Edit tour

Windows Analysis Report
5ZLQrKA4ge.exe

Overview

General Information

Sample name:	5ZLQrKA4ge.exe renamed because original name is a hash value
Original sample name:	282cc024b77357ebf01066b447e9aba43980a62478750ae24b5af2d22c9a7767.exe
Analysis ID:	1530782
MD5:	f7defbfeafc669edb9f091e02ebfc851
SHA1:	288ba25fa5e5f998ccdeb46ab653bf2857377ceb
SHA256:	282cc024b77357ebf01066b447e9aba43980a62478750ae24b5af2d22c9a7767
Tags:	exeuser-adrian__luca
Infos:

Detection

FormBook

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected FormBook

AI detected suspicious sample

Machine Learning detection for sample

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Detected potential crypto function

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file does not import any functions

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

5ZLQrKA4ge.exe (PID: 6200 cmdline: "C:\Users\user\Desktop\5ZLQrKA4ge.exe" MD5: F7DEFBFEAFC669EDB9F091E02EBFC851)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e463:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x16522:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.2787009901.0000000000500000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2787009901.0000000000500000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2c0e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1419f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.5ZLQrKA4ge.exe.110000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0.2.5ZLQrKA4ge.exe.110000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e663:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x16722:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 5ZLQrKA4ge.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: 5ZLQrKA4ge.exe

ReversingLabs: Detection: 60%

Yara detected FormBook

Source: Yara match	File source: 0.2.5ZLQrKA4ge.exe.110000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2787009901.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 5ZLQrKA4ge.exe

Joe Sandbox ML: detected

Source: 5ZLQrKA4ge.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 5ZLQrKA4ge.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: 5ZLQrKA4ge.exe, 00000000.00000003.2457542544.0000000000949000.00000004.00000020.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000003.2455770471.000000000079B000.00000004.00000020.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000002.2787146850.0000000000C8E000.00000040.00001000.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 5ZLQrKA4ge.exe, 5ZLQrKA4ge.exe, 00000000.00000003.2457542544.0000000000949000.00000004.00000020.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000003.2455770471.000000000079B000.00000004.00000020.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000002.2787146850.0000000000C8E000.00000040.00001000.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 0.2.5ZLQrKA4ge.exe.110000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2787009901.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.5ZLQrKA4ge.exe.110000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2787009901.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_0013C703 NtClose,	0_2_0013C703
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00111A7D NtProtectVirtualMemory,	0_2_00111A7D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62B60 NtClose,LdrInitializeThunk,	0_2_00B62B60
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62C70 NtFreeVirtualMemory,LdrInitializeThunk,	0_2_00B62C70
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62DF0 NtQuerySystemInformation,LdrInitializeThunk,	0_2_00B62DF0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B635C0 NtCreateMutant,LdrInitializeThunk,	0_2_00B635C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B64340 NtSetContextThread,	0_2_00B64340
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B64650 NtSuspendThread,	0_2_00B64650
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62AB0 NtWaitForSingleObject,	0_2_00B62AB0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62AF0 NtWriteFile,	0_2_00B62AF0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62AD0 NtReadFile,	0_2_00B62AD0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62BA0 NtEnumerateValueKey,	0_2_00B62BA0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62B80 NtQueryInformationFile,	0_2_00B62B80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62BF0 NtAllocateVirtualMemory,	0_2_00B62BF0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62BE0 NtQueryValueKey,	0_2_00B62BE0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62CA0 NtQueryInformationToken,	0_2_00B62CA0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62CF0 NtOpenProcess,	0_2_00B62CF0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62CC0 NtQueryVirtualMemory,	0_2_00B62CC0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62C00 NtQueryInformationProcess,	0_2_00B62C00
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62C60 NtCreateKey,	0_2_00B62C60
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62DB0 NtEnumerateKey,	0_2_00B62DB0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62DD0 NtDelayExecution,	0_2_00B62DD0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62D30 NtUnmapViewOfSection,	0_2_00B62D30
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62D10 NtMapViewOfSection,	0_2_00B62D10
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62D00 NtSetInformationFile,	0_2_00B62D00
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62EA0 NtAdjustPrivilegesToken,	0_2_00B62EA0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62E80 NtReadVirtualMemory,	0_2_00B62E80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62EE0 NtQueueApcThread,	0_2_00B62EE0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62E30 NtWriteVirtualMemory,	0_2_00B62E30
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62FB0 NtResumeThread,	0_2_00B62FB0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62FA0 NtQuerySection,	0_2_00B62FA0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62F90 NtProtectVirtualMemory,	0_2_00B62F90
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62FE0 NtCreateFile,	0_2_00B62FE0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62F30 NtCreateSection,	0_2_00B62F30
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62F60 NtCreateProcessEx,	0_2_00B62F60
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B63090 NtSetValueKey,	0_2_00B63090
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B63010 NtOpenDirectoryObject,	0_2_00B63010
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B639B0 NtGetContextThread,	0_2_00B639B0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B63D10 NtOpenProcessToken,	0_2_00B63D10
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B63D70 NtOpenThread,	0_2_00B63D70

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00126893	0_2_00126893
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_001110CC	0_2_001110CC
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_001200E3	0_2_001200E3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00113100	0_2_00113100
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_0011E163	0_2_0011E163
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_001129B0	0_2_001129B0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00111260	0_2_00111260
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_0013ED53	0_2_0013ED53
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00112D69	0_2_00112D69
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00112670	0_2_00112670
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00112664	0_2_00112664
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_0011FEBA	0_2_0011FEBA
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_0011FEC3	0_2_0011FEC3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC2000	0_2_00BC2000
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF01AA	0_2_00BF01AA
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE41A2	0_2_00BE41A2
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE81CC	0_2_00BE81CC
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCA118	0_2_00BCA118
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B20100	0_2_00B20100
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB8158	0_2_00BB8158
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB02C0	0_2_00BB02C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3E3F0	0_2_00B3E3F0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF03E6	0_2_00BF03E6
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEA352	0_2_00BEA352
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BDE4F6	0_2_00BDE4F6
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD4420	0_2_00BD4420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE2446	0_2_00BE2446
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF0591	0_2_00BF0591
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30535	0_2_00B30535
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4C6E0	0_2_00B4C6E0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2C7C0	0_2_00B2C7C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B54750	0_2_00B54750
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B168B8	0_2_00B168B8
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E8F0	0_2_00B5E8F0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3A840	0_2_00B3A840
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B32840	0_2_00B32840
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BFA9A6	0_2_00BFA9A6
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B46962	0_2_00B46962
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2EA80	0_2_00B2EA80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE6BD7	0_2_00BE6BD7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEAB40	0_2_00BEAB40
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0CB5	0_2_00BD0CB5
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B20CF2	0_2_00B20CF2
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30C00	0_2_00B30C00
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B48DBF	0_2_00B48DBF
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2ADE0	0_2_00B2ADE0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCCD1F	0_2_00BCCD1F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3AD00	0_2_00B3AD00
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B42E90	0_2_00B42E90
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BECE93	0_2_00BECE93
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEEEDB	0_2_00BEEEDB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEEE26	0_2_00BEEE26
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30E59	0_2_00B30E59
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAEFA0	0_2_00BAEFA0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3CFE0	0_2_00B3CFE0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B22FC8	0_2_00B22FC8
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B50F30	0_2_00B50F30
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD2F30	0_2_00BD2F30
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B72F28	0_2_00B72F28
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA4F40	0_2_00BA4F40
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE70E9	0_2_00BE70E9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEF0E0	0_2_00BEF0E0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BDF0CC	0_2_00BDF0CC
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B370C0	0_2_00B370C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3B1B0	0_2_00B3B1B0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1F172	0_2_00B1F172
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BFB16B	0_2_00BFB16B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B6516C	0_2_00B6516C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B352A0	0_2_00B352A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD12ED	0_2_00BD12ED
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4B2C0	0_2_00B4B2C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B7739A	0_2_00B7739A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE132D	0_2_00BE132D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1D34C	0_2_00B1D34C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEF43F	0_2_00BEF43F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B21460	0_2_00B21460
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCD5B0	0_2_00BCD5B0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF95C3	0_2_00BF95C3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE7571	0_2_00BE7571
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE16CC	0_2_00BE16CC
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B75630	0_2_00B75630
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEF7B0	0_2_00BEF7B0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B338E0	0_2_00B338E0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9D800	0_2_00B9D800
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC5910	0_2_00BC5910
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B39950	0_2_00B39950
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4B950	0_2_00B4B950
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCDAAC	0_2_00BCDAAC
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B75AA0	0_2_00B75AA0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD1AA3	0_2_00BD1AA3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BDDAC6	0_2_00BDDAC6
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA3A6C	0_2_00BA3A6C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEFA49	0_2_00BEFA49
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE7A46	0_2_00BE7A46
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4FB80	0_2_00B4FB80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA5BF0	0_2_00BA5BF0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B6DBF9	0_2_00B6DBF9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEFB76	0_2_00BEFB76
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEFCF2	0_2_00BEFCF2
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA9C32	0_2_00BA9C32
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4FDC0	0_2_00B4FDC0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE7D73	0_2_00BE7D73
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE1D5A	0_2_00BE1D5A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B33D40	0_2_00B33D40
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B39EB0	0_2_00B39EB0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEFFB1	0_2_00BEFFB1
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B31F92	0_2_00B31F92
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00AF3FD5	0_2_00AF3FD5
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00AF3FD2	0_2_00AF3FD2
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEFF09	0_2_00BEFF09

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: String function: 00B1B970 appears 280 times
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: String function: 00B9EA12 appears 86 times
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: String function: 00BAF290 appears 105 times
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: String function: 00B65130 appears 58 times
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: String function: 00B77E54 appears 111 times

Source: 5ZLQrKA4ge.exe

Static PE information: No import functions for PE file found

Source: 5ZLQrKA4ge.exe, 00000000.00000003.2455770471.00000000008BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 5ZLQrKA4ge.exe
Source: 5ZLQrKA4ge.exe, 00000000.00000002.2787146850.0000000000C1D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 5ZLQrKA4ge.exe
Source: 5ZLQrKA4ge.exe, 00000000.00000003.2457542544.0000000000A76000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 5ZLQrKA4ge.exe

Source: 5ZLQrKA4ge.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.5ZLQrKA4ge.exe.110000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2787009901.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: 5ZLQrKA4ge.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 5ZLQrKA4ge.exe

Static PE information: Section .text

Source: classification engine

Classification label: mal80.troj.winEXE@1/0@0/0

Source: 5ZLQrKA4ge.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 5ZLQrKA4ge.exe

ReversingLabs: Detection: 60%

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe

Section loaded: apphelp.dll

Jump to behavior

Source: 5ZLQrKA4ge.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: 5ZLQrKA4ge.exe, 00000000.00000003.2457542544.0000000000949000.00000004.00000020.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000003.2455770471.000000000079B000.00000004.00000020.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000002.2787146850.0000000000C8E000.00000040.00001000.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 5ZLQrKA4ge.exe, 5ZLQrKA4ge.exe, 00000000.00000003.2457542544.0000000000949000.00000004.00000020.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000003.2455770471.000000000079B000.00000004.00000020.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000002.2787146850.0000000000C8E000.00000040.00001000.00020000.00000000.sdmp, 5ZLQrKA4ge.exe, 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_0011212D push es; retf	0_2_001121CE
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_0011218B push es; retf	0_2_001121CE
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_0011BB97 push ss; ret	0_2_0011BB98
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00113380 push eax; ret	0_2_00113382
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00124BC1 push 00000078h; iretd	0_2_00124BC6
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_0012EBE5 push DFEE3EF2h; retf	0_2_0012EC02
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00118591 push es; ret	0_2_00118592
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00125EE3 push ecx; retf	0_2_00125F1D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00AF225F pushad ; ret	0_2_00AF27F9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00AF27FA pushad ; ret	0_2_00AF27F9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00AF283D push eax; iretd	0_2_00AF2858
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B209AD push ecx; mov dword ptr [esp], ecx	0_2_00B209B6
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00AF1368 push eax; iretd	0_2_00AF1369

