1b6752b9ae22d1ca11686dac706fe6d961917fed82e30415d
          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
          • Instruction Fuzzy Hash: 8E8190B0E062499EEF25CF6CCC917FEBBB2AF45320F1C4259D961A7291C7349A408B71
          Function 01AE20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: %%%u$[$]:%u
          • API String ID: 48624451-2819853543
          • Opcode ID: 57ebd177efc6403f4b2daa445d3f2ebb99d6cc85cc19a9dc8d727eb5c641d8f1
          • Instruction ID: 7492470db6bb66d3c13bd74e4607ee9b1d169a215690509d287efa36e54864bf
          • Opcode Fuzzy Hash: 57ebd177efc6403f4b2daa445d3f2ebb99d6cc85cc19a9dc8d727eb5c641d8f1
          • Instruction Fuzzy Hash: C621327AA00219ABDB11DF79DD44AFEBBFCEF58754F440126E905E3200E734DA058BA1
          Function 01A5F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
          Download Yara Rule
          Strings
          • RTL: Re-Waiting, xrefs: 01AA031E
          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01AA02E7
          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01AA02BD
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
          • API String ID: 0-2474120054
          • Opcode ID: c748c8c446593e65ab6e55ec1818eb42cd582b1a9ef6837f0f735ee894e53463
          • Instruction ID: b8ddb5d83acff11dfa9ab65f90f32650ee6362dd0a393a8a6d7b16c98f885907
          • Opcode Fuzzy Hash: c748c8c446593e65ab6e55ec1818eb42cd582b1a9ef6837f0f735ee894e53463
          • Instruction Fuzzy Hash: CCE1BD306087419FD765CF28C984B6ABBE0BF88314F140A2DFAA5CB2E1D774E944CB52
          Function 01A6B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          APIs
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AA728C
          Strings
          • RTL: Re-Waiting, xrefs: 01AA72C1
          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01AA7294
          • RTL: Resource at %p, xrefs: 01AA72A3
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
          • API String ID: 885266447-605551621
          • Opcode ID: f503770498caa8a1992d26d3e3e882337c06140dbe40333a17151487b90009b1
          • Instruction ID: f64ef861a3414b6f8e2b1272f3037d0de3483e111800ad3947952ae639eb0009
          • Opcode Fuzzy Hash: f503770498caa8a1992d26d3e3e882337c06140dbe40333a17151487b90009b1
          • Instruction Fuzzy Hash: 3641F031700602ABD721DF69CC41BA6B7A9FB94710F140629F955EB241DB31E80687E1
          Function 01AE2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: %%%u$]:%u
          • API String ID: 48624451-3050659472
          • Opcode ID: 27deaf0568c084d1cda6385f7c0f59f4b6edc07609bd7f9d16b8220443189a51
          • Instruction ID: 7c2254b222388eb685428d9b5b6136cd399579dbe758c860ef128f5f86ba2ec4
          • Opcode Fuzzy Hash: 27deaf0568c084d1cda6385f7c0f59f4b6edc07609bd7f9d16b8220443189a51
          • Instruction Fuzzy Hash: B1314172A0021A9EDB21DF2DCD44BEEB7FCBB54710F44455AE949E3240EB30AA448FA0
          Function 01A39126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2463882910.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a00000_VzJM9stirU.jbxd
          Similarity
          • API ID:
          • String ID: $$@
          • API String ID: 0-1194432280
          • Opcode ID: 89157f9dea3731d11dd0e7f1abb03286247f0ba36eb9ea11ceac977f7d4e0324
          • Instruction ID: 6795246f36e7f1d6c3f14415db0d3b730e1f717c155c1f4a55f34640d86a4d33
          • Opcode Fuzzy Hash: 89157f9dea3731d11dd0e7f1abb03286247f0ba36eb9ea11ceac977f7d4e0324
          • Instruction Fuzzy Hash: C6811B72D002699BDB318F54CD44BEABBB4AF48714F0441DAEA1DB7280D7705E85CFA0