Source: 5ZLQrKA4ge.exe

Static PE information: section name: .text entropy: 7.99599916957851

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe

Code function: 0_2_00B6096E rdtsc

0_2_00B6096E

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe

API coverage: 0.6 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe

Code function: 0_2_00B6096E rdtsc

0_2_00B6096E

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe

Code function: 0_2_00127843 LdrLoadDll,

0_2_00127843

Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE60B8 mov eax, dword ptr fs:[00000030h]	0_2_00BE60B8
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE60B8 mov ecx, dword ptr fs:[00000030h]	0_2_00BE60B8
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B180A0 mov eax, dword ptr fs:[00000030h]	0_2_00B180A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB80A8 mov eax, dword ptr fs:[00000030h]	0_2_00BB80A8
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2208A mov eax, dword ptr fs:[00000030h]	0_2_00B2208A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1C0F0 mov eax, dword ptr fs:[00000030h]	0_2_00B1C0F0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B620F0 mov ecx, dword ptr fs:[00000030h]	0_2_00B620F0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1A0E3 mov ecx, dword ptr fs:[00000030h]	0_2_00B1A0E3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA60E0 mov eax, dword ptr fs:[00000030h]	0_2_00BA60E0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B280E9 mov eax, dword ptr fs:[00000030h]	0_2_00B280E9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA20DE mov eax, dword ptr fs:[00000030h]	0_2_00BA20DE
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB6030 mov eax, dword ptr fs:[00000030h]	0_2_00BB6030
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1A020 mov eax, dword ptr fs:[00000030h]	0_2_00B1A020
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1C020 mov eax, dword ptr fs:[00000030h]	0_2_00B1C020
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3E016 mov eax, dword ptr fs:[00000030h]	0_2_00B3E016
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3E016 mov eax, dword ptr fs:[00000030h]	0_2_00B3E016
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3E016 mov eax, dword ptr fs:[00000030h]	0_2_00B3E016
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3E016 mov eax, dword ptr fs:[00000030h]	0_2_00B3E016
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA4000 mov ecx, dword ptr fs:[00000030h]	0_2_00BA4000
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC2000 mov eax, dword ptr fs:[00000030h]	0_2_00BC2000
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC2000 mov eax, dword ptr fs:[00000030h]	0_2_00BC2000
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC2000 mov eax, dword ptr fs:[00000030h]	0_2_00BC2000
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC2000 mov eax, dword ptr fs:[00000030h]	0_2_00BC2000
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC2000 mov eax, dword ptr fs:[00000030h]	0_2_00BC2000
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC2000 mov eax, dword ptr fs:[00000030h]	0_2_00BC2000
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC2000 mov eax, dword ptr fs:[00000030h]	0_2_00BC2000
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC2000 mov eax, dword ptr fs:[00000030h]	0_2_00BC2000
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4C073 mov eax, dword ptr fs:[00000030h]	0_2_00B4C073
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B22050 mov eax, dword ptr fs:[00000030h]	0_2_00B22050
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA6050 mov eax, dword ptr fs:[00000030h]	0_2_00BA6050
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA019F mov eax, dword ptr fs:[00000030h]	0_2_00BA019F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA019F mov eax, dword ptr fs:[00000030h]	0_2_00BA019F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA019F mov eax, dword ptr fs:[00000030h]	0_2_00BA019F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA019F mov eax, dword ptr fs:[00000030h]	0_2_00BA019F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1A197 mov eax, dword ptr fs:[00000030h]	0_2_00B1A197
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1A197 mov eax, dword ptr fs:[00000030h]	0_2_00B1A197
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1A197 mov eax, dword ptr fs:[00000030h]	0_2_00B1A197
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B60185 mov eax, dword ptr fs:[00000030h]	0_2_00B60185
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BDC188 mov eax, dword ptr fs:[00000030h]	0_2_00BDC188
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BDC188 mov eax, dword ptr fs:[00000030h]	0_2_00BDC188
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC4180 mov eax, dword ptr fs:[00000030h]	0_2_00BC4180
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC4180 mov eax, dword ptr fs:[00000030h]	0_2_00BC4180
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B501F8 mov eax, dword ptr fs:[00000030h]	0_2_00B501F8
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF61E5 mov eax, dword ptr fs:[00000030h]	0_2_00BF61E5
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E1D0 mov eax, dword ptr fs:[00000030h]	0_2_00B9E1D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E1D0 mov eax, dword ptr fs:[00000030h]	0_2_00B9E1D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E1D0 mov ecx, dword ptr fs:[00000030h]	0_2_00B9E1D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E1D0 mov eax, dword ptr fs:[00000030h]	0_2_00B9E1D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E1D0 mov eax, dword ptr fs:[00000030h]	0_2_00B9E1D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE61C3 mov eax, dword ptr fs:[00000030h]	0_2_00BE61C3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE61C3 mov eax, dword ptr fs:[00000030h]	0_2_00BE61C3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B50124 mov eax, dword ptr fs:[00000030h]	0_2_00B50124
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCA118 mov ecx, dword ptr fs:[00000030h]	0_2_00BCA118
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCA118 mov eax, dword ptr fs:[00000030h]	0_2_00BCA118
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCA118 mov eax, dword ptr fs:[00000030h]	0_2_00BCA118
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCA118 mov eax, dword ptr fs:[00000030h]	0_2_00BCA118
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE0115 mov eax, dword ptr fs:[00000030h]	0_2_00BE0115
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE10E mov eax, dword ptr fs:[00000030h]	0_2_00BCE10E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE10E mov ecx, dword ptr fs:[00000030h]	0_2_00BCE10E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE10E mov eax, dword ptr fs:[00000030h]	0_2_00BCE10E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE10E mov eax, dword ptr fs:[00000030h]	0_2_00BCE10E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE10E mov ecx, dword ptr fs:[00000030h]	0_2_00BCE10E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE10E mov eax, dword ptr fs:[00000030h]	0_2_00BCE10E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE10E mov eax, dword ptr fs:[00000030h]	0_2_00BCE10E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE10E mov ecx, dword ptr fs:[00000030h]	0_2_00BCE10E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE10E mov eax, dword ptr fs:[00000030h]	0_2_00BCE10E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE10E mov ecx, dword ptr fs:[00000030h]	0_2_00BCE10E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4164 mov eax, dword ptr fs:[00000030h]	0_2_00BF4164
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4164 mov eax, dword ptr fs:[00000030h]	0_2_00BF4164
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB8158 mov eax, dword ptr fs:[00000030h]	0_2_00BB8158
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B26154 mov eax, dword ptr fs:[00000030h]	0_2_00B26154
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B26154 mov eax, dword ptr fs:[00000030h]	0_2_00B26154
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1C156 mov eax, dword ptr fs:[00000030h]	0_2_00B1C156
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB4144 mov eax, dword ptr fs:[00000030h]	0_2_00BB4144
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB4144 mov eax, dword ptr fs:[00000030h]	0_2_00BB4144
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB4144 mov ecx, dword ptr fs:[00000030h]	0_2_00BB4144
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB4144 mov eax, dword ptr fs:[00000030h]	0_2_00BB4144
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB4144 mov eax, dword ptr fs:[00000030h]	0_2_00BB4144
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB62A0 mov eax, dword ptr fs:[00000030h]	0_2_00BB62A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB62A0 mov ecx, dword ptr fs:[00000030h]	0_2_00BB62A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB62A0 mov eax, dword ptr fs:[00000030h]	0_2_00BB62A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB62A0 mov eax, dword ptr fs:[00000030h]	0_2_00BB62A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB62A0 mov eax, dword ptr fs:[00000030h]	0_2_00BB62A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB62A0 mov eax, dword ptr fs:[00000030h]	0_2_00BB62A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E284 mov eax, dword ptr fs:[00000030h]	0_2_00B5E284
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E284 mov eax, dword ptr fs:[00000030h]	0_2_00B5E284
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA0283 mov eax, dword ptr fs:[00000030h]	0_2_00BA0283
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA0283 mov eax, dword ptr fs:[00000030h]	0_2_00BA0283
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA0283 mov eax, dword ptr fs:[00000030h]	0_2_00BA0283
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B302E1 mov eax, dword ptr fs:[00000030h]	0_2_00B302E1
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B302E1 mov eax, dword ptr fs:[00000030h]	0_2_00B302E1
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B302E1 mov eax, dword ptr fs:[00000030h]	0_2_00B302E1
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF62D6 mov eax, dword ptr fs:[00000030h]	0_2_00BF62D6
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A2C3 mov eax, dword ptr fs:[00000030h]	0_2_00B2A2C3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A2C3 mov eax, dword ptr fs:[00000030h]	0_2_00B2A2C3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A2C3 mov eax, dword ptr fs:[00000030h]	0_2_00B2A2C3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A2C3 mov eax, dword ptr fs:[00000030h]	0_2_00B2A2C3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A2C3 mov eax, dword ptr fs:[00000030h]	0_2_00B2A2C3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1823B mov eax, dword ptr fs:[00000030h]	0_2_00B1823B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD0274 mov eax, dword ptr fs:[00000030h]	0_2_00BD0274
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B24260 mov eax, dword ptr fs:[00000030h]	0_2_00B24260
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B24260 mov eax, dword ptr fs:[00000030h]	0_2_00B24260
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B24260 mov eax, dword ptr fs:[00000030h]	0_2_00B24260
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1826B mov eax, dword ptr fs:[00000030h]	0_2_00B1826B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1A250 mov eax, dword ptr fs:[00000030h]	0_2_00B1A250
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF625D mov eax, dword ptr fs:[00000030h]	0_2_00BF625D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B26259 mov eax, dword ptr fs:[00000030h]	0_2_00B26259
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BDA250 mov eax, dword ptr fs:[00000030h]	0_2_00BDA250
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BDA250 mov eax, dword ptr fs:[00000030h]	0_2_00BDA250
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA8243 mov eax, dword ptr fs:[00000030h]	0_2_00BA8243
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA8243 mov ecx, dword ptr fs:[00000030h]	0_2_00BA8243
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B18397 mov eax, dword ptr fs:[00000030h]	0_2_00B18397
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B18397 mov eax, dword ptr fs:[00000030h]	0_2_00B18397
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B18397 mov eax, dword ptr fs:[00000030h]	0_2_00B18397
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1E388 mov eax, dword ptr fs:[00000030h]	0_2_00B1E388
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1E388 mov eax, dword ptr fs:[00000030h]	0_2_00B1E388
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1E388 mov eax, dword ptr fs:[00000030h]	0_2_00B1E388
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4438F mov eax, dword ptr fs:[00000030h]	0_2_00B4438F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4438F mov eax, dword ptr fs:[00000030h]	0_2_00B4438F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3E3F0 mov eax, dword ptr fs:[00000030h]	0_2_00B3E3F0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3E3F0 mov eax, dword ptr fs:[00000030h]	0_2_00B3E3F0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3E3F0 mov eax, dword ptr fs:[00000030h]	0_2_00B3E3F0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B563FF mov eax, dword ptr fs:[00000030h]	0_2_00B563FF
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B303E9 mov eax, dword ptr fs:[00000030h]	0_2_00B303E9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B303E9 mov eax, dword ptr fs:[00000030h]	0_2_00B303E9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B303E9 mov eax, dword ptr fs:[00000030h]	0_2_00B303E9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B303E9 mov eax, dword ptr fs:[00000030h]	0_2_00B303E9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B303E9 mov eax, dword ptr fs:[00000030h]	0_2_00B303E9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B303E9 mov eax, dword ptr fs:[00000030h]	0_2_00B303E9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B303E9 mov eax, dword ptr fs:[00000030h]	0_2_00B303E9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B303E9 mov eax, dword ptr fs:[00000030h]	0_2_00B303E9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE3DB mov eax, dword ptr fs:[00000030h]	0_2_00BCE3DB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE3DB mov eax, dword ptr fs:[00000030h]	0_2_00BCE3DB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE3DB mov ecx, dword ptr fs:[00000030h]	0_2_00BCE3DB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCE3DB mov eax, dword ptr fs:[00000030h]	0_2_00BCE3DB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC43D4 mov eax, dword ptr fs:[00000030h]	0_2_00BC43D4
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC43D4 mov eax, dword ptr fs:[00000030h]	0_2_00BC43D4
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BDC3CD mov eax, dword ptr fs:[00000030h]	0_2_00BDC3CD
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A3C0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A3C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A3C0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A3C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A3C0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A3C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A3C0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A3C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A3C0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A3C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A3C0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A3C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B283C0 mov eax, dword ptr fs:[00000030h]	0_2_00B283C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B283C0 mov eax, dword ptr fs:[00000030h]	0_2_00B283C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B283C0 mov eax, dword ptr fs:[00000030h]	0_2_00B283C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B283C0 mov eax, dword ptr fs:[00000030h]	0_2_00B283C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA63C0 mov eax, dword ptr fs:[00000030h]	0_2_00BA63C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF8324 mov eax, dword ptr fs:[00000030h]	0_2_00BF8324
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF8324 mov ecx, dword ptr fs:[00000030h]	0_2_00BF8324
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF8324 mov eax, dword ptr fs:[00000030h]	0_2_00BF8324
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF8324 mov eax, dword ptr fs:[00000030h]	0_2_00BF8324
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1C310 mov ecx, dword ptr fs:[00000030h]	0_2_00B1C310
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B40310 mov ecx, dword ptr fs:[00000030h]	0_2_00B40310
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A30B mov eax, dword ptr fs:[00000030h]	0_2_00B5A30B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A30B mov eax, dword ptr fs:[00000030h]	0_2_00B5A30B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A30B mov eax, dword ptr fs:[00000030h]	0_2_00B5A30B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC437C mov eax, dword ptr fs:[00000030h]	0_2_00BC437C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA035C mov eax, dword ptr fs:[00000030h]	0_2_00BA035C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA035C mov eax, dword ptr fs:[00000030h]	0_2_00BA035C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA035C mov eax, dword ptr fs:[00000030h]	0_2_00BA035C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA035C mov ecx, dword ptr fs:[00000030h]	0_2_00BA035C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA035C mov eax, dword ptr fs:[00000030h]	0_2_00BA035C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA035C mov eax, dword ptr fs:[00000030h]	0_2_00BA035C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEA352 mov eax, dword ptr fs:[00000030h]	0_2_00BEA352
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC8350 mov ecx, dword ptr fs:[00000030h]	0_2_00BC8350
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF634F mov eax, dword ptr fs:[00000030h]	0_2_00BF634F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA2349 mov eax, dword ptr fs:[00000030h]	0_2_00BA2349
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B544B0 mov ecx, dword ptr fs:[00000030h]	0_2_00B544B0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAA4B0 mov eax, dword ptr fs:[00000030h]	0_2_00BAA4B0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B264AB mov eax, dword ptr fs:[00000030h]	0_2_00B264AB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BDA49A mov eax, dword ptr fs:[00000030h]	0_2_00BDA49A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B204E5 mov ecx, dword ptr fs:[00000030h]	0_2_00B204E5
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A430 mov eax, dword ptr fs:[00000030h]	0_2_00B5A430
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1E420 mov eax, dword ptr fs:[00000030h]	0_2_00B1E420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1E420 mov eax, dword ptr fs:[00000030h]	0_2_00B1E420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1E420 mov eax, dword ptr fs:[00000030h]	0_2_00B1E420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1C427 mov eax, dword ptr fs:[00000030h]	0_2_00B1C427
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA6420 mov eax, dword ptr fs:[00000030h]	0_2_00BA6420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA6420 mov eax, dword ptr fs:[00000030h]	0_2_00BA6420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA6420 mov eax, dword ptr fs:[00000030h]	0_2_00BA6420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA6420 mov eax, dword ptr fs:[00000030h]	0_2_00BA6420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA6420 mov eax, dword ptr fs:[00000030h]	0_2_00BA6420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA6420 mov eax, dword ptr fs:[00000030h]	0_2_00BA6420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA6420 mov eax, dword ptr fs:[00000030h]	0_2_00BA6420
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B58402 mov eax, dword ptr fs:[00000030h]	0_2_00B58402
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B58402 mov eax, dword ptr fs:[00000030h]	0_2_00B58402
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B58402 mov eax, dword ptr fs:[00000030h]	0_2_00B58402
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4A470 mov eax, dword ptr fs:[00000030h]	0_2_00B4A470
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4A470 mov eax, dword ptr fs:[00000030h]	0_2_00B4A470
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4A470 mov eax, dword ptr fs:[00000030h]	0_2_00B4A470
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAC460 mov ecx, dword ptr fs:[00000030h]	0_2_00BAC460
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BDA456 mov eax, dword ptr fs:[00000030h]	0_2_00BDA456
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1645D mov eax, dword ptr fs:[00000030h]	0_2_00B1645D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4245A mov eax, dword ptr fs:[00000030h]	0_2_00B4245A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E443 mov eax, dword ptr fs:[00000030h]	0_2_00B5E443
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E443 mov eax, dword ptr fs:[00000030h]	0_2_00B5E443
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E443 mov eax, dword ptr fs:[00000030h]	0_2_00B5E443
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E443 mov eax, dword ptr fs:[00000030h]	0_2_00B5E443
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E443 mov eax, dword ptr fs:[00000030h]	0_2_00B5E443
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E443 mov eax, dword ptr fs:[00000030h]	0_2_00B5E443
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E443 mov eax, dword ptr fs:[00000030h]	0_2_00B5E443
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E443 mov eax, dword ptr fs:[00000030h]	0_2_00B5E443
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B445B1 mov eax, dword ptr fs:[00000030h]	0_2_00B445B1
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B445B1 mov eax, dword ptr fs:[00000030h]	0_2_00B445B1
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA05A7 mov eax, dword ptr fs:[00000030h]	0_2_00BA05A7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA05A7 mov eax, dword ptr fs:[00000030h]	0_2_00BA05A7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA05A7 mov eax, dword ptr fs:[00000030h]	0_2_00BA05A7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E59C mov eax, dword ptr fs:[00000030h]	0_2_00B5E59C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B22582 mov eax, dword ptr fs:[00000030h]	0_2_00B22582
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B22582 mov ecx, dword ptr fs:[00000030h]	0_2_00B22582
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B54588 mov eax, dword ptr fs:[00000030h]	0_2_00B54588
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B225E0 mov eax, dword ptr fs:[00000030h]	0_2_00B225E0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E5E7 mov eax, dword ptr fs:[00000030h]	0_2_00B4E5E7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E5E7 mov eax, dword ptr fs:[00000030h]	0_2_00B4E5E7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E5E7 mov eax, dword ptr fs:[00000030h]	0_2_00B4E5E7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E5E7 mov eax, dword ptr fs:[00000030h]	0_2_00B4E5E7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E5E7 mov eax, dword ptr fs:[00000030h]	0_2_00B4E5E7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E5E7 mov eax, dword ptr fs:[00000030h]	0_2_00B4E5E7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E5E7 mov eax, dword ptr fs:[00000030h]	0_2_00B4E5E7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E5E7 mov eax, dword ptr fs:[00000030h]	0_2_00B4E5E7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5C5ED mov eax, dword ptr fs:[00000030h]	0_2_00B5C5ED
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5C5ED mov eax, dword ptr fs:[00000030h]	0_2_00B5C5ED
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B265D0 mov eax, dword ptr fs:[00000030h]	0_2_00B265D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A5D0 mov eax, dword ptr fs:[00000030h]	0_2_00B5A5D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A5D0 mov eax, dword ptr fs:[00000030h]	0_2_00B5A5D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E5CF mov eax, dword ptr fs:[00000030h]	0_2_00B5E5CF
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5E5CF mov eax, dword ptr fs:[00000030h]	0_2_00B5E5CF
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30535 mov eax, dword ptr fs:[00000030h]	0_2_00B30535
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30535 mov eax, dword ptr fs:[00000030h]	0_2_00B30535
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30535 mov eax, dword ptr fs:[00000030h]	0_2_00B30535
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30535 mov eax, dword ptr fs:[00000030h]	0_2_00B30535
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30535 mov eax, dword ptr fs:[00000030h]	0_2_00B30535
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30535 mov eax, dword ptr fs:[00000030h]	0_2_00B30535
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E53E mov eax, dword ptr fs:[00000030h]	0_2_00B4E53E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E53E mov eax, dword ptr fs:[00000030h]	0_2_00B4E53E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E53E mov eax, dword ptr fs:[00000030h]	0_2_00B4E53E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E53E mov eax, dword ptr fs:[00000030h]	0_2_00B4E53E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E53E mov eax, dword ptr fs:[00000030h]	0_2_00B4E53E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB6500 mov eax, dword ptr fs:[00000030h]	0_2_00BB6500
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4500 mov eax, dword ptr fs:[00000030h]	0_2_00BF4500
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4500 mov eax, dword ptr fs:[00000030h]	0_2_00BF4500
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4500 mov eax, dword ptr fs:[00000030h]	0_2_00BF4500
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4500 mov eax, dword ptr fs:[00000030h]	0_2_00BF4500
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4500 mov eax, dword ptr fs:[00000030h]	0_2_00BF4500
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4500 mov eax, dword ptr fs:[00000030h]	0_2_00BF4500
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4500 mov eax, dword ptr fs:[00000030h]	0_2_00BF4500
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5656A mov eax, dword ptr fs:[00000030h]	0_2_00B5656A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5656A mov eax, dword ptr fs:[00000030h]	0_2_00B5656A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5656A mov eax, dword ptr fs:[00000030h]	0_2_00B5656A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B28550 mov eax, dword ptr fs:[00000030h]	0_2_00B28550
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B28550 mov eax, dword ptr fs:[00000030h]	0_2_00B28550
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B566B0 mov eax, dword ptr fs:[00000030h]	0_2_00B566B0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5C6A6 mov eax, dword ptr fs:[00000030h]	0_2_00B5C6A6
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B24690 mov eax, dword ptr fs:[00000030h]	0_2_00B24690
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B24690 mov eax, dword ptr fs:[00000030h]	0_2_00B24690
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E6F2 mov eax, dword ptr fs:[00000030h]	0_2_00B9E6F2
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E6F2 mov eax, dword ptr fs:[00000030h]	0_2_00B9E6F2
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E6F2 mov eax, dword ptr fs:[00000030h]	0_2_00B9E6F2
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E6F2 mov eax, dword ptr fs:[00000030h]	0_2_00B9E6F2
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA06F1 mov eax, dword ptr fs:[00000030h]	0_2_00BA06F1
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA06F1 mov eax, dword ptr fs:[00000030h]	0_2_00BA06F1
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A6C7 mov ebx, dword ptr fs:[00000030h]	0_2_00B5A6C7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A6C7 mov eax, dword ptr fs:[00000030h]	0_2_00B5A6C7
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3E627 mov eax, dword ptr fs:[00000030h]	0_2_00B3E627
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B56620 mov eax, dword ptr fs:[00000030h]	0_2_00B56620
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B58620 mov eax, dword ptr fs:[00000030h]	0_2_00B58620
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2262C mov eax, dword ptr fs:[00000030h]	0_2_00B2262C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62619 mov eax, dword ptr fs:[00000030h]	0_2_00B62619
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E609 mov eax, dword ptr fs:[00000030h]	0_2_00B9E609
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3260B mov eax, dword ptr fs:[00000030h]	0_2_00B3260B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3260B mov eax, dword ptr fs:[00000030h]	0_2_00B3260B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3260B mov eax, dword ptr fs:[00000030h]	0_2_00B3260B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3260B mov eax, dword ptr fs:[00000030h]	0_2_00B3260B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3260B mov eax, dword ptr fs:[00000030h]	0_2_00B3260B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3260B mov eax, dword ptr fs:[00000030h]	0_2_00B3260B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3260B mov eax, dword ptr fs:[00000030h]	0_2_00B3260B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B52674 mov eax, dword ptr fs:[00000030h]	0_2_00B52674
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE866E mov eax, dword ptr fs:[00000030h]	0_2_00BE866E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE866E mov eax, dword ptr fs:[00000030h]	0_2_00BE866E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A660 mov eax, dword ptr fs:[00000030h]	0_2_00B5A660
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A660 mov eax, dword ptr fs:[00000030h]	0_2_00B5A660
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B3C640 mov eax, dword ptr fs:[00000030h]	0_2_00B3C640
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B207AF mov eax, dword ptr fs:[00000030h]	0_2_00B207AF
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD47A0 mov eax, dword ptr fs:[00000030h]	0_2_00BD47A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC678E mov eax, dword ptr fs:[00000030h]	0_2_00BC678E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B247FB mov eax, dword ptr fs:[00000030h]	0_2_00B247FB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B247FB mov eax, dword ptr fs:[00000030h]	0_2_00B247FB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B427ED mov eax, dword ptr fs:[00000030h]	0_2_00B427ED
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B427ED mov eax, dword ptr fs:[00000030h]	0_2_00B427ED
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B427ED mov eax, dword ptr fs:[00000030h]	0_2_00B427ED
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAE7E1 mov eax, dword ptr fs:[00000030h]	0_2_00BAE7E1
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2C7C0 mov eax, dword ptr fs:[00000030h]	0_2_00B2C7C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA07C3 mov eax, dword ptr fs:[00000030h]	0_2_00BA07C3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5273C mov eax, dword ptr fs:[00000030h]	0_2_00B5273C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5273C mov ecx, dword ptr fs:[00000030h]	0_2_00B5273C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5273C mov eax, dword ptr fs:[00000030h]	0_2_00B5273C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9C730 mov eax, dword ptr fs:[00000030h]	0_2_00B9C730
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5C720 mov eax, dword ptr fs:[00000030h]	0_2_00B5C720
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5C720 mov eax, dword ptr fs:[00000030h]	0_2_00B5C720
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B20710 mov eax, dword ptr fs:[00000030h]	0_2_00B20710
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B50710 mov eax, dword ptr fs:[00000030h]	0_2_00B50710
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5C700 mov eax, dword ptr fs:[00000030h]	0_2_00B5C700
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B28770 mov eax, dword ptr fs:[00000030h]	0_2_00B28770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30770 mov eax, dword ptr fs:[00000030h]	0_2_00B30770
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B20750 mov eax, dword ptr fs:[00000030h]	0_2_00B20750
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62750 mov eax, dword ptr fs:[00000030h]	0_2_00B62750
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B62750 mov eax, dword ptr fs:[00000030h]	0_2_00B62750
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAE75D mov eax, dword ptr fs:[00000030h]	0_2_00BAE75D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA4755 mov eax, dword ptr fs:[00000030h]	0_2_00BA4755
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5674D mov esi, dword ptr fs:[00000030h]	0_2_00B5674D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5674D mov eax, dword ptr fs:[00000030h]	0_2_00B5674D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5674D mov eax, dword ptr fs:[00000030h]	0_2_00B5674D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAC89D mov eax, dword ptr fs:[00000030h]	0_2_00BAC89D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B20887 mov eax, dword ptr fs:[00000030h]	0_2_00B20887
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5C8F9 mov eax, dword ptr fs:[00000030h]	0_2_00B5C8F9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5C8F9 mov eax, dword ptr fs:[00000030h]	0_2_00B5C8F9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEA8E4 mov eax, dword ptr fs:[00000030h]	0_2_00BEA8E4
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4E8C0 mov eax, dword ptr fs:[00000030h]	0_2_00B4E8C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF08C0 mov eax, dword ptr fs:[00000030h]	0_2_00BF08C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B42835 mov eax, dword ptr fs:[00000030h]	0_2_00B42835
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B42835 mov eax, dword ptr fs:[00000030h]	0_2_00B42835
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B42835 mov eax, dword ptr fs:[00000030h]	0_2_00B42835
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B42835 mov ecx, dword ptr fs:[00000030h]	0_2_00B42835
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B42835 mov eax, dword ptr fs:[00000030h]	0_2_00B42835
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B42835 mov eax, dword ptr fs:[00000030h]	0_2_00B42835
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5A830 mov eax, dword ptr fs:[00000030h]	0_2_00B5A830
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC483A mov eax, dword ptr fs:[00000030h]	0_2_00BC483A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC483A mov eax, dword ptr fs:[00000030h]	0_2_00BC483A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAC810 mov eax, dword ptr fs:[00000030h]	0_2_00BAC810
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAE872 mov eax, dword ptr fs:[00000030h]	0_2_00BAE872
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAE872 mov eax, dword ptr fs:[00000030h]	0_2_00BAE872
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB6870 mov eax, dword ptr fs:[00000030h]	0_2_00BB6870
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB6870 mov eax, dword ptr fs:[00000030h]	0_2_00BB6870
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B50854 mov eax, dword ptr fs:[00000030h]	0_2_00B50854
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B24859 mov eax, dword ptr fs:[00000030h]	0_2_00B24859
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B24859 mov eax, dword ptr fs:[00000030h]	0_2_00B24859
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B32840 mov ecx, dword ptr fs:[00000030h]	0_2_00B32840
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA89B3 mov esi, dword ptr fs:[00000030h]	0_2_00BA89B3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA89B3 mov eax, dword ptr fs:[00000030h]	0_2_00BA89B3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA89B3 mov eax, dword ptr fs:[00000030h]	0_2_00BA89B3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B329A0 mov eax, dword ptr fs:[00000030h]	0_2_00B329A0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B209AD mov eax, dword ptr fs:[00000030h]	0_2_00B209AD
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B209AD mov eax, dword ptr fs:[00000030h]	0_2_00B209AD
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B529F9 mov eax, dword ptr fs:[00000030h]	0_2_00B529F9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B529F9 mov eax, dword ptr fs:[00000030h]	0_2_00B529F9
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAE9E0 mov eax, dword ptr fs:[00000030h]	0_2_00BAE9E0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A9D0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A9D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A9D0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A9D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A9D0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A9D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A9D0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A9D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A9D0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A9D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2A9D0 mov eax, dword ptr fs:[00000030h]	0_2_00B2A9D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B549D0 mov eax, dword ptr fs:[00000030h]	0_2_00B549D0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BEA9D3 mov eax, dword ptr fs:[00000030h]	0_2_00BEA9D3
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB69C0 mov eax, dword ptr fs:[00000030h]	0_2_00BB69C0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA892A mov eax, dword ptr fs:[00000030h]	0_2_00BA892A
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BB892B mov eax, dword ptr fs:[00000030h]	0_2_00BB892B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAC912 mov eax, dword ptr fs:[00000030h]	0_2_00BAC912
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B18918 mov eax, dword ptr fs:[00000030h]	0_2_00B18918
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B18918 mov eax, dword ptr fs:[00000030h]	0_2_00B18918
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E908 mov eax, dword ptr fs:[00000030h]	0_2_00B9E908
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9E908 mov eax, dword ptr fs:[00000030h]	0_2_00B9E908
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC4978 mov eax, dword ptr fs:[00000030h]	0_2_00BC4978
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BC4978 mov eax, dword ptr fs:[00000030h]	0_2_00BC4978
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BAC97C mov eax, dword ptr fs:[00000030h]	0_2_00BAC97C
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B46962 mov eax, dword ptr fs:[00000030h]	0_2_00B46962
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B46962 mov eax, dword ptr fs:[00000030h]	0_2_00B46962
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B46962 mov eax, dword ptr fs:[00000030h]	0_2_00B46962
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B6096E mov eax, dword ptr fs:[00000030h]	0_2_00B6096E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B6096E mov edx, dword ptr fs:[00000030h]	0_2_00B6096E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B6096E mov eax, dword ptr fs:[00000030h]	0_2_00B6096E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BA0946 mov eax, dword ptr fs:[00000030h]	0_2_00BA0946
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4940 mov eax, dword ptr fs:[00000030h]	0_2_00BF4940
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B28AA0 mov eax, dword ptr fs:[00000030h]	0_2_00B28AA0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B28AA0 mov eax, dword ptr fs:[00000030h]	0_2_00B28AA0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B76AA4 mov eax, dword ptr fs:[00000030h]	0_2_00B76AA4
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B58A90 mov edx, dword ptr fs:[00000030h]	0_2_00B58A90
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2EA80 mov eax, dword ptr fs:[00000030h]	0_2_00B2EA80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2EA80 mov eax, dword ptr fs:[00000030h]	0_2_00B2EA80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2EA80 mov eax, dword ptr fs:[00000030h]	0_2_00B2EA80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2EA80 mov eax, dword ptr fs:[00000030h]	0_2_00B2EA80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2EA80 mov eax, dword ptr fs:[00000030h]	0_2_00B2EA80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2EA80 mov eax, dword ptr fs:[00000030h]	0_2_00B2EA80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2EA80 mov eax, dword ptr fs:[00000030h]	0_2_00B2EA80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2EA80 mov eax, dword ptr fs:[00000030h]	0_2_00B2EA80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B2EA80 mov eax, dword ptr fs:[00000030h]	0_2_00B2EA80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4A80 mov eax, dword ptr fs:[00000030h]	0_2_00BF4A80
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5AAEE mov eax, dword ptr fs:[00000030h]	0_2_00B5AAEE
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5AAEE mov eax, dword ptr fs:[00000030h]	0_2_00B5AAEE
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B20AD0 mov eax, dword ptr fs:[00000030h]	0_2_00B20AD0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B54AD0 mov eax, dword ptr fs:[00000030h]	0_2_00B54AD0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B54AD0 mov eax, dword ptr fs:[00000030h]	0_2_00B54AD0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B76ACC mov eax, dword ptr fs:[00000030h]	0_2_00B76ACC
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B76ACC mov eax, dword ptr fs:[00000030h]	0_2_00B76ACC
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B76ACC mov eax, dword ptr fs:[00000030h]	0_2_00B76ACC
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B44A35 mov eax, dword ptr fs:[00000030h]	0_2_00B44A35
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B44A35 mov eax, dword ptr fs:[00000030h]	0_2_00B44A35
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5CA38 mov eax, dword ptr fs:[00000030h]	0_2_00B5CA38
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5CA24 mov eax, dword ptr fs:[00000030h]	0_2_00B5CA24
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4EA2E mov eax, dword ptr fs:[00000030h]	0_2_00B4EA2E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BACA11 mov eax, dword ptr fs:[00000030h]	0_2_00BACA11
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9CA72 mov eax, dword ptr fs:[00000030h]	0_2_00B9CA72
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9CA72 mov eax, dword ptr fs:[00000030h]	0_2_00B9CA72
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5CA6F mov eax, dword ptr fs:[00000030h]	0_2_00B5CA6F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5CA6F mov eax, dword ptr fs:[00000030h]	0_2_00B5CA6F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B5CA6F mov eax, dword ptr fs:[00000030h]	0_2_00B5CA6F
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCEA60 mov eax, dword ptr fs:[00000030h]	0_2_00BCEA60
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B26A50 mov eax, dword ptr fs:[00000030h]	0_2_00B26A50
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B26A50 mov eax, dword ptr fs:[00000030h]	0_2_00B26A50
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B26A50 mov eax, dword ptr fs:[00000030h]	0_2_00B26A50
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B26A50 mov eax, dword ptr fs:[00000030h]	0_2_00B26A50
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B26A50 mov eax, dword ptr fs:[00000030h]	0_2_00B26A50
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B26A50 mov eax, dword ptr fs:[00000030h]	0_2_00B26A50
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B26A50 mov eax, dword ptr fs:[00000030h]	0_2_00B26A50
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30A5B mov eax, dword ptr fs:[00000030h]	0_2_00B30A5B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30A5B mov eax, dword ptr fs:[00000030h]	0_2_00B30A5B
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30BBE mov eax, dword ptr fs:[00000030h]	0_2_00B30BBE
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B30BBE mov eax, dword ptr fs:[00000030h]	0_2_00B30BBE
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD4BB0 mov eax, dword ptr fs:[00000030h]	0_2_00BD4BB0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BD4BB0 mov eax, dword ptr fs:[00000030h]	0_2_00BD4BB0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B28BF0 mov eax, dword ptr fs:[00000030h]	0_2_00B28BF0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B28BF0 mov eax, dword ptr fs:[00000030h]	0_2_00B28BF0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B28BF0 mov eax, dword ptr fs:[00000030h]	0_2_00B28BF0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4EBFC mov eax, dword ptr fs:[00000030h]	0_2_00B4EBFC
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BACBF0 mov eax, dword ptr fs:[00000030h]	0_2_00BACBF0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BCEBD0 mov eax, dword ptr fs:[00000030h]	0_2_00BCEBD0
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B40BCB mov eax, dword ptr fs:[00000030h]	0_2_00B40BCB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B40BCB mov eax, dword ptr fs:[00000030h]	0_2_00B40BCB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B40BCB mov eax, dword ptr fs:[00000030h]	0_2_00B40BCB
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B20BCD mov eax, dword ptr fs:[00000030h]	0_2_00B20BCD
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B20BCD mov eax, dword ptr fs:[00000030h]	0_2_00B20BCD
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B20BCD mov eax, dword ptr fs:[00000030h]	0_2_00B20BCD
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4EB20 mov eax, dword ptr fs:[00000030h]	0_2_00B4EB20
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B4EB20 mov eax, dword ptr fs:[00000030h]	0_2_00B4EB20
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE8B28 mov eax, dword ptr fs:[00000030h]	0_2_00BE8B28
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BE8B28 mov eax, dword ptr fs:[00000030h]	0_2_00BE8B28
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9EB1D mov eax, dword ptr fs:[00000030h]	0_2_00B9EB1D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9EB1D mov eax, dword ptr fs:[00000030h]	0_2_00B9EB1D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9EB1D mov eax, dword ptr fs:[00000030h]	0_2_00B9EB1D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9EB1D mov eax, dword ptr fs:[00000030h]	0_2_00B9EB1D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9EB1D mov eax, dword ptr fs:[00000030h]	0_2_00B9EB1D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9EB1D mov eax, dword ptr fs:[00000030h]	0_2_00B9EB1D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9EB1D mov eax, dword ptr fs:[00000030h]	0_2_00B9EB1D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9EB1D mov eax, dword ptr fs:[00000030h]	0_2_00B9EB1D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B9EB1D mov eax, dword ptr fs:[00000030h]	0_2_00B9EB1D
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF4B00 mov eax, dword ptr fs:[00000030h]	0_2_00BF4B00
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B1CB7E mov eax, dword ptr fs:[00000030h]	0_2_00B1CB7E
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00B18B50 mov eax, dword ptr fs:[00000030h]	0_2_00B18B50
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF2B57 mov eax, dword ptr fs:[00000030h]	0_2_00BF2B57
Source: C:\Users\user\Desktop\5ZLQrKA4ge.exe	Code function: 0_2_00BF2B57 mov eax, dword ptr fs:[00000030h]	0_2_00BF2B57

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 0.2.5ZLQrKA4ge.exe.110000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2787009901.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 0.2.5ZLQrKA4ge.exe.110000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2787009901.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	OS Credential Dumping	2 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	2 Software Packing	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
5ZLQrKA4ge.exe	61%	ReversingLabs	Win32.Backdoor.FormBook
5ZLQrKA4ge.exe	100%	Avira	TR/Crypt.ZPACK.Gen
5ZLQrKA4ge.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1530782
Start date and time:	2024-10-10 14:40:27 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	5ZLQrKA4ge.exe renamed because original name is a hash value
Original Sample Name:	282cc024b77357ebf01066b447e9aba43980a62478750ae24b5af2d22c9a7767.exe
Detection:	MAL
Classification:	mal80.troj.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 92% Number of executed functions: 11 Number of non-executed functions: 335
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: 5ZLQrKA4ge.exe

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.99233610052228
TrID:	Win32 Executable (generic) a (10002005/4) 99.98% DOS Executable Generic (2002/1) 0.02%
File name:	5ZLQrKA4ge.exe
File size:	284'672 bytes
MD5:	f7defbfeafc669edb9f091e02ebfc851
SHA1:	288ba25fa5e5f998ccdeb46ab653bf2857377ceb
SHA256:	282cc024b77357ebf01066b447e9aba43980a62478750ae24b5af2d22c9a7767
SHA512:	82aa84ede195a6a82e28f9d01f628c8e3a5d919fafecb906bf2ee50306faf6672cd0963841fe5e836cc44380fccac46abd5a40c70c95b24e941234f19da5ca86
SSDEEP:	6144:XhERp7nveiua4sTynqdzIWKH9W259qBrjalh/ze:XhERp7nvhTISRKHIisBClh
TLSH:	BC5423746A03848ADCFD8F3A1357FD5FD847219F6D5E4720614B12DEC8F093A0A98769
File Content Preview:	MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L...n..[.................T...................p....@................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4014a0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5B98BA6E [Wed Sep 12 07:04:14 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 00000300h
push ebx
push esi
push edi
push 000002DCh
lea eax, dword ptr [ebp-000002FCh]
push 00000000h
push eax
mov dword ptr [ebp-00000300h], 00000000h
call 00007F4820808F1Ch
xor esi, esi
add esp, 0Ch
xor edi, edi
mov dword ptr [ebp-18h], esi
mov dword ptr [ebp-10h], 000029DEh
mov dword ptr [ebp-04h], esi
mov dword ptr [ebp-20h], 000053F9h
mov dword ptr [ebp-08h], 00006B1Ch
mov dword ptr [ebp-0Ch], 0000291Ah
mov dword ptr [ebp-14h], 00002B76h
mov dword ptr [ebp-1Ch], 00003D04h
call 00007F48208091D0h
mov dword ptr [ebp-0000026Ch], eax
mov eax, 000020F0h
cdq
and edx, 03h
add eax, edx
sar eax, 02h
test eax, eax
jne 00007F4820807345h
mov edi, 00004538h
mov eax, 4C346405h
imul edi
sar edx, 06h
mov edi, edx
shr edi, 1Fh
add edi, edx
jne 00007F482080733Fh
lea eax, dword ptr [ebp-000001F8h]
push eax
push 00005F7Dh
call 00007F482080706Fh
lea eax, dword ptr [ebp-000002E4h]
push eax
push 00005DECh
call 00007F482080705Eh
lea eax, dword ptr [ebp-000002E4h]
push 00DB7818h
push eax
call 00007F48208079EDh

Rich Headers

Programming Language:

[C++] VS2012 build 50727
[ASM] VS2012 build 50727
[LNK] VS2012 build 50727

Data Directories

Name	Virtual Address	Virtual Size
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x45384	0x45400	59138bb76899a65b4999f12f7ee3cb74	False	0.9888135999548736	data	7.99599916957851	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: 5ZLQrKA4ge.exePID: 6200, Parent PID: 4004

General

Target ID:	0
Start time:	08:41:23
Start date:	10/10/2024
Path:	C:\Users\user\Desktop\5ZLQrKA4ge.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\5ZLQrKA4ge.exe"
Imagebase:	0x110000
File size:	284'672 bytes
MD5 hash:	F7DEFBFEAFC669EDB9F091E02EBFC851
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2787009901.0000000000500000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2787009901.0000000000500000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: 5ZLQrKA4ge.exePID: 6200, Parent PID: 4004COMMON

Execution Graph

Execution Coverage:	0.7%
Dynamic/Decrypted Code Coverage:	6.4%
Signature Coverage:	10%
Total number of Nodes:	110
Total number of Limit Nodes:	12

Executed Functions

Function 00127843 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,00125A5E), ref: 001278B5

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 5dcbc6baf4d259431639129e786eea26c350e9648a9a52f79217b35080b91802
Instruction ID: dca468523924eddf26052a451ced9a85cccadd5566dd2f50ce73b28b6aa44dbd
Opcode Fuzzy Hash: 5dcbc6baf4d259431639129e786eea26c350e9648a9a52f79217b35080b91802
Instruction Fuzzy Hash: F6011EB5D0020DABDB10DAE4DC46FAEB778AB54304F1041A5E9089B280F771EB19CB91

Function 0013C703 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(0012969D,?,?,00000000,?,0012969D,00000000,00000000), ref: 0013C737

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 0b21584ed5a2b3ed0fee3a1c7bd5ced605d427fd027e1b948acc46afc5c58649
Instruction ID: d49a7bdd41e5d13a15e3bedcffeba16eb3b48c5a43b3ebeb2e67720ce450b00e
Opcode Fuzzy Hash: 0b21584ed5a2b3ed0fee3a1c7bd5ced605d427fd027e1b948acc46afc5c58649
Instruction Fuzzy Hash: 32E046322046047BD620AAA9EC45FDBB7ACDBC9B24F004425FA0CA7242C771B901C7F0

Function 00B62B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00B62B6A

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 36a68c7e37a4fedd2de7c9757a662449e753a4156393ba26c94f69659e417cf8
Instruction ID: f6947e21b99ecb1f45676be8f72533b032db1dda20f5f33810e245dac09cf018
Opcode Fuzzy Hash: 36a68c7e37a4fedd2de7c9757a662449e753a4156393ba26c94f69659e417cf8
Instruction Fuzzy Hash: B290026224240003420571584418616404A87E0301B55C072E1154595DC92589916125

Function 00B62C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00B62C7A

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 391fafb444e4be79360ec6c550b054d4cdebecd8f5d2d071dc5a13db30cf6057
Instruction ID: 45b3f7b8f9c5ef9560899b56d03687ca5fa4361340f6e1246ac5ca59e26314cd
Opcode Fuzzy Hash: 391fafb444e4be79360ec6c550b054d4cdebecd8f5d2d071dc5a13db30cf6057
Instruction Fuzzy Hash: AE90023224148802D2107158840874A004587D0301F59C472A456465DD8A9589917121

Function 00B62DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00B62DFA

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b477608fe1b42ed54d8d8f022b5476ec35c235a1afa5fd43c80e88cd4dbf2c1f
Instruction ID: 63ab0f7bc654aef798b96f5190d8245f209a2746e9b72af83787f69019a626c3
Opcode Fuzzy Hash: b477608fe1b42ed54d8d8f022b5476ec35c235a1afa5fd43c80e88cd4dbf2c1f
Instruction Fuzzy Hash: EC90023224140413D21171584508707004987D0341F95C473A056455DD9A568A52A121

Function 00B635C0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00B635CA

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 99100f395709911747f94c4ae78bd708bc23904ece02c33c286509ce80867451
Instruction ID: 5132e43d61f4243e76157738946c83ce077cb2d47ba20b40dbcb180d95ef9844
Opcode Fuzzy Hash: 99100f395709911747f94c4ae78bd708bc23904ece02c33c286509ce80867451
Instruction Fuzzy Hash: E990023264550402D20071584518706104587D0301F65C472A056456DD8B958A5165A2

Function 00127839 Relevance: 1.5, APIs: 1, Instructions: 37
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,00125A5E), ref: 001278B5

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 66ad08622de370911109a1455414fff38559ceb5ee2d2f80e9f57f52b38fd40e
Instruction ID: 95cdff7db4bd28dd28ff134070810f8b7d9286bd97212061a826aed896e2e0c5
Opcode Fuzzy Hash: 66ad08622de370911109a1455414fff38559ceb5ee2d2f80e9f57f52b38fd40e
Instruction Fuzzy Hash: 5EF06871D0020EABDF14DAA4D846FAEB7B4EB54304F0082A5ED1C97280F370DB59CB91

Function 0013CA23 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,0012E66E,?,?,00000000,?,0012E66E,?,?,?), ref: 0013CA5F

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ca2a38270c18e681fb856f8bcb2e65e7f88027e1c4739523bab739659e15e64c
Instruction ID: 31845599c31424c1f9331894e3f05e395d5dbd12dbe093bf037daf0f625eacb0
Opcode Fuzzy Hash: ca2a38270c18e681fb856f8bcb2e65e7f88027e1c4739523bab739659e15e64c
Instruction Fuzzy Hash: 8AE06D72204204BBD618EEA8EC45FDB73ACEF89720F000029FA08A7241C770B911CBB4

Function 0013CA73 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,4D8B14EC,00000007,00000000,00000004,00000000,001270CF,000000F4), ref: 0013CAAF

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: fbd2b23cf084503fba875e474bca8ed64ba6953d5bd738b9fc6f31147fbf62e4
Instruction ID: fb14a4090c3c52a03527fcc8fc8ab35de9555a48544b78b745c58cfdeb674e40
Opcode Fuzzy Hash: fbd2b23cf084503fba875e474bca8ed64ba6953d5bd738b9fc6f31147fbf62e4
Instruction Fuzzy Hash: 83E039766042057BC614EE98EC45E9B73ACEF89720F004418B908A7241D670B910C7B4

Function 0013CAC3 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?), ref: 0013CAFA

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 2b72c1ec718ecc141ae1ca63a8e8328e2bbced76d5cc3e7eefb7ecaea430491c
Instruction ID: 30f25253e61497707d80021481f124448c73dd8d43e7694437ab9fb760811972
Opcode Fuzzy Hash: 2b72c1ec718ecc141ae1ca63a8e8328e2bbced76d5cc3e7eefb7ecaea430491c
Instruction Fuzzy Hash: E6E04F322002047BD220AA99DC41F9B776CDBC5725F004115FA48A7141C7707901C7F1

Function 00B62C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00B62C24

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 994d943b929e8558b3a68d4cbfaf9659089e11ad60d22dd6a26259d1644a390a
Instruction ID: 63246a73742578e3466ac4e09771869c7928fb8284b090500fc95bcd77205d7e
Opcode Fuzzy Hash: 994d943b929e8558b3a68d4cbfaf9659089e11ad60d22dd6a26259d1644a390a
Instruction Fuzzy Hash: A5B09B729419C5C9EB11E760460C71B7940E7D0701F15C0B2D2170646E473CC5D1E175

Non-executed Functions

Function 00BA2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

UnloadEventTraceDepth, xrefs: 00BA24C0
GlobalFlag, xrefs: 00BA2F3F, 00BA3059
GlobalFlag2, xrefs: 00BA2FC0
MinimumStackCommitInBytes, xrefs: 00BA2BB0
@, xrefs: 00BA2B74
RaiseExceptionOnPossibleDeadlock, xrefs: 00BA2579
TracingFlags, xrefs: 00BA2549
Initializing the application verifier package failed with status 0x%08lx, xrefs: 00BA3176
ShutdownFlags, xrefs: 00BA24A1
CFGOptions, xrefs: 00BA2967
DisableHeapLookaside, xrefs: 00BA246D
@, xrefs: 00BA2942
UseImpersonatedDeviceMap, xrefs: 00BA251C
DisableExceptionChainValidation, xrefs: 00BA275F
ExecuteOptions, xrefs: 00BA25A0
MaxLoaderThreads, xrefs: 00BA24EC
FrontEndHeapDebugOptions, xrefs: 00BA2489
MaxDeadActivationContexts, xrefs: 00BA2D82
LdrpInitializeExecutionOptions, xrefs: 00BA317D
minkernel\ntdll\ldrinit.c, xrefs: 00BA3187

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: 5f19c27681b084b71e823c73b8dd047a9e7754f7968511bb884f1b926d037e2d
Instruction ID: 0ebeafeae8eae3d54d3f35e503b79b02a3a70c1a34479da83ea58315863e029b
Opcode Fuzzy Hash: 5f19c27681b084b71e823c73b8dd047a9e7754f7968511bb884f1b926d037e2d
Instruction Fuzzy Hash: EA928A71608341AFE720DF28C881B6BB7E8FB85B54F1448ADFA94D7291D770E944CB92

Function 00B168B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON

Download Yara Rule

Strings

SE_LdrEntryRemoved, xrefs: 00B169D2
SE_InitializeEngine, xrefs: 00B168C5
ApphelpCheckModule, xrefs: 00B16A86
SE_ShimDllLoaded, xrefs: 00B168F1
LdrpGetShimEngineInterface, xrefs: 00B79BB9
SE_InstallAfterInit, xrefs: 00B1694B
SE_ProcessDying, xrefs: 00B169FF
SE_DllLoaded, xrefs: 00B16978
apphelp.dll, xrefs: 00B1698A
Could not locate procedure "%s" in the shim user DLL, xrefs: 00B79BB3
SE_InstallBeforeInit, xrefs: 00B1691E
SE_GetProcAddressForCaller, xrefs: 00B16A59
minkernel\ntdll\ldrinit.c, xrefs: 00B79BC3
SE_DllUnloaded, xrefs: 00B169A5
SE_LdrResolveDllName, xrefs: 00B16A2C

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim user DLL$LdrpGetShimuserInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_Initializeuser$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-3089669407
Opcode ID: 0d9ee52c79d53e4b8e7cc62a9d616e695db0dadb1886088f07ed217ce4bc3bc0
Instruction ID: 3d4b807373e083c6a2d0683ba57a2844e7f1fbfd9efebf61c4cc3e0b61d5d7bb
Opcode Fuzzy Hash: 0d9ee52c79d53e4b8e7cc62a9d616e695db0dadb1886088f07ed217ce4bc3bc0
Instruction Fuzzy Hash: C7810BB2D05619BB8B11EBD4EDD5FEE77FEAB09710B148862B910E7250E621D9048BA0

Function 00BC5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON

Download Yara Rule

Strings

PreferredUILanguagesPending, xrefs: 00BC61D2
LanguageConfiguration, xrefs: 00BC6420
@, xrefs: 00BC6027
LanguageConfigurationPending, xrefs: 00BC6221
Control Panel\Desktop, xrefs: 00BC615E
InstallLanguageFallback, xrefs: 00BC6050
@, xrefs: 00BC63A0
*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 00BC5A84
\Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00BC5FE1
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 00BC635D
PreferredUILanguages, xrefs: 00BC63D1
@, xrefs: 00BC647A
@, xrefs: 00BC6277
@, xrefs: 00BC61B0

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
API String ID: 0-1325123933
Opcode ID: b10241d6163e5870ea62c68cafe4d80418103cbbf94e562ea3648cc0620f223b
Instruction ID: 5934df57451f515448bca48589fe499bb2657542a189bf573ced7cbc0e24881f
Opcode Fuzzy Hash: b10241d6163e5870ea62c68cafe4d80418103cbbf94e562ea3648cc0620f223b
Instruction Fuzzy Hash: CF7276715087419BD724CF28C880FABB7E9FB88700F5449AEF985D7250EB34E9458BA2

Function 00B58620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

Invalid debug info address of this critical section, xrefs: 00B954B6
Address of the debug info found in the active list., xrefs: 00B954AE, 00B954FA
double initialized or corrupted critical section, xrefs: 00B95508
Thread identifier, xrefs: 00B9553A
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00B954E2
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00B9540A, 00B95496, 00B95519
8, xrefs: 00B952E3
corrupted critical section, xrefs: 00B954C2
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00B954CE
Critical section address, xrefs: 00B95425, 00B954BC, 00B95534
Thread is in a state in which it cannot own a critical section, xrefs: 00B95543
undeleted critical section in freed memory, xrefs: 00B9542B
Critical section debug info address, xrefs: 00B9541F, 00B9552E
Critical section address., xrefs: 00B95502

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: e2bd047e99737d1d5df3577df44ab0440bdaeaedceb3f9e5ec8ebe49e7a2c771
Instruction ID: 640cbebeed98355171a82d0ee682e4ae4d3fe8d3ec100d2630b7f3ef824b29b7
Opcode Fuzzy Hash: e2bd047e99737d1d5df3577df44ab0440bdaeaedceb3f9e5ec8ebe49e7a2c771
Instruction Fuzzy Hash: D981ACB0A40758AFDF20CF94C841BAEBBF5FB48B04F2041A9F548B7291CB71A945CB64

Function 00B529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00B92498
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00B922E4
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00B92409
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00B924C0
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00B92602
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00B92624
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00B92506
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00B92412
RtlpResolveAssemblyStorageMapEntry, xrefs: 00B9261F
@, xrefs: 00B9259B
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00B925EB

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 5e9f20dd666b71b7ceba4e97e4d96ba85775966074c8ddc06cdf43f9025ac287
Instruction ID: 650b29c942ce9c6769d0c143eafc8e3ed533b2f290c13135745df08968ce19e1
Opcode Fuzzy Hash: 5e9f20dd666b71b7ceba4e97e4d96ba85775966074c8ddc06cdf43f9025ac287
Instruction Fuzzy Hash: FA0251B1D052289BDF21DB54CC81BDDB7F8EB55304F4441EAAA09A7242DB70AF84CF59

Function 00B50F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON

Download Yara Rule

Strings

0, xrefs: 00B50F92
%, xrefs: 00B50F7E
9, xrefs: 00B50F9C
w, xrefs: 00B50FBA
, xrefs: 00B50FEC
l, xrefs: 00B50FC4
%%%u, xrefs: 00B914CC
h, xrefs: 00B50FB0
%%%u!%s!, xrefs: 00B914A1
!, xrefs: 00B50FA6

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
API String ID: 0-360209818
Opcode ID: 125af2384971903f037222388dd3eb998af49a3dc0c9bc26ae81ceb107b75416
Instruction ID: 2fe46d61076033f2520853afa5816fbf8aec3821835b7caedf07399d0bfd97cd
Opcode Fuzzy Hash: 125af2384971903f037222388dd3eb998af49a3dc0c9bc26ae81ceb107b75416
Instruction Fuzzy Hash: 106290B1A0022A8FDF24CF18C8817A9B7F6EF95310F5585EAD849AB280D7725ED1DF40

Function 00BD12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON

Download Yara Rule

Strings

Heap block at %p has corrupted PreviousSize (%lx), xrefs: 00BD176D
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 00BD186B
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 00BD18A5
Free Heap block %p modified at %p after it was freed, xrefs: 00BD171B
HEAP: , xrefs: 00BD1706, 00BD1756, 00BD17A8, 00BD1809, 00BD184D, 00BD1895, 00BD18E6
Heap block at %p is not last block in segment (%p), xrefs: 00BD17B7
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 00BD18F8
Heap block at %p has incorrect segment offset (%x), xrefs: 00BD181A
HEAP[%wZ]: , xrefs: 00BD16CD, 00BD16F9, 00BD1749, 00BD179B, 00BD17FC, 00BD1840, 00BD18D9

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: 90df6f686cdb8e9d1df328902d5b60c5270c08bb94c54577b6844db7e804ce7b
Instruction ID: fa1a8384700ed0ca2e7d82771302c8475d59f4208d6c35ab0b369ca49d65931d
Opcode Fuzzy Hash: 90df6f686cdb8e9d1df328902d5b60c5270c08bb94c54577b6844db7e804ce7b
Instruction Fuzzy Hash: 50128D74600646AFD725CF68C481BB6FBE1FF09714F58889AE4868B792E734EC81DB50

Function 00B3AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrfind.c, xrefs: 00B882E1
minkernel\ntdll\ldrapi.c, xrefs: 00B88086, 00B883BC
LdrpFindLoadedDllInternal, xrefs: 00B882D7
DLL search path passed in externally: %ws, xrefs: 00B880A6
LdrpInitializeDllPath, xrefs: 00B880AD
DLL name: %wZ, xrefs: 00B88075
LdrGetDllHandleEx, xrefs: 00B8807C, 00B883B2
minkernel\ntdll\ldrutil.c, xrefs: 00B880B7
Status: 0x%08lx, xrefs: 00B882D0, 00B883AB

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
API String ID: 0-3197712848
Opcode ID: f191c131a58347cbda173c044348c473042e4a7cc8aefd1f5b69050d6701fe0e
Instruction ID: b840b37216e057198c8536094d5db960f528b7188c8bfe7c8d264196403b481f
Opcode Fuzzy Hash: f191c131a58347cbda173c044348c473042e4a7cc8aefd1f5b69050d6701fe0e
Instruction Fuzzy Hash: 461212716083419BD724DF18C881BAAB7E4FF84704F6449ADF9C59B2A1EB34DD44CB92

Function 00B1D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON

Download Yara Rule

Strings

PreferredUILanguagesPending, xrefs: 00B7A8DE
Control Panel\Desktop\MuiCached, xrefs: 00B1D62B
MachinePreferredUILanguages, xrefs: 00B1D685
@, xrefs: 00B1D3E9
PreferredUILanguages, xrefs: 00B1D4B8, 00B1D4C5
@, xrefs: 00B1D49D
Control Panel\Desktop, xrefs: 00B1D45D
@, xrefs: 00B1D663
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 00B1D3B6

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
API String ID: 0-3532704233
Opcode ID: 2751ec28994a31e4d4320025fd9f51c2c5a7e74a03bde3e33f8a39831b690c46
Instruction ID: 07b4609b00e44a0cfd03f40f05f522f33a7ebf03917c09899401e10400582296
Opcode Fuzzy Hash: 2751ec28994a31e4d4320025fd9f51c2c5a7e74a03bde3e33f8a39831b690c46
Instruction Fuzzy Hash: 49B18A725083559FC721DF24C880AAFBBE8EB88754F8549AEF999D7240D730DD84CB92

Function 00BD0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON

Download Yara Rule

Strings

dedicated (%04Ix) free list element %p is marked busy, xrefs: 00BD0ED1
Tag %04x (%ws) size incorrect (%Ix != %Ix) %p, xrefs: 00BD1192
Non-Dedicated free list element %p is out of order, xrefs: 00BD0E6D
Number of free blocks in arena (%ld) does not match number in the free lists (%ld), xrefs: 00BD0FE4
HEAP: , xrefs: 00BD0E61, 00BD0EC2, 00BD0FD5, 00BD105E, 00BD1124, 00BD1178
Pseudo Tag %04x size incorrect (%Ix != %Ix) %p, xrefs: 00BD113D
Total size of free blocks in arena (%Id) does not match number total in heap header (%Id), xrefs: 00BD106F
HEAP[%wZ]: , xrefs: 00BD0E54, 00BD0EB5, 00BD0FC8, 00BD1051, 00BD1117, 00BD116B

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
API String ID: 0-1357697941
Opcode ID: 0d9241c01097c621446c8790680154cf0cc90579ed335384c32ad36586200a63
Instruction ID: c3a6e66d5aaf1f4ae0e32ae1d02bad5802454b7e6a42c8ebdc124620e3bd4f91
Opcode Fuzzy Hash: 0d9241c01097c621446c8790680154cf0cc90579ed335384c32ad36586200a63
Instruction Fuzzy Hash: BEF1E031A10645EFCB25EF68C481BEAFBF5FF09700F58849AE58597392E730A985CB50

Function 00BD0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

RtlReAllocateHeap, xrefs: 00BD02BF, 00BD0362
About to reallocate block at %p to %Ix bytes, xrefs: 00BD03BA
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 00BD06EA
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 00BD069F
HEAP: , xrefs: 00BD03A6, 00BD04B5, 00BD05DD, 00BD0682, 00BD06D9
Just reallocated block at %p to %Ix bytes, xrefs: 00BD05F1
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 00BD04D3
HEAP[%wZ]: , xrefs: 00BD0399, 00BD04A8, 00BD05D0, 00BD0675, 00BD06CC

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: e01a478913d83d172451a50d3a5b99c95624c8f040d6fd461a4b09ea1c83880d
Instruction ID: e5a08660e58a79ba1982f5a947d045730497f08362867096224cd9718ada2e5f
Opcode Fuzzy Hash: e01a478913d83d172451a50d3a5b99c95624c8f040d6fd461a4b09ea1c83880d
Instruction Fuzzy Hash: 2ED1CA35520685AFCB15EFA8C441BADFBF1FF4A710F48809AE9459B3A2E734D981CB50

Function 00BA89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

VerifierDebug, xrefs: 00BA8CA5
HandleTraces, xrefs: 00BA8C8F
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 00BA8A3D
AVRF: -*- final list of providers -*- , xrefs: 00BA8B8F
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 00BA8A67
VerifierFlags, xrefs: 00BA8C50
VerifierDlls, xrefs: 00BA8CBD

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: 95793c96aad6892244ab6e937cdc01e31919394b254fc855f3139bda68d323fb
Instruction ID: cbd309ec4c072edb87b54ee66dfde3bf4761d8cb893cc335f613952ce3ec156d
Opcode Fuzzy Hash: 95793c96aad6892244ab6e937cdc01e31919394b254fc855f3139bda68d323fb
Instruction Fuzzy Hash: 839132B2609715EFC711EF68D881BAA77E4FB87710F4084E8F9416B6A1DB709C00DBA1

Function 00B2EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON

Download Yara Rule

Strings

T, xrefs: 00B2EB4E
{, xrefs: 00B84643
LdrpResSearchResourceInsideDirectory Exit, xrefs: 00B2EB6C
LdrpResSearchResourceInsideDirectory Enter, xrefs: 00B2EB58
, xrefs: 00B2F299
R, xrefs: 00B2EB62

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
API String ID: 0-1109411897
Opcode ID: d564c50e34aeeca128440e8ba519f98632d336db51958dedeb6fe9a4e56180cb
Instruction ID: ae1c8e61d0ff291b1a9dac09c8182f7995f4fd635df68450b1987d4167380900
Opcode Fuzzy Hash: d564c50e34aeeca128440e8ba519f98632d336db51958dedeb6fe9a4e56180cb
Instruction Fuzzy Hash: CCA23774A0562ACFDB64DF19D9987AAB7F5EF49304F2442E9D81DA7260DB309E81CF00

Function 00B1F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON

Download Yara Rule

Strings

((LONG)FreeEntry->Size > 1), xrefs: 00B7E0B3
(UCRBlock != NULL), xrefs: 00B7DF6F
(!TrailingUCR), xrefs: 00B7E3A9
HEAP: , xrefs: 00B7DF64, 00B7E0A8, 00B7E286, 00B7E39E
(LONG)FreeEntry->Size > 1, xrefs: 00B7E291
HEAP[%wZ]: , xrefs: 00B7DF57, 00B7E09B, 00B7E279, 00B7E391

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: 2a4cc9952dfeb612f01e61b5218e5025d53790e50858c73e864e6aab9a57bb5e
Instruction ID: fba7feeeabca822db3325042b06c4650bc35ac9899afcfcb024cab656f712cfb
Opcode Fuzzy Hash: 2a4cc9952dfeb612f01e61b5218e5025d53790e50858c73e864e6aab9a57bb5e
Instruction Fuzzy Hash: CE42DF312086829FC715DF28C484BBAB7E5FF88744F5489E9F4AA8B352D734D981CB52

Function 00B2ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON

Download Yara Rule

Strings

LdrpResSearchResourceMappedFile Exit, xrefs: 00B2AECC
#, xrefs: 00B8363D
LdrpResSearchResourceMappedFile Enter, xrefs: 00B2AEB8
MUI, xrefs: 00B2B410
H, xrefs: 00B2AEC2
J, xrefs: 00B2AEAE

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
API String ID: 0-4098886588
Opcode ID: 2616c750227b0f685777678d633b94e72b4756871df1ea48288964a03a6c6269
Instruction ID: ec497796c43afc60d42f5b3e830f1185e5e9b4bd2da0b1bc601fabc8c6c7f885
Opcode Fuzzy Hash: 2616c750227b0f685777678d633b94e72b4756871df1ea48288964a03a6c6269
Instruction Fuzzy Hash: 3B327871A042798BDB22CA14D898BEEBBF5EF44740F2441EAE84DA7251DB359F81CF44

Function 00B3B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

SxS, xrefs: 00B883ED
DLL %wZ was redirected to %wZ by %s, xrefs: 00B883FC
LdrpPreprocessDllName, xrefs: 00B88403, 00B884D7
LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx, xrefs: 00B884D0
API set, xrefs: 00B883F4, 00B883F9
minkernel\ntdll\ldrutil.c, xrefs: 00B8840D, 00B884E1

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
API String ID: 0-122214566
Opcode ID: b0d9bfa7e60e6b5147286f3527e9b6ed01186d41a1d270d723df8300601bb31c
Instruction ID: 59307036e86a0e19fc5b3637b90deb3de8e0c4d42edf9d2f5b78daf12500e455
Opcode Fuzzy Hash: b0d9bfa7e60e6b5147286f3527e9b6ed01186d41a1d270d723df8300601bb31c
Instruction Fuzzy Hash: 91C12871A00225ABDB249B64C881FBEBBE5EF45300F3881E9FA01AB395DB74DD44D394

Function 00B563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

Process initialization failed with status 0x%08lx, xrefs: 00B9413A
_LdrpInitialize, xrefs: 00B940DF, 00B94141, 00B94205, 00B9425F
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 00B940D8
minkernel\ntdll\ldrinit.c, xrefs: 00B940E9, 00B9414B, 00B9420F, 00B94269
NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 00B941FE
Delaying execution failed with status 0x%08lx, xrefs: 00B94258

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: 790ad99fd80a5334eced6f3a4709ed314c0b3eb6a7c5089c3892cde536b518c2
Instruction ID: 742e88c2202b3e635319b5d11e6cb5a96d20b3860fe480e671e655ecb75e2d57
Opcode Fuzzy Hash: 790ad99fd80a5334eced6f3a4709ed314c0b3eb6a7c5089c3892cde536b518c2
Instruction Fuzzy Hash: CB910370A017159BEF25DB54ED85BAE7BE0FB42B18F5081E8F9006B2E1D7B49C46C790

Function 00B1645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

apphelp.dll, xrefs: 00B16496
LdrpInitShimEngine, xrefs: 00B799F4, 00B79A07, 00B79A30
Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 00B799ED
Getting the shim user exports failed with status 0x%08lx, xrefs: 00B79A01
minkernel\ntdll\ldrinit.c, xrefs: 00B79A11, 00B79A3A
Loading the shim user DLL failed with status 0x%08lx, xrefs: 00B79A2A

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: 2bdd263545496a2c80ad70064f1e9987a7f69a4d987010ecdfb09e5c4838f193
Instruction ID: e323779c3f0b5f7be9ca8f198789db4833105b6c21d81c744eb01f012ea565b9
Opcode Fuzzy Hash: 2bdd263545496a2c80ad70064f1e9987a7f69a4d987010ecdfb09e5c4838f193
Instruction Fuzzy Hash: C351E2712083049FD321DF24DC82FAB77E5FB85744F5089A9F599972A1DB30EA44CB92

Function 00B5C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

LdrpInitializeImportRedirection, xrefs: 00B98177, 00B981EB
LdrpInitializeProcess, xrefs: 00B5C6C4
minkernel\ntdll\ldrredirect.c, xrefs: 00B98181, 00B981F5
Unable to build import redirection Table, Status = 0x%x, xrefs: 00B981E5
minkernel\ntdll\ldrinit.c, xrefs: 00B5C6C3
Loading import redirection DLL: '%wZ', xrefs: 00B98170

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: f469fe2f5691e66ce374d7819af956a00b2fc06215e2f9818d9c4f40c7576925
Instruction ID: 85f82f945d9025c4dc2e422db6949c3c99af0ea31f9664a05b2e69e511855691
Opcode Fuzzy Hash: f469fe2f5691e66ce374d7819af956a00b2fc06215e2f9818d9c4f40c7576925
Instruction Fuzzy Hash: 7D310471648345AFD210EF28DD46F2A77D5FF85B10F0045E8F841AB2E2DA60DE04D7A2

Function 00B52674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00B921BF
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00B92180
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00B92178
RtlGetAssemblyStorageRoot, xrefs: 00B92160, 00B9219A, 00B921BA
SXS: %s() passed the empty activation context, xrefs: 00B92165
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00B9219F

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: 3af6b619639d4046722bf2a60f62e36f428d8c63b215d175ed170a72455d2094
Instruction ID: 7612602bae4506ce8f60ad889f3ea473ce9cf0a0de94b14d17610f1e26849685
Opcode Fuzzy Hash: 3af6b619639d4046722bf2a60f62e36f428d8c63b215d175ed170a72455d2094
Instruction Fuzzy Hash: BE310636F4132577EB21CB95CC85FAEBAE8DB56B41F0540E9BA0477291D670AE00C7A0

Function 00B39950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON

Download Yara Rule

Strings

, xrefs: 00B399F9
Internal error check failed, xrefs: 00B876B2
, xrefs: 00B399F1
Status != STATUS_SXS_SECTION_NOT_FOUND, xrefs: 00B876A3
minkernel\ntdll\sxsisol.cpp, xrefs: 00B876AD

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
API String ID: 0-3393094623
Opcode ID: 03e8f785e5744f1a31eea911e1157e5c2abe83ab63ae36c400445d9421ae2550
Instruction ID: 4a8e4944ce2d80cf383c1dc9a657e9fb95ea140d69e8adbf4fe6859a94b3399d
Opcode Fuzzy Hash: 03e8f785e5744f1a31eea911e1157e5c2abe83ab63ae36c400445d9421ae2550
Instruction Fuzzy Hash: 0B02387150C351CBD720DF64C180BABBBE5FF88744F6489AEE89997250E7B0D848CB92

Function 00B6096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 00B62DF0: LdrInitializeThunk.NTDLL ref: 00B62DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B60BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B60BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B60D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B60D74

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: bf783f6acb3d4a520465c5c353e6ba4149da0a51c434840c028d8728ed0f970a
Instruction ID: 4f2e18aa4aa80a11c986d3432214bc54ce2b490470a40e6d0030705a30f5112c
Opcode Fuzzy Hash: bf783f6acb3d4a520465c5c353e6ba4149da0a51c434840c028d8728ed0f970a
Instruction Fuzzy Hash: 4A424A71900715DFDB60CF68C881BAAB7F5FF44310F1485EAE989AB241E775AA84CF60

Function 00BA4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON

Download Yara Rule

Strings

\, xrefs: 00BA4F66
/, xrefs: 00BA4F6D
\microsoft.system.package.metadata\Application, xrefs: 00BA5158
.DLL, xrefs: 00BA50C7, 00BA519C
.Local, xrefs: 00BA5170

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
API String ID: 0-2518169356
Opcode ID: 88b65758ffd4f34e8c5a3fe36bcbe37ca884c8a901fba19b87eb322c7c197ce1
Instruction ID: 471cbb80600ca556ef07f983cc2cc06bb8f48dad84da12838c2cd527c98106b1
Opcode Fuzzy Hash: 88b65758ffd4f34e8c5a3fe36bcbe37ca884c8a901fba19b87eb322c7c197ce1
Instruction Fuzzy Hash: D5918F72904A199FCB21CF98C881ABEB7F1EF8A310F5941A9E815E7350D775DE41CB90

Function 00B5C720 Relevance: 6.4, Strings: 5, Instructions: 141COMMON

Download Yara Rule

Strings

h?\, xrefs: 00B9836A
Failed to reallocate the system dirs string !, xrefs: 00B982D7
LdrpInitializePerUserWindowsDirectory, xrefs: 00B982DE
minkernel\ntdll\ldrinit.c, xrefs: 00B982E8
h?\, xrefs: 00B98285, 00B98365

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$h?\$h?\$minkernel\ntdll\ldrinit.c
API String ID: 0-3060605288
Opcode ID: f5ace8b7a54166b322438783e01ccfcda12532e92024da3b5771c59b82c3cecc
Instruction ID: 6e92c48b4d05bdcc531d2fbb6667eb3dd9c11863dec66eca8538aa2bcfd3974b
Opcode Fuzzy Hash: f5ace8b7a54166b322438783e01ccfcda12532e92024da3b5771c59b82c3cecc
Instruction Fuzzy Hash: 3541C0B1545300ABCB21EB64DC45B9F7BE8FB4AB50F1189AAB944972A1EB70DC048B91

Function 00B370C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 00B37C96, 00B38696
HEAP: , xrefs: 00B37C7C, 00B3867F
HEAP[%wZ]: , xrefs: 00B37C6D, 00B38670

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 6f9c8772378bf71c913e87f0cdddf5ceb6f459fc2468534dd4d89d281720775e
Instruction ID: 0112e2f8fff26d8c723bf8920109db11edf2ed9b2ccdf26e79e5e0677dffe42f
Opcode Fuzzy Hash: 6f9c8772378bf71c913e87f0cdddf5ceb6f459fc2468534dd4d89d281720775e
Instruction Fuzzy Hash: 4A13ACB0A04655DFDB25CF68C8907A9BBF1FF59300F2481A9E849AB381DB34AD45CF91

Function 00B3A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON

Download Yara Rule

Strings

SsHd, xrefs: 00B3A885
SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 00B87D56
RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 00B87D03
SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 00B87D39

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
API String ID: 0-2905229100
Opcode ID: c4da48e0fc683c8ed2068514fcd44b81dafdba31540a3c5a2e30074618be563e
Instruction ID: 1c3f52dd769f5cae3dd99c4a4ae8c2b7fb97af7b973d7740f477aa6f0892a9da
Opcode Fuzzy Hash: c4da48e0fc683c8ed2068514fcd44b81dafdba31540a3c5a2e30074618be563e
Instruction Fuzzy Hash: FFD19D71A042199BCB24DF98C8C07ADBBF5EF58314F3941AAE885AB351D731ED81CB91

Function 00B2A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

LdrResFallbackLangList Enter, xrefs: 00B2A3EF
8, xrefs: 00B2A3E7
6, xrefs: 00B2A3F7
LdrResFallbackLangList Exit, xrefs: 00B2A3FF

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: ca5d37fce76924875207e75217ed113bee1366d4ee409317b90faf674cfa0058
Instruction ID: 3953bf525b18ea4e955831c7d50263ce1a8734a1816bad447b38836a85e1248f
Opcode Fuzzy Hash: ca5d37fce76924875207e75217ed113bee1366d4ee409317b90faf674cfa0058
Instruction Fuzzy Hash: 52C179741083928FC711EF18D184B6AB7E4FF94704F0489AAF8999B361E774DA4ACB53

Function 00B58402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

LdrpInitializeProcess, xrefs: 00B58422
@, xrefs: 00B58591
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00B5855E
minkernel\ntdll\ldrinit.c, xrefs: 00B58421

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: 8b2e0d8d3b46f746a693dca08d12b332eaf40dd98817688094893097bf4ed694
Instruction ID: 50403cabfa3533a7d19c67f0b2ec79acf0ee2a6a5f672ded58b2fa41eb17f032
Opcode Fuzzy Hash: 8b2e0d8d3b46f746a693dca08d12b332eaf40dd98817688094893097bf4ed694
Instruction Fuzzy Hash: 7191BE71548744AFEB21DF60DC41FABB7E8FB84745F4049AEFA84A2151E734DA088B62

Function 00B30C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON

Download Yara Rule

Strings

((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00B854ED
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00B855AE
HEAP: , xrefs: 00B854E0, 00B855A1
HEAP[%wZ]: , xrefs: 00B854D1, 00B85592

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: 54010252f93a89cf84a298c24fce88ad4487318f64a582ca293597d660d739b3
Instruction ID: c7d64397a8ca3b834d23f94fd55ee2244b1944e0300998f4ae91df81ba5d034b
Opcode Fuzzy Hash: 54010252f93a89cf84a298c24fce88ad4487318f64a582ca293597d660d739b3
Instruction Fuzzy Hash: 87A1253061464AAFC724EF68C4A1BBAB7F1FF14300F6485E9E8968B782D334E845CB50

Function 00B5273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00B921D9, 00B922B1
SXS: %s() passed the empty activation context, xrefs: 00B921DE
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00B922B6
.Local, xrefs: 00B528D8

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: f691af69b1b4721c84d338d5c00ad0dd053a93a08548c0dd024e45858db0a976
Instruction ID: 18fe8a70081af44d4ef9379271b72537a8f468e609e2e3c94076c3e511af8f7e
Opcode Fuzzy Hash: f691af69b1b4721c84d338d5c00ad0dd053a93a08548c0dd024e45858db0a976
Instruction Fuzzy Hash: 14A16A359422299BDB24CF64D884BA9B3F5EF59315F2541FAE808AB351D730AE84CF90

Function 00B54AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 00B93456
RtlDeactivateActivationContext, xrefs: 00B93425, 00B93432, 00B93451
SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 00B93437
SXS: %s() called with invalid flags 0x%08lx, xrefs: 00B9342A

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: 867ba4edcfa6114a8e1491d8ac05c25c616e248facf566354a0690f5a847f24e
Instruction ID: 97d920c6840da725f40f62d72732dee878b61a4d315c5b6d5a36f745b4579ed9
Opcode Fuzzy Hash: 867ba4edcfa6114a8e1491d8ac05c25c616e248facf566354a0690f5a847f24e
Instruction Fuzzy Hash: 58613432644B119BCB22CF18C882B2AB3E1EF80B55F1585E9FC559B391CB30ED85CB91

Function 00B264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00B80FE5
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00B81028
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00B810AE
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00B8106B

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: caf76fe56a378b2d686244fa3271b8acd91cc1a5b9ef312a1ad15d55df33dd13
Instruction ID: fdc404b05395dc6d002923cfe3ba74f76baabdc2881c5604b3d3f95b4acd0dfd
Opcode Fuzzy Hash: caf76fe56a378b2d686244fa3271b8acd91cc1a5b9ef312a1ad15d55df33dd13
Instruction Fuzzy Hash: D671F3719083189FCB21EF14D8C5B9B7BE8EFA5750F4044A8F9488B196D734D588CBE2

Function 00111260 Relevance: 5.2, Strings: 4, Instructions: 172COMMON

Download Yara Rule

Strings

H, xrefs: 00111345
"?", xrefs: 0011145F
gfff, xrefs: 00111307
], xrefs: 001112AF

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID: "?"$H$gfff$]
API String ID: 0-2525256825
Opcode ID: 5f8ff334e37f0691b4d2950648bef9315f9ec7462bb0d7f2a2544fdc3637971e
Instruction ID: 3dfa2ca3ede3e8af1d6c8ead60e8760ceb361c47b5c69d62a111d882cdb1cb45
Opcode Fuzzy Hash: 5f8ff334e37f0691b4d2950648bef9315f9ec7462bb0d7f2a2544fdc3637971e
Instruction Fuzzy Hash: 0A518472E1060A97DB08CF99D8411EEF775FFE5311F24822AD918AF740E774AA918BC1

Function 00B4245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

apphelp.dll, xrefs: 00B42462
LdrpDynamicShimModule, xrefs: 00B8A998
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00B8A992
minkernel\ntdll\ldrinit.c, xrefs: 00B8A9A2

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 83cae0dac5126594a8797692fa2b9b1679280309917ef683d89f8adde615d20b
Instruction ID: 6a7dc9dc45bf9e80029a04abb2527647e17937e8c831f040c399dfe387f0a42e
Opcode Fuzzy Hash: 83cae0dac5126594a8797692fa2b9b1679280309917ef683d89f8adde615d20b
Instruction Fuzzy Hash: CB312A71600201ABEB24EF58DC85BAE77F4FB85B04F6680EAF910672B0C7709E81D781

Function 00B329A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00B3327D
HEAP: , xrefs: 00B33264
HEAP[%wZ]: , xrefs: 00B33255

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: 5de637d8a889f8d869807576b2d021d244920440600b1741bedc6dc989535284
Instruction ID: 268822a3f1a3387cc68b3509550e01443e41756146b7df6c06634e97037fafa4
Opcode Fuzzy Hash: 5de637d8a889f8d869807576b2d021d244920440600b1741bedc6dc989535284
Instruction Fuzzy Hash: D492AD71A04648DFDB25CF68C485BAEBBF1FF48700F2480A9E859AB391D735AA45CF50

Function 00BB02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON

Download Yara Rule

Strings

"""", xrefs: 00BB04D0
MitigationOptions, xrefs: 00BB0326
MitigationAuditOptions, xrefs: 00BB032D

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: """"$MitigationAuditOptions$MitigationOptions
API String ID: 0-1670051934
Opcode ID: 85a0054f58f8ec848ee77edba11c4f3fe619fa7525306467c24920a14b756bc3
Instruction ID: 99166df8a6cd2a07e603a6975357e090b75ea8274c6de3640131d258e9eca6f7
Opcode Fuzzy Hash: 85a0054f58f8ec848ee77edba11c4f3fe619fa7525306467c24920a14b756bc3
Instruction Fuzzy Hash: 4F226C72A247028FD724DF29C89167BFBE1FBD8310F24896EE1DA87650D7B1E9448B41

Function 00B30770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

(UCRBlock->Size >= *Size), xrefs: 00B850CA
HEAP: , xrefs: 00B850BD
HEAP[%wZ]: , xrefs: 00B850AE

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: 02f0fc05769f44a23f4bf46869d9e1625ea8524a6ffb0511eafaed152c9867a3
Instruction ID: 1e71cbec1035b4bfce436cd5668b4e5b098ff728e42eaa66144651995363c9d9
Opcode Fuzzy Hash: 02f0fc05769f44a23f4bf46869d9e1625ea8524a6ffb0511eafaed152c9867a3
Instruction Fuzzy Hash: F3F18C70610A05DFDB25EF68C894B6AB7F5FF44704F2482A9E4169B392D734ED81CB90

Function 00B21460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 00B21728
HEAP: , xrefs: 00B21596
HEAP[%wZ]: , xrefs: 00B21712

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: c93a887057078dda95370099c84bfa9cc8a0caa7adb38452347f5f2da41e464e
Instruction ID: 2058dbd19384de436db3a7f8fd1f94cb9d4ff70322b7eb7f8d78f249aab909c4
Opcode Fuzzy Hash: c93a887057078dda95370099c84bfa9cc8a0caa7adb38452347f5f2da41e464e
Instruction Fuzzy Hash: 9AE1D370A046559BCB19CF2CD491BBABBF1EFA4300F14C8E9E5AA8B245D734E941DB50

Function 00B46962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

, xrefs: 00B8CA51
@, xrefs: 00B46C24

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: $@
API String ID: 0-1077428164
Opcode ID: 2f51bf0945510de7e55ddcbcc17d7d6968f9c748a838201ea9949552f899bb12
Instruction ID: bef22174dae5f06145e3e111446f105ad85e92d4fb44c50a05a72f6d52f89370
Opcode Fuzzy Hash: 2f51bf0945510de7e55ddcbcc17d7d6968f9c748a838201ea9949552f899bb12
Instruction Fuzzy Hash: 93C28C716083419FDB25CF24C881BABBBE5EF89704F1489ADF989C7251DB34D904DBA2

Function 00B1A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

FilterFullPath, xrefs: 00B7C2E6
UseFilter, xrefs: 00B1A1C1
\??\, xrefs: 00B7C1E4

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: 26b2726984eaaed090b64377a08f26f4833033edee5e69046a882ad9bf268105
Instruction ID: 8a06f0f9a89b901cbad29be34f05cb51badd69de9a6322fb88c59736ea747ade
Opcode Fuzzy Hash: 26b2726984eaaed090b64377a08f26f4833033edee5e69046a882ad9bf268105
Instruction Fuzzy Hash: B6A159719016299BDB319F64CC99BEAB7F8EF48700F1181EAE90DA7250D735AE84CF50

Function 00B40BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

Failed to allocated memory for shimmed module list, xrefs: 00B8A10F
LdrpCheckModule, xrefs: 00B8A117
minkernel\ntdll\ldrinit.c, xrefs: 00B8A121

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: 4ffc919a74d84c0c21bcacf668ed7b2b88496b39269379c6569b251f52a8262c
Instruction ID: ef465bedff752a2ecfab79a990866902444903017086f103a74e6715c53361ae
Opcode Fuzzy Hash: 4ffc919a74d84c0c21bcacf668ed7b2b88496b39269379c6569b251f52a8262c
Instruction Fuzzy Hash: 1971CF70A10205DFDB14EF68C985BBEB7F4FB45704F1481E9E902AB262E734AE81DB51

Function 00B30A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 00B85342
((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 00B8534D
HEAP[%wZ]: , xrefs: 00B85335

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: 2d924a121c489240c7db7a3cdb2bdb8c3a71a05180dc3b3dbbd9a5b59e9c9ef6
Instruction ID: 9371c7abc2eb123849cffbbb6c16faa3e733fc2c0b61f6a21b90423a3bd911e2
Opcode Fuzzy Hash: 2d924a121c489240c7db7a3cdb2bdb8c3a71a05180dc3b3dbbd9a5b59e9c9ef6
Instruction Fuzzy Hash: 8F61E030610705DFDB28EF28D491BAABBE1FF45744F2485E9E44A8F292D770E881CB95

Function 00BDC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

@, xrefs: 00BDC1F1
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 00BDC1C5
PreferredUILanguages, xrefs: 00BDC212

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: f1fc73bab03dca0d3558e037cb081edf9583e41240cdeb4f4d0ebbe3d9b1c737
Instruction ID: e8d59977f9d2ca2b3e72c4f08dd809ccb0e8226031d40638e3c499cf4908ecfb
Opcode Fuzzy Hash: f1fc73bab03dca0d3558e037cb081edf9583e41240cdeb4f4d0ebbe3d9b1c737
Instruction Fuzzy Hash: 30413C72A0021AABDB11DBD4C891BEEFBF9EB14700F1441ABE905B7294E7749E44CB90

Function 00BB4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

LdrpResValidateFilePath Enter, xrefs: 00BB4160
@, xrefs: 00BB4225
LdrpResValidateFilePath Exit, xrefs: 00BB4172

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: 12a1cb5ced21af7075ecadee1898e2ec2ae584de2c187e6df8c1d57239b1c279
Instruction ID: 86500e134369d7d6e2093c6c2c0880eaf413524f4f00213ca4839f0a16bdffe6
Opcode Fuzzy Hash: 12a1cb5ced21af7075ecadee1898e2ec2ae584de2c187e6df8c1d57239b1c279
Instruction Fuzzy Hash: 8741E1319046588BEB21DB98C880BFDBBF8FF55740F2404EAE801EB792DBB48941DB50

Function 00BA4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrredirect.c, xrefs: 00BA4899
Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 00BA4888
LdrpCheckRedirection, xrefs: 00BA488F

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: 5e6e3b232b93db422c81cce6527b2f991a81ad446d639699ee46339ce141ae37
Instruction ID: e9deecf62bbf7b6f2d86ae891bc2db05a23ddc9e60cfd761780c2718c0258cf4
Opcode Fuzzy Hash: 5e6e3b232b93db422c81cce6527b2f991a81ad446d639699ee46339ce141ae37
Instruction Fuzzy Hash: 6941D032A082909BCB21CF58E840A6677E4FFCBB50B1646A9FC499B251D7B4EC00CB81

Function 001110CC Relevance: 3.9, Strings: 3, Instructions: 119COMMON

Download Yara Rule

Strings

gfff, xrefs: 00111130
gfff, xrefs: 00111171
VUUU, xrefs: 001110E3

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID: VUUU$gfff$gfff
API String ID: 0-2692852535
Opcode ID: 3334668a59e8f6ae2a5eb364df45675130be43bdba4315844b53700f5d6ea55b
Instruction ID: 367310368108a72610062f443f92185e7fb4642a78b100ef0e743f1456b4ccf9
Opcode Fuzzy Hash: 3334668a59e8f6ae2a5eb364df45675130be43bdba4315844b53700f5d6ea55b
Instruction Fuzzy Hash: 3931F422B0050537EB2C882EDC506EAE557A7E4350F29C239EB09CF391EA35ED818241

Function 00B30BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 00B8543E
(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 00B85449
HEAP[%wZ]: , xrefs: 00B85431

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 3f2571f159df3fca31e7a1ffe8ec2f4bf7cc5f7d6c88bf31bf678f8a13e88d05
Instruction ID: ac45bf66bc18c3a101c258e449dc89a516e3752fb8a3b1f6b1d1d03120aea40f
Opcode Fuzzy Hash: 3f2571f159df3fca31e7a1ffe8ec2f4bf7cc5f7d6c88bf31bf678f8a13e88d05
Instruction Fuzzy Hash: 1E118C313259419FDB28EA24C4A1BAAF3E4EF40716F2885E9E4068B765EB30D885C751

Function 00BA20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

Process initialization failed with status 0x%08lx, xrefs: 00BA20F3
LdrpInitializationFailure, xrefs: 00BA20FA
minkernel\ntdll\ldrinit.c, xrefs: 00BA2104

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: 562448166ff6dcc0450a62d10e131a7839a9752f4cae88e17eadd69262199060
Instruction ID: a9a193d6ef7b1ce34244a1de4f45d4f514fe2ebb57a128b7151b818282604fd4
Opcode Fuzzy Hash: 562448166ff6dcc0450a62d10e131a7839a9752f4cae88e17eadd69262199060
Instruction Fuzzy Hash: 7CF0C275640348BBD724EB4CDD47FA93BE8FB83B58F5040A9F600772D1D6B0AA44C691

Function 00B303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00B84D8A

Strings

#%u, xrefs: 00B84D82

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: 3c7466ddf5d3c158ccdc1ae396b150b6e8045cef9a289657b70a91428ddcb4dd
Instruction ID: b6570a69419149c67a6a639059eca9f3b22962790f3d9a427782010cd2620858
Opcode Fuzzy Hash: 3c7466ddf5d3c158ccdc1ae396b150b6e8045cef9a289657b70a91428ddcb4dd
Instruction Fuzzy Hash: 27712D71A0014A9FDB15EF98D995BAEB7F8FF08704F1440A5E905E7251EB38EE41CB60

Function 00B352A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON

Download Yara Rule

Strings

@, xrefs: 00B355A3
@, xrefs: 00B35445

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 06743a052782fb2854348a6552a32468a87c1b355f9038c303ddd1cd6ec0540d
Instruction ID: b77532f2c88603171a23b815afc3a3f2dbd69050e00344dd1c9bed9bb3bee148
Opcode Fuzzy Hash: 06743a052782fb2854348a6552a32468a87c1b355f9038c303ddd1cd6ec0540d
Instruction Fuzzy Hash: 40328B745087518BCB389F18C480B3EB7E1EF88744F6449AEF9959B2A0E734DD84DB92

Function 00B2A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Enter, xrefs: 00B2AA13
LdrResSearchResource Exit, xrefs: 00B2AA25

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: 4939ca2330016216c06f591cf59bd078da18fe37c16699458eeb2a155c29264f
Instruction ID: c5fcc8ffddd423187751649f4aa0bacff23ae86c8d905d97c922919df17e60ca
Opcode Fuzzy Hash: 4939ca2330016216c06f591cf59bd078da18fe37c16699458eeb2a155c29264f
Instruction Fuzzy Hash: 7AE19E71E00228AFDF219F98EA84BAEB7F9EF19B10F1040A6F905E7251D7749D41CB51

Function 00B22FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON

Download Yara Rule

Strings

@4Cw@4Cw, xrefs: 00B233AD, 00B233B3, 00B233E2
PATH, xrefs: 00B230D6, 00B23124

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: @4Cw@4Cw$PATH
API String ID: 0-1794901795
Opcode ID: b0a124b6b6b2c0ab3d8eb1e4dbcbd12369b72fc0522135ae1e0d80381fbc5c36
Instruction ID: c3f04bd06431e53d2515ce902b85178fac3314db83dcde4b8d4990d137a6c3d0
Opcode Fuzzy Hash: b0a124b6b6b2c0ab3d8eb1e4dbcbd12369b72fc0522135ae1e0d80381fbc5c36
Instruction Fuzzy Hash: C1F19E71A00228DBCB25DF99E881ABEB7F1FF49B00F5480A9F449AB250D7389E51CB55

Function 00BEA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 00BEA44B
`, xrefs: 00BEA551

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: cc23cc66f6c46cc5d6be2d182993e76b4bae3646420807bb63a1de9b9dad26ed
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: EBC1CF312043829FDB24CF26C881B6BBBE9EFD4314F184A6DF595CA291D774E909CB52

Function 00B20CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON

Download Yara Rule

Strings

Failed to retrieve service checksum., xrefs: 00B7EE56
ResIdCount less than 2., xrefs: 00B7EEC9

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
API String ID: 0-863616075
Opcode ID: 1151720980a8cd2f1f30d1ae31c68b22cb407a7d2f90453aafc197f08506fd3f
Instruction ID: 1de2567fa2ce8e00c7270f888c85d3d54a5958337c338b5733d9504e075000ca
Opcode Fuzzy Hash: 1151720980a8cd2f1f30d1ae31c68b22cb407a7d2f90453aafc197f08506fd3f
Instruction Fuzzy Hash: 8BE1F2B19083849FD364CF15C481BABFBE0FB88314F408A6EE5AD9B291D7709949CF56

Function 001129B0 Relevance: 2.7, Strings: 2, Instructions: 225COMMON

Download Yara Rule

Strings

sHM, xrefs: 00112A90
gfff, xrefs: 00112A11

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID: gfff$sHM
API String ID: 0-813270017
Opcode ID: 1e6bc25e7fcbf0ea5999bdc546246902cef0467949c16f67771e79be00a8ed80
Instruction ID: 05612360612a346e88f27c262ac40f99de8df8728e04294fe3733edb6ce85e92
Opcode Fuzzy Hash: 1e6bc25e7fcbf0ea5999bdc546246902cef0467949c16f67771e79be00a8ed80
Instruction Fuzzy Hash: DB61E371F041098BCB2CCE59D8916EDB3A1FBA4314F18817EDD1ADB790E734AEA18781

Function 00B9E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

UEFI, xrefs: 00B9E751
Legacy, xrefs: 00B9E75A

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 5f3af83e406b039c97d297a3a4ba140c61729b834b9274000f44f22bc67c55e2
Instruction ID: aa7a10381844064e17b1e3b0e45f7bd87a4aab460426522fd92fbb0ac058bbd0
Opcode Fuzzy Hash: 5f3af83e406b039c97d297a3a4ba140c61729b834b9274000f44f22bc67c55e2
Instruction Fuzzy Hash: 5C611871E006189FDB14DFA88981AADBBF9FB48740F2444B9E559EB291D731E940CB60

Function 00BC43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

MUI, xrefs: 00BC4525
@, xrefs: 00BC4437

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: 68796f35cf4b2202d44bf501422a82e6a8c9e979fa7fc863925cf5ba0c0a8e9a
Instruction ID: 7689ea2929d03916f7b0b99a3c18cf3c598ff63deb28431826fbd131ba024e9f
Opcode Fuzzy Hash: 68796f35cf4b2202d44bf501422a82e6a8c9e979fa7fc863925cf5ba0c0a8e9a
Instruction Fuzzy Hash: D15123B1E0061DAFDB11DFA5CC91FEEBBF8EB08754F1005A9E511A7291DB349E058BA0

Function 00B204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

kLsE, xrefs: 00B20540
TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00B2063D

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: bce5e35604ebdef09aecf85c53977f7c622b7dff2ac213e2f143fecf9acbee89
Instruction ID: 59e79c71b0dcb25088cd0333321a12c8351d1cf9ae872a837567b6eace73a4ba
Opcode Fuzzy Hash: bce5e35604ebdef09aecf85c53977f7c622b7dff2ac213e2f143fecf9acbee89
Instruction Fuzzy Hash: C951DB716247528BC725EF24E4846A7B7E4EF84300F00887EE9AE87242E730E945CF92

Function 00B2A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Enter, xrefs: 00B2A2FB
RtlpResUltimateFallbackInfo Exit, xrefs: 00B2A309

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 691c92c92eb16a3df96b849d471eacc31e282b7b3df162d64f7cc4037721dc80
Instruction ID: e335b5e3800c728a0dc7eac5e379dc08e40e34ffd5c9d54460924e48673b9581
Opcode Fuzzy Hash: 691c92c92eb16a3df96b849d471eacc31e282b7b3df162d64f7cc4037721dc80
Instruction Fuzzy Hash: 6241BE30A05669DBDB11DF69D880BAAB7F4FF85700F2440E5E808DB2A2E375DE00CB55

Function 00B5A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 00B5A5E4
Threadpool!, xrefs: 00B5A5E9

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: b87445335012099ad605bc45bee1fece038feaf5c1b8ae4f03c818d114212fd2
Instruction ID: 8108dc95543f8aa0de59a16add86bc221dc17e275116f547e818cf40415afa2f
Opcode Fuzzy Hash: b87445335012099ad605bc45bee1fece038feaf5c1b8ae4f03c818d114212fd2
Instruction Fuzzy Hash: 7801D1B2640B04AFD311DF64CD86B2677E8F744B16F058AB9BA48C7190E374D808CB46

Function 00B2C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 00B2C8C3, 00B2CA40

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: 93e61289286cf453b6b913475ace53abd8d57751ed8e6ce40e89ac3535ddb4a2
Instruction ID: 74cbb94ac51dd08a59061b5aa87fa8eb5c6e9ee2c33df1110158eead4960a72b
Opcode Fuzzy Hash: 93e61289286cf453b6b913475ace53abd8d57751ed8e6ce40e89ac3535ddb4a2
Instruction Fuzzy Hash: 71822B75E002289BDB24CFA9D984BADBBF1FF49310F2481A9E85DAB351DB309D45CB50

Function 00B72F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON

Download Yara Rule

Strings

P`1wRb1w, xrefs: 00B7300D, 00B733E4, 00B7343B, 00B734FE, 00B7352E

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: P`1wRb1w
API String ID: 0-487437271
Opcode ID: 176743a3ff1d565ef371d0d0e37a4a56de38b51d95e7d62464d6650e03e49609
Instruction ID: b8a33e95070ee7281f521dacc57ba84f68a3368b481e0e7d6d7d5ce2c9e879f6
Opcode Fuzzy Hash: 176743a3ff1d565ef371d0d0e37a4a56de38b51d95e7d62464d6650e03e49609
Instruction Fuzzy Hash: 0E42F471D04259AEDF28CF68D8857BDBBF1EF15B10F24C09AE469AB290D6348F81E750

Function 00BCCD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON

Download Yara Rule

Strings

@, xrefs: 00BCCDAC

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
Instruction ID: 9c610fafc8c241b689a7d019a051fa35242fcd0ef6abf53b13732fbe9baa49d2
Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
Instruction Fuzzy Hash: 0E621770D012188FCB98DF9AC4D4AADB7B2FF8C311F618199E9816BB45C7356A16CF60

Function 00B42E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

0, xrefs: 00B43240

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 8a51e7caae1976f64404cfbcf81251a13dd203d4d4de4f3fb127b095ce430a8e
Instruction ID: 13bdb0d8062738a6e8aec1265ed4a48ea8f2706796ee587c04da83bc3358b019
Opcode Fuzzy Hash: 8a51e7caae1976f64404cfbcf81251a13dd203d4d4de4f3fb127b095ce430a8e
Instruction Fuzzy Hash: 25F17D716087418FCB25DF24C480B6ABBE1EF88B10F1849ADF89997351DB34DB49EB52

Function 00126893 Relevance: 1.7, Strings: 1, Instructions: 423COMMON

Download Yara Rule

Strings

(, xrefs: 00126BAF

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
Instruction ID: 11a74e11a207d7da5ccbd3de7f198237507cb46c714ff1b33df6d2a8c93b4b5b
Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
Instruction Fuzzy Hash: 07021CB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD849A7355D6746A418F80

Function 00BAEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 00BAF05B

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: __aullrem
String ID:
API String ID: 3758378126-0
Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
Instruction ID: f3e0e32cee07c1a0de9d49168fa4c0a63c386185306007edca8dbd39db622ed5
Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
Instruction Fuzzy Hash: 59416D71F0011A9FDF28DEA9C8815BEB7E2FF89310B288279E615E7281D634A9518780

Function 00B20100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

, xrefs: 00B20255

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8b262c2fa60f71480fa260557fe8ee63fac67668764c0c76a34ffb2402692e8d
Instruction ID: 9a26e8787d340f976bd5d67df7d7eeaf507f459051c6d64cadb95c3661e38217
Opcode Fuzzy Hash: 8b262c2fa60f71480fa260557fe8ee63fac67668764c0c76a34ffb2402692e8d
Instruction Fuzzy Hash: 7DA12C31A14278ABDF28EA24A885BFD67F59F59304F0480D9FD6EA72C3C674CD848B54

Function 00BD4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON

Download Yara Rule

Strings

, xrefs: 00BD4606

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b355f18a8db18027ea73194dcb9081b27fe4d74d47c9c089698e4743f8ee6733
Instruction ID: 961361c3d95ea833c476e36d010b4b7016b08a2fc498bacc759021089f821416
Opcode Fuzzy Hash: b355f18a8db18027ea73194dcb9081b27fe4d74d47c9c089698e4743f8ee6733
Instruction Fuzzy Hash: 36A1F4356042686BDF348A64C841BFAE7E4DF56718F0444DABD5A9B381FBB4CD84CB60

Function 00BA6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 00BA65C1

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: cba38747c5cf38185c32ce1ec664dcf825aeac5dc4b093805f4edd8e12b3e1cb
Instruction ID: fdbed224942e6d7ec384f6c24dd7dd0cd8fa7ede59656c591c2effb5d56ab38f
Opcode Fuzzy Hash: cba38747c5cf38185c32ce1ec664dcf825aeac5dc4b093805f4edd8e12b3e1cb
Instruction Fuzzy Hash: 019150B1940619AFEB21DF94CD85FAEB7F8EF19B50F1440A5F600AB191D774AE00DBA0

Function 00BCE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 00BCE1FA

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: ccc50dc778d31b58c0731c78e31558af06db34252806fe0f96b59a1f137cea7f
Instruction ID: 9a4b193a5aa60ae172f6a7f1c8a439e379fd26261c721a64bbf78d7e7a47b7a3
Opcode Fuzzy Hash: ccc50dc778d31b58c0731c78e31558af06db34252806fe0f96b59a1f137cea7f
Instruction Fuzzy Hash: 35919F32900658EBDB22ABA4DC85FAFBBF9EF85740F1000A9F511A7251DB74E901CB50

Function 00112670 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

gfff, xrefs: 00112762

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID: gfff
API String ID: 0-1553575800
Opcode ID: 8c1e049c611b26f41a190125438a10135a9767f0eb747c616294cb83b2991ebf
Instruction ID: e7dcaaf87654dab92a8706e0722b905bdc3c5c9c6bcb45ddd1eaee3cb9076ac2
Opcode Fuzzy Hash: 8c1e049c611b26f41a190125438a10135a9767f0eb747c616294cb83b2991ebf
Instruction Fuzzy Hash: C971AF72B001198BCB1C8A5DCC906EDB3A6EBE4315F68813AE955CB7C5E774EDA18780

Function 00B5A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 00B967C9

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: ded9c6aa77eca0f5545d059dccddb3150f4bd3f5faeb8b275e6f009b20cb35e3
Instruction ID: 4dac58541258f3fa68745d6e12c4d6330d276bb84d732e3a9de69f605cc85c15
Opcode Fuzzy Hash: ded9c6aa77eca0f5545d059dccddb3150f4bd3f5faeb8b275e6f009b20cb35e3
Instruction Fuzzy Hash: A0715B75E0021A9FDF28CFA8D591AADBBF1FF58704F2481BAE805A7241E7349D41CB60

Function 00112664 Relevance: 1.4, Strings: 1, Instructions: 185COMMON

Download Yara Rule

Strings

gfff, xrefs: 00112762

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID: gfff
API String ID: 0-1553575800
Opcode ID: 5f2153a5c21e52a04b37931c868f8c47ba9fb645768dad65fd2a8ee466b709e8
Instruction ID: ad291379514afca66ca8fb521ba33a46f4616eb4a3d16a026f02276531d73afb
Opcode Fuzzy Hash: 5f2153a5c21e52a04b37931c868f8c47ba9fb645768dad65fd2a8ee466b709e8
Instruction Fuzzy Hash: 0E51D371B0021A8BCB1C8E5CCD906EDB3A6FBA4315F18813AE955CB7C5E774EDA58780

Function 00BC4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 00BC4A7F

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: 99574af6098e91d2b96c16bd77ca90b6737263be6febf82154a8a40ca550a27f
Instruction ID: e3f5e04890327e34cda5403eb314ecbb26a4b83261e0795d00f07d46fbf715c3
Opcode Fuzzy Hash: 99574af6098e91d2b96c16bd77ca90b6737263be6febf82154a8a40ca550a27f
Instruction Fuzzy Hash: AE516C72D016299BCF10DFA9D990FAEB6F4AF05B10F0541AEFA15BB240D7749E01CBA4

Function 00B3E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 00B3E6A4

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: 96086171c7d80e42068f8822773014d58d11eb0e2cdc064a1ee88900f41497e3
Instruction ID: 852b278d5a60f80bd0d98c50ea416279cd11dcc4db53e1320d7ed129d02c4f98
Opcode Fuzzy Hash: 96086171c7d80e42068f8822773014d58d11eb0e2cdc064a1ee88900f41497e3
Instruction Fuzzy Hash: 4F41B072508315ABD721DA74C881B6BB7E8EF88704F6409AEF994E7180EB74DE04C797

Function 00112D69 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

gfff, xrefs: 00112DB0

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID: gfff
API String ID: 0-1553575800
Opcode ID: 1ebc946ad0ad490396ea4302c595e9db7109eeaba33e5d7e87c34af9bb794d9e
Instruction ID: 7e35d3dbb2467af939c0176ce90ad7a4b84d2d58ffa63d8312555fb4ea921801
Opcode Fuzzy Hash: 1ebc946ad0ad490396ea4302c595e9db7109eeaba33e5d7e87c34af9bb794d9e
Instruction Fuzzy Hash: 92418D32A0514D47DF1CCD6CDC902E97B52EBA0310F1942B9DD58DF381D6389E958B95

Function 00B9C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 00B9C77F

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 3c7d310cb43cf8ce551101f3fd88439cd8be31eb4a03871ef7633abd162050c2
Instruction ID: 8c289ca0f174d944e61996f1b9925d3ab7ef28c927ca53cf6b20deb98f939ee1
Opcode Fuzzy Hash: 3c7d310cb43cf8ce551101f3fd88439cd8be31eb4a03871ef7633abd162050c2
Instruction Fuzzy Hash: 794165B1D0052CABDF21DB50DC85FEEB7BCAB45714F0085E5A608AB141DB709E888FA4

Function 00B9CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 00B9CAA2

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 723eeb9b84b39ccde3ec4b7381f24ffc2fe749173dab35d7ef12f2d103b6a06a
Instruction ID: 00959e3f3da4b0f774bc5928d7f497b6b6d8cb054fd15cc7aa38cffa921f3133
Opcode Fuzzy Hash: 723eeb9b84b39ccde3ec4b7381f24ffc2fe749173dab35d7ef12f2d103b6a06a
Instruction Fuzzy Hash: A931E136900619AFEF15DB58C896E7FBBF4EB80760F1181B9A905A7290D7309E04CBE0

Function 00BA892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 00BA895E

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: 7b05644b81ac199cb59f94f65c40c849ae9d420ee5da54e139a346f330f563cd
Instruction ID: 684106e24ed057e3f54b66b1d5571af8e2af0b9a3c229b00b4b711d982b5740b
Opcode Fuzzy Hash: 7b05644b81ac199cb59f94f65c40c849ae9d420ee5da54e139a346f330f563cd
Instruction Fuzzy Hash: 36014772208610ABD6206B11DC84BBB7BE5FFC7790B0420B8F14506962CF30AC82D692

Function 00B5E8F0 Relevance: 1.0, Instructions: 985COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcc7e89faa8783fa7299dd76f8408f26ab786fb3f453253c6391ca74ee02db1e
Instruction ID: f6e89b5d43fb801e8d50003de25eebff4bc0b57be6aa2d83467e8075837c6381
Opcode Fuzzy Hash: bcc7e89faa8783fa7299dd76f8408f26ab786fb3f453253c6391ca74ee02db1e
Instruction Fuzzy Hash: BF821072F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45

Function 00B6516C Relevance: .8, Instructions: 785COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c0732b39d4a79c26a2698b2381edf9a1e81a3a9aafd0e089453d3b1965a154
Instruction ID: a5b78e0d19e1600676ca64fa6e7aaf0adf50a5fab69384d2399a1a92005bd96b
Opcode Fuzzy Hash: f7c0732b39d4a79c26a2698b2381edf9a1e81a3a9aafd0e089453d3b1965a154
Instruction Fuzzy Hash: E9629272804A4AAFCF34CF08D4D05AEBBA2FE55314F59C29CC89A27604D379B964CBD0

Function 00BC2000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb8ec942db2fb5743d036a8c58acf8148fa14f7ecf94fff6dac917f4ac88805
Instruction ID: 48f93f81e7f4faba3c76edf1994debb3870b4a6105c493a88e115908daf2044b
Opcode Fuzzy Hash: 0eb8ec942db2fb5743d036a8c58acf8148fa14f7ecf94fff6dac917f4ac88805
Instruction Fuzzy Hash: 2A42BA726083419BDB25CF68C891F6BB7E5EF88700F5809AEFA8297250D770DD45CB92

Function 00B7739A Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7a1ba47759b1a0dc88bee9f858a3c4ab1f651d41dafb287d2040afe12239d08
Instruction ID: 93324336a26b493e04f6f8509bb4528981624cac29a3645edc1d5deafaa89192
Opcode Fuzzy Hash: b7a1ba47759b1a0dc88bee9f858a3c4ab1f651d41dafb287d2040afe12239d08
Instruction Fuzzy Hash: F742A071A446169FDB18CF59C480ABEB7F2FF88314B2485ADD46AAB340DB30ED41CB90

Function 00B4B2C0 Relevance: .6, Instructions: 629COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b22fadf4d34faac0602c0d7bb4929b88949b01556f3705eeedf7417dabdb83be
Instruction ID: 560cfaa6cf1c5feb2c60354db84addcf41b6032078dba3ac798d6403e623bc28
Opcode Fuzzy Hash: b22fadf4d34faac0602c0d7bb4929b88949b01556f3705eeedf7417dabdb83be
Instruction Fuzzy Hash: F632AD72E002199BCF14DFA8C890BAEBBF5FF54714F1800A9E905AB391E7359E11DB90

Function 00BB8158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc4f1425da49495bfe936f50e1e7ce06fb71a238423887e0e0ed74a1c2f4a47f
Instruction ID: 5948c2fec2d0fc52c20e32f62bcf05078b1d751c5604190f788e7108c0b814de
Opcode Fuzzy Hash: fc4f1425da49495bfe936f50e1e7ce06fb71a238423887e0e0ed74a1c2f4a47f
Instruction Fuzzy Hash: F6422775A002199FDB24CF69C881BEDB7F9FF88700F188199E949AB242DB749D85CF50

Function 00B32840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a34e058df02daa74ef86b7521c3e127d9da2f6bae3d2d4e4b711b51a00b5d4
Instruction ID: 905b5190f8f9b4fb9951adf86253a20d833f807b740fc7cebf2fe105ed2b5f93
Opcode Fuzzy Hash: d4a34e058df02daa74ef86b7521c3e127d9da2f6bae3d2d4e4b711b51a00b5d4
Instruction Fuzzy Hash: B932C070A007558FDB24EF69C8857BEB7F2FF84304F2441AEE44A9B2A5DB35A841CB50

Function 00BCA118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d71ca9445c4e154315fe4d17b8ca3d2565f55cc8af53516c17952ec205605f44
Instruction ID: 2519b94d7e0f504e6d5120282229bb4bb6d29c7ab2da79a7ed792bafe26bdac2
Opcode Fuzzy Hash: d71ca9445c4e154315fe4d17b8ca3d2565f55cc8af53516c17952ec205605f44
Instruction Fuzzy Hash: 9A22C2706046A98BDB24CF29C094B72B7F1FF45308F1884DED8968F286D775E852DB62

Function 00BE16CC Relevance: .6, Instructions: 571COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 814da725e4be583604768be4dfd48f1c49935de8fecc9961aca23f815153dbe4
Instruction ID: 1ee13a45b3beb6bfa0f2a725f1d8880312aa6544d7f56cf0fc5a89fa9ce761d8
Opcode Fuzzy Hash: 814da725e4be583604768be4dfd48f1c49935de8fecc9961aca23f815153dbe4
Instruction Fuzzy Hash: 5F226F75A002568FCB19CF5AC490ABAB7F2FF89314B3489ADD8559B345DB30ED42CB90

Function 00B48DBF Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f08b903e2d4078b223f89714bfefe7d1090ec746d40215e9ad5950e91cb058d
Instruction ID: e974c296b71353ace304dbf93d640f2c73d5c55766f28008bb29be9798d83f29
Opcode Fuzzy Hash: 4f08b903e2d4078b223f89714bfefe7d1090ec746d40215e9ad5950e91cb058d
Instruction Fuzzy Hash: 92223C70E0021A9BCF15DF95C4819BEFBF6FF44304B64849AE8459B251E734DE81DBA4

Function 00B26A50 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb33721dd2f0119d194690689f82ec7fe95a2af85805ebde2787553944023049
Instruction ID: e64f2b07f4cf4a6862d10e5b98884134c3778f329a771895cf455f7adcbe13ad
Opcode Fuzzy Hash: bb33721dd2f0119d194690689f82ec7fe95a2af85805ebde2787553944023049
Instruction Fuzzy Hash: 26328A71A01215DFCB24DF68D480BAAB7F5FF48300F2489A9E959EB3A1D734AC46CB50

Function 00BE2446 Relevance: .5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07f018dfe0140f3fbaf8084d89c8d29af7f44017d7339f0ed0ffdeebdc0557d6
Instruction ID: f841a09254cc8a8f90378f39349f6f9a342ef975da19b2021f49ae959197f9f3
Opcode Fuzzy Hash: 07f018dfe0140f3fbaf8084d89c8d29af7f44017d7339f0ed0ffdeebdc0557d6
Instruction Fuzzy Hash: 0502CF746046958FDB28CF2BC590375B7F5EF95300B2985DAE896CB282D734EC42EB60

Function 00B75630 Relevance: .5, Instructions: 458COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688

Function 00BE41A2 Relevance: .5, Instructions: 452COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b3f54b2331e9ff31fa9cc9c4d5f3766241479f969e589205f9300f6924a164f
Instruction ID: 7aa662d29d5f6cafb4e31621f1cc599b3b6f0d76b2c791edcaf247801dedce87
Opcode Fuzzy Hash: 4b3f54b2331e9ff31fa9cc9c4d5f3766241479f969e589205f9300f6924a164f
Instruction Fuzzy Hash: 2F027D71E002998FCF14CF9AC4806ADBBF2FF99304F2585A9D556AB355E730AE42CB50

Function 00BFB16B Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ee89275e895c7989efe78052eb794d889d23f7078baf346bfe21e2289b04f5f
Instruction ID: cc53c99a26523cf4c76b1e393b8edc93169f8347a8f00558c88c88e0fc4acb07
Opcode Fuzzy Hash: 5ee89275e895c7989efe78052eb794d889d23f7078baf346bfe21e2289b04f5f
Instruction Fuzzy Hash: C1F1E272E006198BCB18CF69C9A1A7EBBF5EF9830071941A9D556DB381E734EE44CB50

Function 001200E3 Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
Instruction ID: 2fc82d182948491159140b4c5464e0fc011430072a8d2bf70ed0f9aa336ec3a5
Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
Instruction Fuzzy Hash: 83026F73E547164FE720DE4ACDC4765B3A3EFC8311F5B81B8CA142B613CA39BA525A90

Function 00BFA9A6 Relevance: .4, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7a9f2d791fdd0bb0a8ac177b7f899331e32c7223971fc44db17e979039cfd72
Instruction ID: b1a00f7f1172466d64bf554a8ab585c0a17660d399d9682bc5cab8abe920f7d3
Opcode Fuzzy Hash: b7a9f2d791fdd0bb0a8ac177b7f899331e32c7223971fc44db17e979039cfd72
Instruction Fuzzy Hash: F1F1D4B2E0052A9BCB1CCE68C9A15BDFBF5EF5430071941A9D95AEB381D734EE44CB90

Function 00B44A35 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction ID: 8971a5b77a416c827b277e745e0bfa6121ee0062cbd7cbf93433c67d0949fd69
Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction Fuzzy Hash: 8CF17C71E016199BCF14DFA9D580BAEB7F9FF48700F0881A9E901AB251E734DE51DB60

Function 00BD2F30 Relevance: .4, Instructions: 412COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a71b87b528d998d4c957b504bfa62f0813a707fd53e75d5215a224d6bd00ad21
Instruction ID: 54484635e2c7aa902078216eab5c95461a58fcf73515cf4c504cb4ea473bd22d
Opcode Fuzzy Hash: a71b87b528d998d4c957b504bfa62f0813a707fd53e75d5215a224d6bd00ad21
Instruction Fuzzy Hash: 9CE1F331E002869FDB24DFA8C4817FEFBF1EF44710F14849AD486AB382E6759A85C751

Function 00BB892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 728d99e074eeb830a02e1d70fcfffdc09405a2f6328477fec7786359bcf55b46
Instruction ID: b48af45f736a9b8f4ecb33da4ac92dd315b82d0e79d449f62c7dc05c1aa63a4f
Opcode Fuzzy Hash: 728d99e074eeb830a02e1d70fcfffdc09405a2f6328477fec7786359bcf55b46
Instruction Fuzzy Hash: C3D1F371A006199BDF15CF68C881BFEB7F9EF88304F1881AAD855E7280DB75E905CB60

Function 00B265D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa8a92a15aa398e37db1a718b8119be109b7be2730717d721fc18325de7125b5
Instruction ID: 89b73ff5cf81c279b9dec0e55c0ab5d00b652967cb4c44f2c1a11ad705cc5421
Opcode Fuzzy Hash: fa8a92a15aa398e37db1a718b8119be109b7be2730717d721fc18325de7125b5
Instruction Fuzzy Hash: 28E19B71609351CFC714DF28D080A6ABBE0FF99308F148AADE9998B351DB31ED45CB92

Function 00B18397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8edd6cfbcd4c81b055d84d4589f66b31a1f124740cdaa36a81b247b9df303b40
Instruction ID: 1ba605aefb1f8f2c31df0ddff81695da36867372dc484262c934f7a20d8f242e
Opcode Fuzzy Hash: 8edd6cfbcd4c81b055d84d4589f66b31a1f124740cdaa36a81b247b9df303b40
Instruction Fuzzy Hash: 90D1AE71A006169BCB14DF64C891EFAB3E5FF54314F6486A9F92ADB281EB34D980CB50

Function 00B4C6E0 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bcf8cd94ee5d35cefd823c233eab59721fc4e1457a7d07aca62a8dc7fe1a236
Instruction ID: 5b09dec5f797d1c36bba59da28b4e11bc68c301cc78737887406192826c2ddc2
Opcode Fuzzy Hash: 4bcf8cd94ee5d35cefd823c233eab59721fc4e1457a7d07aca62a8dc7fe1a236
Instruction Fuzzy Hash: 23D18B31E062199BDFA8CE88C5843BDBFF1FB44B00F2480AAD456AB295D7748F41EB45

Function 00B338E0 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc9009a1693caaf5d267ece30c22897b157e93d768d93b6334882a267e3189b3
Instruction ID: 28ec66951da45369a95c152257ea847fc4c0e87e15798ac707a65edbcc14130c
Opcode Fuzzy Hash: fc9009a1693caaf5d267ece30c22897b157e93d768d93b6334882a267e3189b3
Instruction Fuzzy Hash: 1AE16B75A00205DFCB18CF58C891BAAB7F1FF58710F2581A9E856EB3A1D734EA41CB90

Function 00B3CFE0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b57b5d2e573142277216d8140e4942b0c3b1de13131b02d713e9135acaa69be
Instruction ID: af322ca34aab38ce4f24bd4350de3c1245733c8a2de584fe4527e36172d827ab
Opcode Fuzzy Hash: 4b57b5d2e573142277216d8140e4942b0c3b1de13131b02d713e9135acaa69be
Instruction Fuzzy Hash: 47D1B330A007199FDB24CB14EC91BAAB7F6FB45304F2441E9E909A7251DB74AE85CF91

Function 00BF95C3 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbbdbfc36c442eec941659cf95e126cdb72d65e33733550df7fb91bdc9b28738
Instruction ID: 319323b1c8df869f28f82709c7cfaa61250de9aa88634d2c408bb733a8ca2f6f
Opcode Fuzzy Hash: cbbdbfc36c442eec941659cf95e126cdb72d65e33733550df7fb91bdc9b28738
Instruction Fuzzy Hash: B6B177B19106296FFB299B24CC55FBB72ECEB04750F0442E9BA19F71C1DB719E848B60

Function 00BA8243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: c8ab56def7dd3e3ad5556bc6131ecd27a730ffc12cfdf892cf7c2804afe7576a
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: 34B15074A04604AFDF24DB95C941BABBBFAEF85304F1044A9A942A7B91DE34ED49CB10

Function 00B30535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: f9bbf1558bb324dd45f3ead42d830729a8ed20667965b3bff2d47b305edb3645
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: 15B10231600646AFDB25EB68C8A1BBEBBF6EF44300F2401E9E54697291DB30ED41DB90

Function 00B283C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbd8aa475d3e273844dfbd31ccd3b2f5fdc9ffe6027240b5e3a781e366a288ae
Instruction ID: 6f1ac760f6337db05d5139658b1beb106ba3d714480e54f001d3b1ef2d6e8a7f
Opcode Fuzzy Hash: dbd8aa475d3e273844dfbd31ccd3b2f5fdc9ffe6027240b5e3a781e366a288ae
Instruction Fuzzy Hash: CCC168701093418FD764DF18C494BABB7E8FF98304F4449ADE9898B2A1DB74E909CF92

Function 00B1C427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01dce9f44c3d7abdbdf16ecc7cf12fc76ddcfd20855e4a632d99f0b9cd031b96
Instruction ID: a62f07c36420218859c963c7a7c5f2452949e63cf556f859d353d0487cb31ea1
Opcode Fuzzy Hash: 01dce9f44c3d7abdbdf16ecc7cf12fc76ddcfd20855e4a632d99f0b9cd031b96
Instruction Fuzzy Hash: B7B18070A402658BDB64DF54C891BEDB7F2EF94700F5085EAD40AE7281EB30AEC5CB21

Function 00B4E5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5097552d7d86f28c2e5cad006d02e7b4366e7ecf6119877da01f4f8a43a52d65
Instruction ID: 882d75d4d9c0cb92694cef0c8e031ea5852bf4ababce51e691e25b177095759b
Opcode Fuzzy Hash: 5097552d7d86f28c2e5cad006d02e7b4366e7ecf6119877da01f4f8a43a52d65
Instruction Fuzzy Hash: 0EA1F631E00619AFDB21EB58C884BBEBBF4FB01724F1541E5E910AB2A1D774DE40DB91

Function 00B60185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8d9895592312e590d23887d2e882266c390eadb8a4f5b9894a523261546f318
Instruction ID: 0287c2ad1b529efd3b1ccb5ac3df0dea8e72c346001dbca35c8e92337006cee3
Opcode Fuzzy Hash: a8d9895592312e590d23887d2e882266c390eadb8a4f5b9894a523261546f318
Instruction Fuzzy Hash: 9AA1DE70A116169BDB24EF6AC991BBAB7F1FF54314F1040A9EA4597381EB38EC11CB90

Function 00BF4500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61398b8010a00abbd39964d0b4a465ee579f111bf3e4f864e0694babe9f48cde
Instruction ID: ea2249444f8f1c5dbc1d6a3c75baa1c3754d44735c04a1f778a1f69278f76b63
Opcode Fuzzy Hash: 61398b8010a00abbd39964d0b4a465ee579f111bf3e4f864e0694babe9f48cde
Instruction Fuzzy Hash: 3AA1FC72A04615AFC721EF28C981B6BB7E9FF49744F1105A8F689DB261D334ED08CB91

Function 00BF2B57 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction ID: ac7e6bead5d4f0c4d7cc02a9e19e382fed81e0d7d1e0f5d78402b0e407b246b7
Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction Fuzzy Hash: 55B10675E0061A9FDF28CFA9C880AADB7F5FF48310F1481A9EA15A7354D730AD49CB90

Function 00BA60E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79aeee04637ece5fecef8f93a3e90992f6c5db20d00c449d26e8b669125b61d2
Instruction ID: 1357293b6e428e3670ee00446caefc9b207931565789d03b164da366b0b76312
Opcode Fuzzy Hash: 79aeee04637ece5fecef8f93a3e90992f6c5db20d00c449d26e8b669125b61d2
Instruction Fuzzy Hash: 6D91AFB1D08225AFCF15CFA8D895BAEBBF5EB49700F1941A9E510AB341D734DE009BA4

Function 00B3E3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b684d4772cbf03c470cc5cd00e2887a16c7530e124686bedbcb90b17a4b4bd9
Instruction ID: ce25c9fac96be1692bea3b51e07d3ae3ab5274683d1107f97a34dc7741331867
Opcode Fuzzy Hash: 7b684d4772cbf03c470cc5cd00e2887a16c7530e124686bedbcb90b17a4b4bd9
Instruction Fuzzy Hash: A8911331A00615DBDB24AB58C481BBEB7E1EF98714F2980EAE8159B3D1EB34DD41CB51

Function 00B54750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
Instruction ID: 0f45fc25c4b3db6636048d7f21b63c41d7c69a3e16e2cbede855c8d9adcae43a
Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
Instruction Fuzzy Hash: 5D812C21A042A58BDF214EACC8C036DBBE1EF56719F2846FADC429B241C364DDCED791

Function 00BEF7B0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5973708a77227c59c984a5fe076dc8db9f4d59010e549f88441623f767127b80
Instruction ID: 058845bc9cd64c7a9c9a782be5a75ab66a326a419d10878bd3cadbf722def154
Opcode Fuzzy Hash: 5973708a77227c59c984a5fe076dc8db9f4d59010e549f88441623f767127b80
Instruction Fuzzy Hash: 2391D571E00287ABDB14CF2AC88077AB7E1EF94310F1585B8E859DB292D774ED01CB90

Function 00BEF43F Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e92860edb26963a5b038594f8f91dc2dbab19bc5a1051db79e9d8557f434188f
Instruction ID: 75dbd6571697e8b6eae3066882d028b73a45ebcf5fcd1f1d6929944d9d2816b5
Opcode Fuzzy Hash: e92860edb26963a5b038594f8f91dc2dbab19bc5a1051db79e9d8557f434188f
Instruction Fuzzy Hash: 3E91D172A101158FDB08CF69C8916BEBBF2FF88311B1982B9E855DB396D734D901CB50

Function 00BE81CC Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44d6c8a5f3381c60d22dbacc56bbe96b5a5de21cf0788626630d97b8d55ef037
Instruction ID: 52b63ab0baef5228a1cb3c5c387d07abab9329cc8131d8d4508aa95b05fdbdc5
Opcode Fuzzy Hash: 44d6c8a5f3381c60d22dbacc56bbe96b5a5de21cf0788626630d97b8d55ef037
Instruction Fuzzy Hash: 1C818671E009559FCB14CF6AC8805AEB7F1FF88310B2442AAE525E7384DB74D951DB94

Function 00B30E59 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e247430e381a2b52514fe26243f7c1b26bbb59d8ad7a9937d879efb5a80c5c80
Instruction ID: da3721c59dc66687ee3b1450cd9b06f739095e5dc2e3557ccd33de3916b49608
Opcode Fuzzy Hash: e247430e381a2b52514fe26243f7c1b26bbb59d8ad7a9937d879efb5a80c5c80
Instruction Fuzzy Hash: 7481AF31A105699FCB24EE6DC8909AEBBF2FF95310F3882D5E8549B349D630ED41CB90

Function 00B76ACC Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 839371bd99e20230f782dcc9f7db339b5fbe1eca1c36dcafd2321a51bd2891f1
Instruction ID: 83c49800c8a512a7580fe6501b9b769bd33a9d435faf6300f32f83e00f9b3475
Opcode Fuzzy Hash: 839371bd99e20230f782dcc9f7db339b5fbe1eca1c36dcafd2321a51bd2891f1
Instruction Fuzzy Hash: DF81A671A00A159FDB14CFA9C881ABEB7F9FB48700F14856EE459E7640E734DD41CB94

Function 00BDE4F6 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 766358be11b13918103f0923e18161dc7d431a797624552ec7e79edbd14058e9
Instruction ID: 42f4abafd29f40b750c22831a17fe3eaa49bf18e47d4443169ae2f515c73d413
Opcode Fuzzy Hash: 766358be11b13918103f0923e18161dc7d431a797624552ec7e79edbd14058e9
Instruction Fuzzy Hash: 19818176E002159BCB18DF98C9916ADFBF1EF99310B1581AAD826EF385E730DD41CB90

Function 00BEAB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: a1e11aafeece4be40932e8544065d1a4f08198334fe7fa4e01550df97d018772
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: 41817275A002499FCF18CF9AC891AAEB7F6FF84310F1485A9E8169B385DB74ED01CB51

Function 00B5E284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 281993ac5fadeb588cada000499a7390259f9401b332a8d02d123196fd5c07d1
Instruction ID: 20bcf31cb05673485dee518cb36c390748b7a79463d211b4b29cad77b07f9eb0
Opcode Fuzzy Hash: 281993ac5fadeb588cada000499a7390259f9401b332a8d02d123196fd5c07d1
Instruction Fuzzy Hash: C1815D71A00609AFDB25CFA9C880BEEB7FAFF48354F1044A9E565A7250D730ED49CB60

Function 00B4B950 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10cdd8a73ba214d37e96d5d433e4d54993d50614183f2ee11c8e737cc0956fa1
Instruction ID: e69c15059e6257da7bbc249cd4717d41eeb49427fbf261bfc8d913a98346c567
Opcode Fuzzy Hash: 10cdd8a73ba214d37e96d5d433e4d54993d50614183f2ee11c8e737cc0956fa1
Instruction Fuzzy Hash: DB71F5302042508FEB24DE2AC981B7673E1EB94714F2485DDEA96CB2D4DB35ED06EB61

Function 00B3C640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10da3d2fd5b0584c119eb42fd03df08e3fabe4827b7dcd9b4638410a09fcf392
Instruction ID: af4c4470a9cbc4c0307b49568855b17082d06faf98c68652687f553612814272
Opcode Fuzzy Hash: 10da3d2fd5b0584c119eb42fd03df08e3fabe4827b7dcd9b4638410a09fcf392
Instruction Fuzzy Hash: FA71BE75D04665DBCB259F98C8907BEBBF4FF59700F2481AAE852AB3A0D7749C01CB90

Function 00BD47A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3bf9a3f807d02a82f75efbf83394adead13028e41b1e9bcfed27245b295a986
Instruction ID: d038d7975e4b0a6b2857991656fdab5455e6ff5f125e72cec68e269c283aa5af
Opcode Fuzzy Hash: d3bf9a3f807d02a82f75efbf83394adead13028e41b1e9bcfed27245b295a986
Instruction Fuzzy Hash: 1C714AB0A41204EFCB10DFA5EA55B9EFBF8FB86300F1181AAE514AB365E7358940DF54

Function 00B3260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5071a1cb9b77f183903080730479cac555b16b65943acc171852e26a57a583f4
Instruction ID: 4abdea05be703d00913d0518fea4e37b8ca3e98239577f17829f4a59f96eff0e
Opcode Fuzzy Hash: 5071a1cb9b77f183903080730479cac555b16b65943acc171852e26a57a583f4
Instruction Fuzzy Hash: F571CD756046419FD311DF28C481B6AB7E5FF88710F2485EAE899CB362EB38DC46CB91

Function 00BE70E9 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a37687f1731c7a5b542a8546057b104133db9ad01d1bb3b3e64934ec59939347
Instruction ID: 9d722988cb3ba0e003cfbb4033d1db256a95ebe30bd770b95fc73f3841dedc88
Opcode Fuzzy Hash: a37687f1731c7a5b542a8546057b104133db9ad01d1bb3b3e64934ec59939347
Instruction Fuzzy Hash: AF61E771E442969BCB14EFA7C881ABFB3F9EF55300F1040A9EA11A7241EF34DD458B91

Function 00BDF0CC Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 516e1440bdefa2ae629759f325fa53ea5bff0f2296f5fd9936058652ea9cfd94
Instruction ID: 087aa56b9c0def149478fed6f8e0849a88c83bb0de637ef4d239d5e62b6f8117
Opcode Fuzzy Hash: 516e1440bdefa2ae629759f325fa53ea5bff0f2296f5fd9936058652ea9cfd94
Instruction Fuzzy Hash: 4E713979A09663DBCB24CF59C48067AF7F1FB44704B6444AFE842AB740E770AE91DB50

Function 00BB62A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92eb8e7165dfc21538ee69f0d70848ea1ecec815ee4d72d477ed422064fe03e9
Instruction ID: 2c7d5d8155f9cc0ab0021e7e5a96a49e061b5968808e0472b265eaaf0444b3ae
Opcode Fuzzy Hash: 92eb8e7165dfc21538ee69f0d70848ea1ecec815ee4d72d477ed422064fe03e9
Instruction Fuzzy Hash: B171C332200B01EFEB31DF18C885FAAB7E5EF44760F2445A8E655972A1D7B9ED44CB50

Function 00BA035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: 6373d47e397197f111635dddfb5f029af20da591592834d344920c7e816f377c
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: 6E716B71E10619AFCB10EFA9C985AAEBBF9FF48700F1045A9E505E7251DB34EA01CB90

Function 00B28AA0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f19ca7b0139080907228789d9aef5531c60957147a09b972ac61e57807d9786
Instruction ID: a90593b257cee5afaf28d9d83f9404d6db948c883171d57c8a123d6b38f51a77
Opcode Fuzzy Hash: 8f19ca7b0139080907228789d9aef5531c60957147a09b972ac61e57807d9786
Instruction Fuzzy Hash: 0F819F72A053158FCB18DF98E584BADB7F2FB49310F2581ADD804AB3A1CB799D41CB94

Function 00BF8324 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36d0295bb63dcf9d3cce6d3386f3ffb398db5fa01aef34d56249c738a247beba
Instruction ID: ccc0e2bf0ed982c4098cd92d0843950c1f6764948e240cd1e888ab61aa1b8e9c
Opcode Fuzzy Hash: 36d0295bb63dcf9d3cce6d3386f3ffb398db5fa01aef34d56249c738a247beba
Instruction Fuzzy Hash: 4C710871E00619AFEF15DF94C881FEEBBF9EB04750F1041A9F610A7290DB74AA49CB94

Function 00BE132D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 071b33c068b53195c5d63656845b1afeac82ca9a963f46659e6d0688eaa9e4f1
Instruction ID: 074e010a758ad1f59a43626e21fc7ea217c3e6644bf00d701f5ff99f2a098001
Opcode Fuzzy Hash: 071b33c068b53195c5d63656845b1afeac82ca9a963f46659e6d0688eaa9e4f1
Instruction Fuzzy Hash: 9E817075A00245DFCB09CF59C490AAEB7F1FF98300F2585A9E859EB351D734EA41CB90

Function 00BDA250 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fec391fe598420c5c7e6f26690b1f6f5f0c81268c04dda424d5d22242550c2b8
Instruction ID: eefe724ca1d143fa32e6c895467a2e48507059b47bc040bbc2dbd2fdf4de98dc
Opcode Fuzzy Hash: fec391fe598420c5c7e6f26690b1f6f5f0c81268c04dda424d5d22242550c2b8
Instruction Fuzzy Hash: 4651CC72504612AFD711DE68C894A5BF7E8EBC5750F0049AABA40DB350E7B4ED04CBA3

Function 00BECE93 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
Instruction ID: 46c7c52484c88952bda5fad668ef0f5ed4d141aa6a3e6b6a847b18fd625d30d5
Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
Instruction Fuzzy Hash: B251E3326086828BC714DE2A88A176ABFD7EFD0350F1984EDE895C7242DB70DD0A87D1

Function 0011FEC3 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
Instruction ID: 1d7a5533deac3f6d32d48a0c1dc72e3585b0b61827eff6b70f91beedbadfa2d6
Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
Instruction Fuzzy Hash: 6E5180B3E14A214BD318CE09CC40635B792FFD8312B5F81BEDD199B397CA74E9529A90

Function 00BC8350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a3c5cc8d6a1908714b861a7f751c2b59ff7f138d2ca5f5b27f54757e0c5dbfc
Instruction ID: 26737a382ea61acde2bd7e3228078982f6728f559be8a8501bafdb3a01f9977f
Opcode Fuzzy Hash: 4a3c5cc8d6a1908714b861a7f751c2b59ff7f138d2ca5f5b27f54757e0c5dbfc
Instruction Fuzzy Hash: 5D519B709007059BD724DF66C880FABFBF8FF94710F20469EE196976A1DBB0A945CB90

Function 0011FEBA Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff15b257ce1439dc17760773f0d74c7703d00957538e2d6dfd22276718cfb6f
Instruction ID: b790fda314ff990b3319c72f4a8861238d214d46a440defa60f9713220f09d81
Opcode Fuzzy Hash: 8ff15b257ce1439dc17760773f0d74c7703d00957538e2d6dfd22276718cfb6f
Instruction Fuzzy Hash: B151A1B3E14A214BD318CF09CC40631B692FFD8312B5F81BEDD1A9B357CA74E9529A90

Function 00B5E443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c533b1d034506dccc453bc35efa4533494d13eebea5b8058ff58ef0cf078126
Instruction ID: 679395297e45463973835d997fe80d5d2423af98cbd6d2d5501f2270b2621fa1
Opcode Fuzzy Hash: 1c533b1d034506dccc453bc35efa4533494d13eebea5b8058ff58ef0cf078126
Instruction Fuzzy Hash: 92516A71200A15EFCB25EF64C980FAAB3F9FF18784F5004A9E951A7261D734EE45CB50

Function 00BC4180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb69c4c1a90533d173435c040e7fd349ea15a20ab3f66d185e669cdcadca761b
Instruction ID: c97b3d2619ce672dc7155b81a2f2169d9246123e0fe028369102755d781a09d4
Opcode Fuzzy Hash: bb69c4c1a90533d173435c040e7fd349ea15a20ab3f66d185e669cdcadca761b
Instruction Fuzzy Hash: B95154B16083418FC750DF29C891A6BB7E5FBC8308F54497DF489C7250EB34DA058B96

Function 00B445B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: 043da5fe7bf43dbf502ec9fcdbced2406ddecbc4acb17ecf9b3e25bfcea53521
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: DA51AD71E0021AABCF15DFA4C441BEEBBF9EF45350F1480A9E901AB250EB34DE55DBA0

Function 00B9D800 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8c35a348e218f7b945edc68ec2c8e3bd938e43f9e1238dd4ffb1f9de10f2e5b
Instruction ID: 4394977e5c823a8a68cb97ff144815db5b0fbf6bccf43abc323c7e1573bebd32
Opcode Fuzzy Hash: b8c35a348e218f7b945edc68ec2c8e3bd938e43f9e1238dd4ffb1f9de10f2e5b
Instruction Fuzzy Hash: 96518C74A00215ABCF24EF6AC480ABAB7F4FF55700B1542A9E941DB681EB789950CB90

Function 00BAE9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: 305653040d36955b4a4c2cf57038ae53634f8ee333dc88415429c84889103cec
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: 9D51A331904219EFDF209B94C8D9BAEB7F5EB02364F6546E5E93267190D734DE408BA0

Function 00BE7571 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c294d8c560534e76a6da7acd8d5d8474bbac33619abb8afd1ed6c67c204fb7
Instruction ID: 504eeb02e03feddc69f581038859829276adfa5bbbab08da43438e6de53c59c9
Opcode Fuzzy Hash: 93c294d8c560534e76a6da7acd8d5d8474bbac33619abb8afd1ed6c67c204fb7
Instruction Fuzzy Hash: 7E510371A04169AFCB15DB6AD844BAEFBF6FF48344F1481A9E911E7260DB30AD11CB80

Function 00BE8B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6ba4bc751e77012dd46370e6437d8f597a2fd4501325338ee976cb4b2e5b89a
Instruction ID: 6390acdb1de8a335b10a6267975c71c2292229382c89b98297c16c8d44855ce4
Opcode Fuzzy Hash: c6ba4bc751e77012dd46370e6437d8f597a2fd4501325338ee976cb4b2e5b89a
Instruction Fuzzy Hash: 7C41F270701A809BC629DB2BC885B7BB7DAEF81320F148698F81D8B391DF30DC01C6A1

Function 00BACBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dac4b9bacab41a3c1e436518f6984f16a386c5beb0c69b8b8314407be89bb069
Instruction ID: 3ec62626cb8aa3ca2fa430a008db37f30ef95840b955e0569c12e1135ffe6e41
Opcode Fuzzy Hash: dac4b9bacab41a3c1e436518f6984f16a386c5beb0c69b8b8314407be89bb069
Instruction Fuzzy Hash: 3E517C75904219DFCB20DFA9C980AAEBBF9FB4A354B2185A9E559A7301D730ED01CBD0

Function 00B5A430 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a67709fa40823476362cf6e3c67ade7b1bbd77d652d13d773f7c7298ec4a88da
Instruction ID: cb40fff7ed29e47acf1b6f41f54583fbe9a4ab654939cb2aa6d7049d1fb2d33e
Opcode Fuzzy Hash: a67709fa40823476362cf6e3c67ade7b1bbd77d652d13d773f7c7298ec4a88da
Instruction Fuzzy Hash: 8841F471600200ABDB18EF69AC92FAE77E5FB1A705F0181F8FD02AB261D7B19C04C751

Function 00BEA9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: f136d003bba4b54f95dd09e84950157e81a21c56cf611fc62fd922965d9424bb
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: 1C41C3726047559FC724DF65C980A6AB7EDFF80310B1546BEE9528B241EB30FD08C791

Function 00B501F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f75896351fd4eadf6ba84ad3fc73b0f92c4f8b249b5facb4a3cd9804d35d7299
Instruction ID: 8f2e7cb180f78caacda1c7bf90b22fd802bd802fc395c4b13b5d1d6f9c535ae2
Opcode Fuzzy Hash: f75896351fd4eadf6ba84ad3fc73b0f92c4f8b249b5facb4a3cd9804d35d7299
Instruction Fuzzy Hash: BF418C359202199BCB14EF98C480BEDB7F4EF58711F2481EAEC15A7350E7359D49CBA8

Function 00B4EBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85abf5088e65ae5a3b84d84f931f379cd0bb5c4e0d872a0cb169ec22c7cd3a7f
Instruction ID: d0a1d9b1aeb46166466c77622bb13e71d65f157a5df4df080cc811d1a14b3627
Opcode Fuzzy Hash: 85abf5088e65ae5a3b84d84f931f379cd0bb5c4e0d872a0cb169ec22c7cd3a7f
Instruction Fuzzy Hash: 4441A1726043019FDB24EF24C881A6BB7E9FF88314F1148B9F966C7622DB35E944DB51

Function 00B62750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: ef1ba738f6f3c929fc873554d8f81e2c999b1effe9fc03b086812746f99e0d86
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: BE513875A00619DFCB14CF99C580AAEF7F6FF84710F2981A9D815AB350D770AE82CB91

Function 00B26154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36f0478c2677ae198f0b734a5c350932157298258f80af928f987bb3ea98944b
Instruction ID: 47f4bb093f940df83a9d7263aef2b1bbed7c5b34ebc6d657a042c60c72865955
Opcode Fuzzy Hash: 36f0478c2677ae198f0b734a5c350932157298258f80af928f987bb3ea98944b
Instruction Fuzzy Hash: 1F51B070900226DBDB25AB68DC41BE8B7F1EF15314F1482E9E529A72E1DB34AD81DF80

Function 00B20BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9be917fd664c96f7096f505e39d5785cbf1bd2959e09b1a2387a7791f50aafca
Instruction ID: 7b57eae3b51586e80ca0feb37cac9bae39e101ead80600e6e1868cb204fecd33
Opcode Fuzzy Hash: 9be917fd664c96f7096f505e39d5785cbf1bd2959e09b1a2387a7791f50aafca
Instruction Fuzzy Hash: 51419075A102289BCB31EF68D981BEA77F8EF49740F0141E5E91CAB242D734DE80CB91

Function 00BE866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: ee776030d58a3c275b37f3b9739fdf88e19a543e8e7e20f9f7296bc98219782d
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 5F417175B00645AFDB15DB9AC885AAFB7FAEF88710F2440E9E809A7351DF70DD0187A0

Function 00BEF0E0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a6bdcf6876c9e56c9056371c7e8bc5fa66e6f2da5da2632861f683bb8a303e1
Instruction ID: 223b3bc4bf27c1167c0062c0e2ff90a0fca27eb4157259beb6475f91e2020562
Opcode Fuzzy Hash: 2a6bdcf6876c9e56c9056371c7e8bc5fa66e6f2da5da2632861f683bb8a303e1
Instruction Fuzzy Hash: 4241B1712183418FD704DF66D86597ABBE1FB88715F0485ADF9D58B282C730D809CB61

Function 00B20887 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6becf970948809f896eba99b016692d085bcdf930c0f6f124e6f4e8d9be5bc1
Instruction ID: 75bea4ea386bf6555b93f99433471ed597694ed7e23ee453d7bcf8c52a0fbd9e
Opcode Fuzzy Hash: e6becf970948809f896eba99b016692d085bcdf930c0f6f124e6f4e8d9be5bc1
Instruction Fuzzy Hash: 3041B3716107119FD725EF28E480A26B7F9FF49304B208AEDE55B87A52E730F885CB90

Function 00BCD5B0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be26b69846d64ba3aa78113cf43848e6da2e5f8c07b6b7ad911396d82e6a6e6b
Instruction ID: a5100aab84cd4fc00e2e0dfc7ff4a0e137cf5f6bb1b2434fd6cb045069d9b49a
Opcode Fuzzy Hash: be26b69846d64ba3aa78113cf43848e6da2e5f8c07b6b7ad911396d82e6a6e6b
Instruction Fuzzy Hash: F641D038A08295ABCB14CF29C495BBAFBF1FF59300F0584EDE4C58B245D735A856EB60

Function 00B4A470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02a6cbe0e3224a8e60e0c664d2d4550121d7741f340dc888adfe7b0c21593093
Instruction ID: 6070bf92df7eb05b1b3651895e8647288dc56402ab77204ab21085885222ecd9
Opcode Fuzzy Hash: 02a6cbe0e3224a8e60e0c664d2d4550121d7741f340dc888adfe7b0c21593093
Instruction Fuzzy Hash: 09419C32980204CFCB14EF68C9907ED77F0FB19310F2841E5D411AB3A1DB749A41EBA5

Function 00B28BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e6e910d2219e5ea66f9b1ed492f11d7c2566cb875227a6e5d400a7b30e6076c
Instruction ID: 10e66924769b262e7bc55dc808a4bd6ec1bed60c91cdbaf63d3da6d3598e26f5
Opcode Fuzzy Hash: 2e6e910d2219e5ea66f9b1ed492f11d7c2566cb875227a6e5d400a7b30e6076c
Instruction Fuzzy Hash: 4141D571902215CBC7189F98D881B9EB7F6FB95714F24C1AAE4055B361CB39DD42CBA0

Function 00B18918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e0939ec849cb393c0bb4fe33f3524c7bf83d81f84623140d3c045ae45f18c59
Instruction ID: 9c060fac02befbe961ada96612afe3baf58349ed6214fea266352819a6135b4d
Opcode Fuzzy Hash: 8e0939ec849cb393c0bb4fe33f3524c7bf83d81f84623140d3c045ae45f18c59
Instruction Fuzzy Hash: 51418C315087069ED311DF648881BABB6E8FF84B94F80496AF994D7250EB30DE448B93

Function 00B1A020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: 6bd17bc017579096a47565043b5546f7e0080441f7010a2a7af5f949dce24965
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: F6411631A01211DBCB20DE648894BFAB7F1EB54B14FA5C0EAE8599F244D731AD809B92

Function 00B209AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a751df2c300f2f03d2871f8b589f1b90f0d9feae128f41b1f302b99d31ad5fa
Instruction ID: 4afe2e1e2ae2172a4d18ca0a80c862021f8d745c9b473e802f5f39f8842094e7
Opcode Fuzzy Hash: 0a751df2c300f2f03d2871f8b589f1b90f0d9feae128f41b1f302b99d31ad5fa
Instruction Fuzzy Hash: AF416771610710EFD721EF28D881B66B7F4FF59314F6085AAE45D8B252E770E9428B90

Function 00B50710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: cc4bf923314ef3aad4bae1221053648bd3c094b4ba51fd0f2249202dff9b2052
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: 12410671A10605EFDB24EF98C980BAAB7F4FF18701F2049ADE956D7651D330AA48CB90

Function 00B2262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5773cdc8f745f22ce5c208759a3f8b3d456343cab4bed5439d51c146d4e00d1e
Instruction ID: ee8e2573bf57e6644cc68bc8efddbd5c349d59b123601cee203196d4e4140b2b
Opcode Fuzzy Hash: 5773cdc8f745f22ce5c208759a3f8b3d456343cab4bed5439d51c146d4e00d1e
Instruction Fuzzy Hash: 3D415B71905714EFCB22EF24E941B69B7F1FF45310F2082E9D51A9B2A1DB309D81DB51

Function 00B5C8F9 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13a18777678a383620e9d5caf980869a6954ee94046a313b2765b2fcee8f36a5
Instruction ID: c7951dd7df85190e44a0d95c8cd9d80345a2d7ecb7ee9da6ed24d1ff15a705c4
Opcode Fuzzy Hash: 13a18777678a383620e9d5caf980869a6954ee94046a313b2765b2fcee8f36a5
Instruction Fuzzy Hash: EC3157B1A00349DFDB12CFA8C541799BBF5FB09715F2081EAE519EB251D7329906CB90

Function 00BA07C3 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 981790d26e6f91f1d9ac5f5a7eda6c791bfae91a82ad267ba3e4b510e3889e00
Instruction ID: 36b4f2977b934f6a38a07d734125662eea76b0707ce012c94aee2c53f4aa85c7
Opcode Fuzzy Hash: 981790d26e6f91f1d9ac5f5a7eda6c791bfae91a82ad267ba3e4b510e3889e00
Instruction Fuzzy Hash: AC418E71918300AFD320EF28C845B9BBBE8FF89714F108A6EF598D7291D7749904CB92

Function 00BEEEDB Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcacff09660ff1ffb9f64eaba6f92480764db8630b9e87a2c31753677b642fa1
Instruction ID: a3ea695e3b5dbd4d679cd73a22a378ac18df613a715fcf717fa24694ce34ee0e
Opcode Fuzzy Hash: fcacff09660ff1ffb9f64eaba6f92480764db8630b9e87a2c31753677b642fa1
Instruction Fuzzy Hash: 6C418373A1402A8BCB18CF68D491A79F3F1FF48305B5641BDD916AB291DB34AD05CBD4

Function 00B180A0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e12efe4cd44cf546d2bd2dd2931d2491d3519c31a64ca686aab2c7cc51827c46
Instruction ID: 378731123f601c9ecc572f9a02f1521551a5a5d4d0499f68045455b10d26f1c2
Opcode Fuzzy Hash: e12efe4cd44cf546d2bd2dd2931d2491d3519c31a64ca686aab2c7cc51827c46
Instruction Fuzzy Hash: F241D372A05515AFCB00DF14C881AE8B7F1FF48760F6486A9E815B7280DF30EDA28BD0

Function 00BA05A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05faa542418abf4a1bcca57f25e56b51d6d09eac499225bec955ebd8f98ffc1b
Instruction ID: 4d27b825722e76f02dda2e26c5c2766da15a60bb78df3bcb8db980fbaae6f4eb
Opcode Fuzzy Hash: 05faa542418abf4a1bcca57f25e56b51d6d09eac499225bec955ebd8f98ffc1b
Instruction Fuzzy Hash: 3541C1726186459FC320EF68C880B6AB3E9FFC9700F140669F895D7690E734ED24C7A6

Function 00B24859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ed0cdf820003c3183226a8df445f41bd3d8f026d7c707cbd1884b85cb477126
Instruction ID: 9817813172be94fb2bb4f6a992ead20e9e5460cec4a2880c545abbd4f33e7a8e
Opcode Fuzzy Hash: 3ed0cdf820003c3183226a8df445f41bd3d8f026d7c707cbd1884b85cb477126
Instruction Fuzzy Hash: B641C0702103218FC725DF28E894B2BB7E9EF81750F2444ADF5898B6A1DB30DD81CB91

Function 00B18B50 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 949ab2c5b14ad26dd0f33be55f42f6da7964e25fd6aaa20e68e0a8029ad662d4
Instruction ID: 299b8c97854cc98e3467da64c5a70a98ec9f70b1cdce9f09ae83ce08f0a5cde1
Opcode Fuzzy Hash: 949ab2c5b14ad26dd0f33be55f42f6da7964e25fd6aaa20e68e0a8029ad662d4
Instruction Fuzzy Hash: 83418071A01614DFCB14DF69C9809DDB7F1FF88320B6086AAE46AA7261DB359D81CB50

Function 0011E163 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
Instruction ID: b2c1ee93e398e293257019e5663d47e5044954782540c43024ade1e0b6cad754
Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
Instruction Fuzzy Hash: AF3192116586F10ED31E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A1

Function 00B302E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: 9d0ea011ee0c772ab628a5b825e75eb95670ab19e8c7e5037d247eb8c78cb1f2
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: F7312831A05244AFDB21AB68CC80BAABBF9EF18750F2441F5F859D7352C774D884CBA4

Function 00BCE3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8afccde223de5acb97acb749886759a6ebbfd46add1a1c0fdd86316b2b1c9d0e
Instruction ID: 1f86fe22b335fca83b39c0ecf7c082729aa724a83fa9b0bd633b3aa7aedbeae2
Opcode Fuzzy Hash: 8afccde223de5acb97acb749886759a6ebbfd46add1a1c0fdd86316b2b1c9d0e
Instruction Fuzzy Hash: 1C31B575740715EBDB26AF659C81FAF76F8EF49B50F1000A8F600AB391DAA4DD00D7A0

Function 00B24260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 155a37232890a039cb237f0c79aad1a654332c474572f2216a82f420f73273c5
Instruction ID: 1febcc038d7455bdf35e026ad524fd5916459acb608d4f76ac26a97d1b8cb0a8
Opcode Fuzzy Hash: 155a37232890a039cb237f0c79aad1a654332c474572f2216a82f420f73273c5
Instruction Fuzzy Hash: 9241BD31200B04DFC762EF24C885BE677E9FB49350F1088A9F5598B661CBB4E844CB94

Function 00BD4BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bfa16d223b03d5e7d5e5a0b39a744baed36bb4f0fd9151412ac95ef363cfaae
Instruction ID: a6fc09814547d2abb43f44b2f4ea3b0e0dfe50cefc3922d993c5e624f7b76fde
Opcode Fuzzy Hash: 0bfa16d223b03d5e7d5e5a0b39a744baed36bb4f0fd9151412ac95ef363cfaae
Instruction Fuzzy Hash: AA318B713162019FC724DF28D881B6AB3E5FB85710F1945AEF8999B391E730ED04DB91

Function 00B9EB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8fc3fdeec614a2a0a2ebf904c2c24175970871ba060fb434959e5b4f1b05985
Instruction ID: fd3b3e3a094f86cc405b0b73e5f78188fa6bd3b103b92366df3f12cb4b3db770
Opcode Fuzzy Hash: c8fc3fdeec614a2a0a2ebf904c2c24175970871ba060fb434959e5b4f1b05985
Instruction Fuzzy Hash: D231D5317056C1EBEB22E758CDC8B6577D8EB41B44F2D04F0B9959B6D2DB28DC40C220

Function 00BE61C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54429af9fa05410f9e7ec154c6d1f98aef5cbd2d3149e9fb806e576164cd8228
Instruction ID: 5e0ed05e11e7f41b6d9a1bf3e06a1b01e70d0d13dc5cc417393303760f7f4676
Opcode Fuzzy Hash: 54429af9fa05410f9e7ec154c6d1f98aef5cbd2d3149e9fb806e576164cd8228
Instruction Fuzzy Hash: FD31E175A00269EBDB15DF99CC41BAEB3F5FB48B80F5141A8F900AB280D770ED00CBA0

Function 00BC483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0757beea1be0400aa96acc5096e126eba3ec60a359f334a2fde65405d72d5464
Instruction ID: 10e29192c0be8d514a66641b1065655bb28a5c421fe3f305396a34eaed31575f
Opcode Fuzzy Hash: 0757beea1be0400aa96acc5096e126eba3ec60a359f334a2fde65405d72d5464
Instruction Fuzzy Hash: 46314D76A4112CABCB219F54DC95FDEB7FAEB98310F1000E5B508A7251CB709E918F90

Function 00BE6BD7 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c4af01e26684a0a9e4a9e811ee5e39b29e1ee92b842ba2900daf122e818a244
Instruction ID: 9546bb343d0e0f116730c4e77f8b34f4c70fd45828181095a9245ca3021e705e
Opcode Fuzzy Hash: 6c4af01e26684a0a9e4a9e811ee5e39b29e1ee92b842ba2900daf122e818a244
Instruction Fuzzy Hash: B0316A71600204ABCB14CF29E885B9B7BE5FF49350F9184A9F918DF296D370E945CBA4

Function 00B4EB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f39b89e2288aa3dcc58b1744b73fded59d3a2e172424b523b13211f5326f99bd
Instruction ID: d3b07016ca4a03c53b89d4a89e5567501a46ae81a59cec1bf5482017fa1e5077
Opcode Fuzzy Hash: f39b89e2288aa3dcc58b1744b73fded59d3a2e172424b523b13211f5326f99bd
Instruction Fuzzy Hash: CE319072E00215AFCB21DFA9CC80AAEB7F8FB08750F1184B5E526E7250D674DF00AB90

Function 00BE60B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d20e3dfffb35d0782e222412fdfe24a5914176ccab9be5d2ae6cad673daa233
Instruction ID: aeba6493bbd354c9c4e469504c73a2942aa38b9a0080d72bb98eb420f6e0be98
Opcode Fuzzy Hash: 3d20e3dfffb35d0782e222412fdfe24a5914176ccab9be5d2ae6cad673daa233
Instruction Fuzzy Hash: 2D312471600251EBCB129F9AC881B6EB7E9EF54794F1040E9F501EB352DB30DD008B90

Function 00B207AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2acc128cea92cd906a741b63ecfc1d33c0b95eb7e40b5629730dc412c328bede
Instruction ID: d9a5423c50b95da8ea97636d0c188fc77cf3ddbde1e93defda80b5c5992f8a3d
Opcode Fuzzy Hash: 2acc128cea92cd906a741b63ecfc1d33c0b95eb7e40b5629730dc412c328bede
Instruction Fuzzy Hash: 78310872A14721DBC712EE24A880E6B7BE5EF94750F1184A8FC5D9B312EA30DC0097D1

Function 00B28550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9663575056f1ab95ee4d490d9b8c0faa85943ebb2d252a62d4ae0d8e5ccb7e1
Instruction ID: c12fe06e52b605f33e0442a605077cd16390cfd608c1876b8ab4b0f95a80897a
Opcode Fuzzy Hash: f9663575056f1ab95ee4d490d9b8c0faa85943ebb2d252a62d4ae0d8e5ccb7e1
Instruction Fuzzy Hash: 52318A726093119FD721DF19C880B6AB7E4FB98700F1549AEF8889B7A1D770EC44CB91

Function 0013ED53 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794d7c64eea374b9328a5b843265df2a6d391981a5fe40015326118c173d2965
Instruction ID: 05fb0d7a3c820307954e2af14bdbe036557c091d1015f5fa6f5eb2bdbbc11dfc
Opcode Fuzzy Hash: 794d7c64eea374b9328a5b843265df2a6d391981a5fe40015326118c173d2965
Instruction Fuzzy Hash: 3731F272B006265BD754CE7AD880256F7E2FB88320B548739D918C3B80E774F962CBD0

Function 00113100 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d7894554024113334843e83a961195919b43164162ab6c67f04067eee57c681
Instruction ID: e873eb46f67064fe5654b78920a31c52c3bbfa34a716f7cf3fe95bf7634245f3
Opcode Fuzzy Hash: 3d7894554024113334843e83a961195919b43164162ab6c67f04067eee57c681
Instruction Fuzzy Hash: 0631AC72A10B108FD368CE6DD945687F7E5EB8C300B418A2DE86AD7B84D774E901CB80

Function 00B5A6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: d6fffc323506da064e38934e0b1adc68794517334007064ddb95a4b7c5fd668a
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: 01312872B00B01AFD760CF69DD81B57B7F8EB08B50F140AADA99AD3650E630ED008B61

Function 00BCEBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d447a86d5bae17a74b30382e575320871fab1ed03481c92206679fb228396b2
Instruction ID: e26f0adf31c65b421d4e1527a4b0dc95d5beab0a180cfd35bc752e82edb71d27
Opcode Fuzzy Hash: 9d447a86d5bae17a74b30382e575320871fab1ed03481c92206679fb228396b2
Instruction Fuzzy Hash: C13165B1609341DFCB10DF19C541A9ABBF1FB9A718F0489AEE4989B351D330EE44CB92

Function 00B4438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 622cb6bbc5e071b39477caaef7ec0d14be506d43a7c525e022ba15b771a3a697
Instruction ID: db57fd6b4462b826a3ef8d2301c9544c86d313dc6ce69d51f57489764f7fbb54
Opcode Fuzzy Hash: 622cb6bbc5e071b39477caaef7ec0d14be506d43a7c525e022ba15b771a3a697
Instruction Fuzzy Hash: 6531C231B002059FDB14EFB8C981B6EB7F9FB85704F1085A9E045D7291EB30EA45DB90

Function 00B1CB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: 44838ce72a089669e827fcebbff230bfaa67e7940fabc77918a1a9a43ae03d39
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 5C21F236E4125AAACB109FB58841BEFBBF5EF44740F16C0B5A929E7280E230CD4087E5

Function 00B1C156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153af57abb91dc294294df553b3215cb642ae14339efc86956ecee5d5cdd2fd1
Instruction ID: d7a0f4c394298bee4761b864b57a8e89649ac8d69bee0f075c93abb17d55ed42
Opcode Fuzzy Hash: 153af57abb91dc294294df553b3215cb642ae14339efc86956ecee5d5cdd2fd1
Instruction Fuzzy Hash: 3A31F9B55002109BC724AF14CC42BB977F4EF41354F94C1E9E99D9B392DA34ED86CBA0

Function 00BDC3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: e3d139874b87b5387d086ec8c80d699e9032cd770be4dc6d2a9fa79521f8a4b5
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: 3D21FB36600652A6CB15AB958811ABBFBF5EF40710F4084ABF99587791F738DD50C760

Function 00B1E420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4050b94ec8942cc5eb27ff605bea825ce2f2ec7b39e3c5ba10e0a28463b44ae1
Instruction ID: 1592deeeb93677ea642c9a9acb58e863ea868943ce949fff6f62414e1ca9aca6
Opcode Fuzzy Hash: 4050b94ec8942cc5eb27ff605bea825ce2f2ec7b39e3c5ba10e0a28463b44ae1
Instruction Fuzzy Hash: 2131A231A415289BDB319B14CC82FEEB7F9EB15750F9101E1FA65A7290D674DEC08FA0

Function 00B544B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a10d4ef5aadcb45b3bad5f85722d735ce4a95fc3cd2b7f530600757623883e50
Instruction ID: db0339bbb64d0a9e6d8914303a1b926d58d19963aa92c45effa8e668c5154bfe
Opcode Fuzzy Hash: a10d4ef5aadcb45b3bad5f85722d735ce4a95fc3cd2b7f530600757623883e50
Instruction Fuzzy Hash: C321E1326047059BCB22CF18D880B6BB7E4FB88765F0045A9FC549B241E730EE448BA2

Function 00B54588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: 950595c19b7712dba99b2a61244aedde8a144738b9ed086722d9c41dd316ea56
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: 84216035A00608ABCB15CF58D980B8AB7E5FF49719F5080E5ED159B241D771EA498B90

Function 00B1E388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: 65b0369cb1d83a51ed4af303c7c96b62d5a1e742fd9204370c59727ff4c45c39
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: DF316831600604EFD721CB68D885FAAB7F9EF85354F2445A9E9668B391E730EE41CB50

Function 00BF03E6 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e837e60d39d68e0fed8d01666aabcdea2d08b2cf06568589bb80c3eee40fa73
Instruction ID: d29761a835c17355913ccc4bae36d04afc0c2f981b74376147887449c1600d05
Opcode Fuzzy Hash: 1e837e60d39d68e0fed8d01666aabcdea2d08b2cf06568589bb80c3eee40fa73
Instruction Fuzzy Hash: 61313071A10119ABCB08DBA4D894BAFBBB9FF88314F514169EA15E7251DA306D08CBA0

Function 00B9E609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a0e5a0d739d872f5990d8af3466b077df5465626d794f8eb22da07a91a0c910
Instruction ID: 9b56e2759cee99b363b1b7937bf35687adb8223fd4b2dd0e1aa4829dd45c0f10
Opcode Fuzzy Hash: 5a0e5a0d739d872f5990d8af3466b077df5465626d794f8eb22da07a91a0c910
Instruction Fuzzy Hash: EB318075600205DFCF14CF18C8849AEB7F9FF94304B1585A9E8299B391E771EE50CB90

Function 00BF0591 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 363207597f4d2194cd29f8e603a53914b73cf309f7a354b15e107c874729ddf2
Instruction ID: 80c80d9c46decb2f857c0911a25a6738ef571621c546f43772e91c4a092dd0ae
Opcode Fuzzy Hash: 363207597f4d2194cd29f8e603a53914b73cf309f7a354b15e107c874729ddf2
Instruction Fuzzy Hash: 6E21D6326202098FDB28DE29D8C06BAB7E2EFE4310F5584B8DA15D7266D770FC59CB50

Function 00BA06F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be99bfb88ff0c76bd8881980f5137ab9001a689cb6a6de402f844ddf9befc04e
Instruction ID: 2084032b05db9ef4efd89433aabb79fcc3a420ebb5f7fd6ebd1e90b6305e3937
Opcode Fuzzy Hash: be99bfb88ff0c76bd8881980f5137ab9001a689cb6a6de402f844ddf9befc04e
Instruction Fuzzy Hash: 4F218D75A106299BCF15EF59C881ABEB7F8FF49740F5000A9F441AB250D738AD41CBA0

Function 00BA019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3519048bcdadb1f347eedddcf2edbee5fcc32dfbb891e288803474e39e8bccc
Instruction ID: 5d5ce9ce06fbda8d36e1c967c5d870eb06a4cf1ef425472ea37505bc82d0d7a7
Opcode Fuzzy Hash: a3519048bcdadb1f347eedddcf2edbee5fcc32dfbb891e288803474e39e8bccc
Instruction Fuzzy Hash: 79219C71610644AFC715EB68D985F6AB7F8FF89740F1400A9F904D76A1D638EE40CBA4

Function 00BA0283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83240a9099cb4143a6464714e2df6ad19cfc0696baab4ee59160593abf2d1e89
Instruction ID: 5894b9c4c59173f8c5baeac6d1d5ba53a0aa7796a35f2f80d76ff34e778a4790
Opcode Fuzzy Hash: 83240a9099cb4143a6464714e2df6ad19cfc0696baab4ee59160593abf2d1e89
Instruction Fuzzy Hash: BA21C2729183459FC711EF69D888B6BBBDCEF96740F0844E6BD80C7252D734DA48C6A2

Function 00B42835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ead99273b3eefc5a633b0da5917659458cecd5997bdbbb38460529731eb434
Instruction ID: 0b4f3e109d53670f676de7b08f46de89ff111b7afdece856a7ac772532f69134
Opcode Fuzzy Hash: 70ead99273b3eefc5a633b0da5917659458cecd5997bdbbb38460529731eb434
Instruction Fuzzy Hash: 2321D431A05681ABE32267688D84B2977D4EF41B64F2803F1F960DBAE2DB68CD41E341

Function 00BF01AA Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6ea283b07b97f648257c05da159827a155e19f07e394a156b78fe9e1c1042a3
Instruction ID: aa5e4b6c0a17c3b23e8324394bf4b80a7da660a954eb23ee38cb426444148fa3
Opcode Fuzzy Hash: c6ea283b07b97f648257c05da159827a155e19f07e394a156b78fe9e1c1042a3
Instruction Fuzzy Hash: BA21B4612142544FE705DB9AD8B84B6BFF5EFCA22671981E6D9C4CF347C624980AC7B0

Function 00B5A30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd2b37bafbe7c6cc6e0fe8dd9d68c3efc15ff8c4a7419b2cf257ac3b49e70467
Instruction ID: 75eb348673fe5b0574d1d99d00308bd17b911be072c0b6a99c7e20a922abbe62
Opcode Fuzzy Hash: fd2b37bafbe7c6cc6e0fe8dd9d68c3efc15ff8c4a7419b2cf257ac3b49e70467
Instruction Fuzzy Hash: 0A21AC75200A109FCB25DF28CC01B4673F5EF08B08F2484A8A509DB7A1E735E942CB98

Function 00BDA49A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85e447f4940f07def736bd1bb4eb9953150e30dad81a6035b6fa6003d52f74fd
Instruction ID: c1ee9b99870d20e1855ef06fc52bf6f51e02c775edd78831aa6ad50a078f88ce
Opcode Fuzzy Hash: 85e447f4940f07def736bd1bb4eb9953150e30dad81a6035b6fa6003d52f74fd
Instruction Fuzzy Hash: 0811E772240E217BE7226654AC41F27B6D9DBD4B60F2140A5B608CB391FAB4DC018796

Function 00BA0946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed3dd7e68bb280467f3ad82ac7b8410b472e2962aaec303b99a1f12bf5f3e3c4
Instruction ID: ae713122be1e2d57a33df688acbbfb7bf6a99070e24cc61ebcfb9f9206c98845
Opcode Fuzzy Hash: ed3dd7e68bb280467f3ad82ac7b8410b472e2962aaec303b99a1f12bf5f3e3c4
Instruction Fuzzy Hash: 3021E6B1E10258ABCB14DFAAD881AEEFBF8FF99700F10016EE405A7251D7749985CB64

Function 00BB80A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: 087ac2f3f552aa7c80ec2a7082098b1d588cd484537327a5a9555135e3fbb5df
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: DC215B72A00209AFDB129F98CC40BEEBBF9EF88310F204495F904A7251DAB4DD51DB50

Function 00BEEE26 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f192d845fc5ebf385f52a23450f6a95c43ab5f2ef70bec83b47af8756db83e78
Instruction ID: 5d681d6b1007b45b6dd7cee2c89dbc8fff9357c00b4cac41eeb6ddbcf74f8fd9
Opcode Fuzzy Hash: f192d845fc5ebf385f52a23450f6a95c43ab5f2ef70bec83b47af8756db83e78
Instruction Fuzzy Hash: 2621B433A104119B9B18CF3DC8045AAF7E6FFCD31476A827AD526DB264D770F91186C4

Function 00B50124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: 8f356b239d09b0ce82f7784dda11d597b78a40867978059bc532ff489d1fc680
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: 0D11B272601A04AFD722AB55DC41F9AB7F8EB80755F1040A9FA059B190D671ED48CB51

Function 00B28770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60b2579696e59d9bf5107336b1eddd55fe188b7d45cdccdaaadf634e320f261a
Instruction ID: e937478c71ec78e429ab28259c5f287c6c2e6cc3300f05d95a9925990545da2e
Opcode Fuzzy Hash: 60b2579696e59d9bf5107336b1eddd55fe188b7d45cdccdaaadf634e320f261a
Instruction Fuzzy Hash: AC11C1317026309BCB11CF59D4C0A66B7E9EF5A750B2880F9ED0C9F215DAB2ED02C790

Function 00B5AAEE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction ID: dd017c46ace896a1214ff16ddc5f571bb82e582f3ca1848b658029d6a105e379
Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction Fuzzy Hash: DF218B72600640DFCB359F49C580B66F7E6EB94B11F2482FDE94AA7610E770ED05DB81

Function 00B280E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc247ae2d54f632cc244e5923de65fa80a7115d91e279159e15a429c32cf1dba
Instruction ID: 08e125b7e2ce17d2b9766b25734a487702e2b1ecb384bc1f4f08aa4d93371dae
Opcode Fuzzy Hash: dc247ae2d54f632cc244e5923de65fa80a7115d91e279159e15a429c32cf1dba
Instruction Fuzzy Hash: 09216835A01215DFCB14CF98D581BAABBF5FB88319F2041A9D109AB390CB71AE16CBD0

Function 00B5674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c5d0123a54a4509015523a20172484048da3d2608439c385de125fe676729f
Instruction ID: 4ebf504985d32e41018ac69c73ef5f28dd663332e2ffab8fb247280afbe5f01f
Opcode Fuzzy Hash: d7c5d0123a54a4509015523a20172484048da3d2608439c385de125fe676729f
Instruction Fuzzy Hash: 70216D75600A00EFD7208F68C881F66B3F8FF48755F9488ADE89AC7651DB70AD54DB60

Function 00B4E8C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b805b97755eafdbcbc7838e4fbf2db03ddd095e8c127645ea1f4847cf00db7d
Instruction ID: d7b7d0fe6080bedea57ad3dd58c548783ba4427d0a6c9cdff4de3a88548a7eff
Opcode Fuzzy Hash: 3b805b97755eafdbcbc7838e4fbf2db03ddd095e8c127645ea1f4847cf00db7d
Instruction Fuzzy Hash: 8D110472200114ABCF19DB25CC81ABB72D6EFD6378B3545B9E9229B2D0DA30ED42D790

Function 00BB6870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5f773f830a35c7c5b46e93b9c38ae398d1ea9e256df42a3137746f9d6febc54
Instruction ID: 0ba6f6751477a85c9c223b75efb8eee2df2fe381528a64052b068c4ed3e80623
Opcode Fuzzy Hash: b5f773f830a35c7c5b46e93b9c38ae398d1ea9e256df42a3137746f9d6febc54
Instruction Fuzzy Hash: DF11E332640A14EFD722DF59DD80FAA77E8EF99B50F1140A5F245DB251DAB8ED00C7A0

Function 00B566B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f6b22ba06f16ddf81cd441304409ba54e728ecaa72a4685cecd57d0f22914bc
Instruction ID: 3e1a7b7e6c60d7f879468f52164236e8d6e6bde1cf693a803f3927f2600c990b
Opcode Fuzzy Hash: 9f6b22ba06f16ddf81cd441304409ba54e728ecaa72a4685cecd57d0f22914bc
Instruction Fuzzy Hash: 9611BC76A012049BCB25CF59C980B5ABBE8EB98715F5180F9ED059B310D630DD04CB90

Function 00BEA8E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction ID: 7f3b2c13e4488844596e9322e65bf95691a365b964a3630e962ac9f35c58a796
Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction Fuzzy Hash: 66110436A00905AFCB19CB55C805B9EF7F5EF84310F1582A9F84597341E775BE01CB90

Function 00B20AD0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction ID: 0a7354ec9f77ca141f1f8dccb299131701d8a617db80557e22eea8c8231d2583
Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction Fuzzy Hash: 6B21F2B5A00B059FD3B0CF29D481B52BBF4FB48B20F10492AE88AC7B41E371E814CB90

Function 00BAE7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: 861a54a3e9f6896cb588f6ba2df73b7e436be779d07b3f91771354b81326845b
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: 5011CE32608600EFDB309F44CC41B5AB7E5EF46750F1584A8F829AB261EB39ED40DBA0

Function 00B427ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04639f6906fc272d0e0ce612644c238a5c6b85ba8f2b85901b3df0f900f50926
Instruction ID: a506aa19d240f6f1a6376459ff71e333516eb776da564f4165431e7f5c6b1a7c
Opcode Fuzzy Hash: 04639f6906fc272d0e0ce612644c238a5c6b85ba8f2b85901b3df0f900f50926
Instruction Fuzzy Hash: 5901C431605684ABE316A369DC85F6B7BDCEF81794F5500F6F900CB661D914DD01E372

Function 00B24690 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 335222c2bb9a82078bc712f81cc14ab8b84c404708b850f399728aaf66b758e1
Instruction ID: 6aec935cb5661dd424a188041e4a02ccf1769c8ff076b2974adcd3cf63836e5b
Opcode Fuzzy Hash: 335222c2bb9a82078bc712f81cc14ab8b84c404708b850f399728aaf66b758e1
Instruction Fuzzy Hash: 8C11E136200664AFCB25CF59E980F567BE8FB86B64F104599F92C8BA60C770EC44CF60

Function 00BF4B00 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b44cb2f300144ef642cabf94f6336910c65c545a42500bddc273c1ce08b6e3d
Instruction ID: dabee82c9a714009ef13c6c524949dc177b12dc7c6e6de829c3a2679d3131577
Opcode Fuzzy Hash: 2b44cb2f300144ef642cabf94f6336910c65c545a42500bddc273c1ce08b6e3d
Instruction Fuzzy Hash: 9811C2362006199FD7229A29D880F77B7E6FFC4710F1544A9EA46C7692DB30ED0ACB90

Function 00B56620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74bf783b062c9f17f13bb3e53b1594a5c658b42309ebc18566835b5558a134fd
Instruction ID: c222a021efc0521175cdf247485b32003da5a48ad508a5bbaa1b12473fa396d5
Opcode Fuzzy Hash: 74bf783b062c9f17f13bb3e53b1594a5c658b42309ebc18566835b5558a134fd
Instruction Fuzzy Hash: 3811C272900714EBCB21DF59C981B9EF7F8EF88B41F9000D8ED05A7201C730AD458B90

Function 00B4EA2E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fca6c3c4d8cc16b9e98beaaf5edc6aa8a19c5da9c4e8cddae57baf8aebc01b38
Instruction ID: 84d3749eec95caf37861d3da121e3f4f9e1e3839a5f390b7ebb74c448372c153
Opcode Fuzzy Hash: fca6c3c4d8cc16b9e98beaaf5edc6aa8a19c5da9c4e8cddae57baf8aebc01b38
Instruction Fuzzy Hash: 2D018C71600609EFCB15DF19E944F6ABBF9FBC6314F2481AAE0098B261D770ED81DB90

Function 00B4E53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: a796a2961472a2ce2ac65858584a419f7fa111bad40c7e855c7fe4eedc446f1e
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: DD11C8716016C29BD722A768D994B3577E4FF51B58F2900F0ED45C7662E738CD42D350

Function 00BAE75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: fb0a4bd20318ea6a06f6b850eae9b2e75e88d723bceb454bdcfbdf3c83626e95
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: 20012432608204AFD7219F54CC41F5BBBE9EF82B50F1580B4F919AB260E771DD40CB90

Function 00B1A250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: 5bab5ed0fcb754acc88c3d4c3bf2bcf05ebca2b55d4e0fececa9a0e0154938af
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: F7014572406B119BCB308F15D880AB27BF8FF55B60B408AADFC958B280C731E840CBE1

Function 00BF4940 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd5530a746b8ed3422482c76479676a10fc5ad5d5eb5e930ccdb2632f4dbc57e
Instruction ID: 1ff44ce1a6a56c0c1670f72edf408b7e5a4a01fa9945d57a4bd13e8d3fe3718a
Opcode Fuzzy Hash: cd5530a746b8ed3422482c76479676a10fc5ad5d5eb5e930ccdb2632f4dbc57e
Instruction Fuzzy Hash: 5C01D6726416049FC721DF18D844E63B7E8EB91770B258295EA689B2A2E770DD05C7D0

Function 00B9E1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b267a309cbf7ebd320345c555e2e93cc770dba74ab4e5776d5d2e69d29fc412
Instruction ID: 9f7bc615d362994d76ae640dbf6ad019955791221de76c6d6b4de23a8128372e
Opcode Fuzzy Hash: 3b267a309cbf7ebd320345c555e2e93cc770dba74ab4e5776d5d2e69d29fc412
Instruction Fuzzy Hash: 86113932241640EFCB16EF19D991F56B7F8FB48B94F2400B5F9059B6A2C635ED01CAA0

Function 00B26259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87dcc018e00981ab3a885896ff470433a7eceffcff321b46ee36d402d6532726
Instruction ID: b205fe94f801730e09a5674d42da7640709b6496a48bcc3936c56ad9eb1d7d3f
Opcode Fuzzy Hash: 87dcc018e00981ab3a885896ff470433a7eceffcff321b46ee36d402d6532726
Instruction Fuzzy Hash: D6115A71541228ABEF25AB64CD42FE9B3F4EB08710F6441D4B318A60E1DA749E85CF84

Function 00B2208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: ffe54d27a07801b3bf0de2756d62a6a7f2ea0e53b52b9523721e4f8e2912cdda
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: C401F132600120ABEF118B69E8C0AA377E6FFC4700F2581E5ED19CF246DA718C81D390

Function 00BA6050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3addf8c35bc7531432012066d2382afa6297e860fdbb4004b73738704dab787
Instruction ID: 052b4ec4133a15a80ba00a1d6598499099b5b5201616de3cf092564e58f89b9d
Opcode Fuzzy Hash: b3addf8c35bc7531432012066d2382afa6297e860fdbb4004b73738704dab787
Instruction Fuzzy Hash: 60111BB2900019ABCB11DB94CC81EDF77BCEF49354F044166A906A7211EA34EA54CBA0

Function 00BB6500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd6ae09cfb1ed2ce63ab315788519e6e3787ecb840b2585f2ca45aeb25bb59f0
Instruction ID: 88499d9fcb35b09f54f8a044859259269f463851d8566c57005fc798c23f237d
Opcode Fuzzy Hash: fd6ae09cfb1ed2ce63ab315788519e6e3787ecb840b2585f2ca45aeb25bb59f0
Instruction Fuzzy Hash: 5011A1366441499FC721CF58D850BF6B7F9FBAA314F188199E8488B315D776EC80CBA0

Function 00BAC810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79418bfa7b414da16d97bbe25f3878d8fafa3ffd276b74a886f58eeee679b8de
Instruction ID: 68a6b4e2776939b1a23d0ae897c724ef1e95180f369adda90d53017fb90a9d1b
Opcode Fuzzy Hash: 79418bfa7b414da16d97bbe25f3878d8fafa3ffd276b74a886f58eeee679b8de
Instruction Fuzzy Hash: C111ECB5E002099BCB04DF99D581AAEBBF4FF49740F10406AF905E7351D678EE018BA4

Function 00BCEA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e3de8daa2045cf7429859ab79ae2a1c69c4acd13eb37e35981a3198417542a4
Instruction ID: 426a4a64bacf7cbd09cf3a971828e197b859f994fdf0f37ae3e4e7dab7509f04
Opcode Fuzzy Hash: 2e3de8daa2045cf7429859ab79ae2a1c69c4acd13eb37e35981a3198417542a4
Instruction Fuzzy Hash: 6101B176140210DFCB32AF118441F6ABBE9FF52750F2544AEF1645B251CB21DD41DB91

Function 00B620F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35435899d6eaef3d416c6d8dd340a8cde538079dff4dd457c0ec93ce706c2114
Instruction ID: 7680ff6af829a360f82a9d3251f6139b35b11fd7e87964756227f6735eddea2f
Opcode Fuzzy Hash: 35435899d6eaef3d416c6d8dd340a8cde538079dff4dd457c0ec93ce706c2114
Instruction Fuzzy Hash: 15118031A0120CAFDF05DF64D851FAE7BF5EB46740F1040A9F911A7250DB39AE11CB90

Function 00B1C020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: b3c723a15bec08ecce8123b5d3ccda172c034ad102d770481b59364556ca5c6b
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: 0F016832200744DFDB229625C840FA777F9FFC6340F508499A95A8B540DE70E841C750

Function 00B5E5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47b4c2586543379e9a8082c4cda092de321be0106a37480d53c0c6d43bee68db
Instruction ID: 76bf7a77e507d9c155bd438ae00d69d5bf6cdadde44c82c5cd5de01accf78b3c
Opcode Fuzzy Hash: 47b4c2586543379e9a8082c4cda092de321be0106a37480d53c0c6d43bee68db
Instruction Fuzzy Hash: 7B018F72201A00BBD711AB69CD81E57B7ECFB897A4F1006B9B505936A2DB24ED01C6A0

Function 00BB69C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6379060e88eff4fcefe270a779b51809663d7cbec2b3404b63b8cda24d68945c
Instruction ID: 61e8d7e75f02d528ec90379ed94a720c5470523a64f5efe5a0384b0e95b6bf0e
Opcode Fuzzy Hash: 6379060e88eff4fcefe270a779b51809663d7cbec2b3404b63b8cda24d68945c
Instruction Fuzzy Hash: E1014C322146059BC720DF68C889AF7F7E8EF49720F204169F91897280E7349D01C7D1

Function 00BAC460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d28c882df00d0296bb302353f106d5d090f93ad76993d7401f777cdbc26c786
Instruction ID: fac9bdb062564cc1ab29bb476d02c59ff27cae06aa42f960f29a23d9d4a46edb
Opcode Fuzzy Hash: 5d28c882df00d0296bb302353f106d5d090f93ad76993d7401f777cdbc26c786
Instruction Fuzzy Hash: 22115775A01208ABDF05EFA4D851EAEBBF5EB49340F108099B80197390DB39EE11CB90

Function 00BAC97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e8df50b3907320cccd7885f31fedf60377df862696b19f7beaa29e2775d0db7
Instruction ID: 26db9abe5ae4dd1c66ef7b6aeae38baa8dca81539a8c924dee3846070de6bbab
Opcode Fuzzy Hash: 4e8df50b3907320cccd7885f31fedf60377df862696b19f7beaa29e2775d0db7
Instruction Fuzzy Hash: BB1139B16193089FC700DF69D442A9BBBE4EF99710F00855AF998D73A1E734E900CB92

Function 00BF4A80 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction ID: efbcf75b6de9bb83592f12de210b156cae861ec48eb92f29f3a34f102723a109
Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction Fuzzy Hash: 7E01D432240A099FDB219A69D841FA7B7EAFBC5710F044899F6428B650DBB0F884C794

Function 00BACA11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d94ef20a86239e3dbf6603b7bb06fba3ac453de95028c784f70540f035bc035d
Instruction ID: ad8ea8de962d76010dcee5fecaa7f1dfaca8e67cb11d6848f7cff6e09a55fc2e
Opcode Fuzzy Hash: d94ef20a86239e3dbf6603b7bb06fba3ac453de95028c784f70540f035bc035d
Instruction Fuzzy Hash: A41139B16193089FC700DF69D441A5BBBE4EF89750F10855AF958D73A5E634E900CB92

Function 00B3E016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: 10b69976859756183569902db16adaec71a2156fe171ccad53aeb544601d461b
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: 32018F322445809FD32A971DCA89F2677E8EF45750F1A44E2F819CB6D1D678DC40CA25

Function 00B1826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 505ab62c044f019ecebf273aa53f59b95f3de0e6280ccb2ff4bcd64b4672815c
Instruction ID: f6195a5e628e9e230def89a0eb2d3ab73710f09e6c447b8f24e36e95939acf17
Opcode Fuzzy Hash: 505ab62c044f019ecebf273aa53f59b95f3de0e6280ccb2ff4bcd64b4672815c
Instruction Fuzzy Hash: 9E018431700508ABCB05DF69DC51AEE77E9FF45310F9544A9A901A7651DE30DD41C6D4

Function 00B22582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d3cb31070b78b0c5a05bf99f139dd369f11af6e71449cccc0176d1ff9a45b1e
Instruction ID: f6d0a3dcd8a39eb4f7606009b663f98a8f2c5ee62d21c68cec79c4baf3a220de
Opcode Fuzzy Hash: 3d3cb31070b78b0c5a05bf99f139dd369f11af6e71449cccc0176d1ff9a45b1e
Instruction Fuzzy Hash: B3F0F432641B20BBC731DB569C40F17BAEEEB84F90F1480A9B909D7640DA30ED01CBA0

Function 00B4C073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: 6b98bff9306fd4128dfe1e495f9adfa15b132166b9f13b0dc9d1ef4a8039cf39
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: A7F0AFB2600A10ABD328CF4D9841E57FBEEDBC0B80F048169A505C7321EA31DE04CB90

Function 00BF62D6 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12048d3a96264b5a1feaab47c2caa489972872adfc616a53d5776c20cf776202
Instruction ID: 99af90885defdac3b4deb21b3e690a06fead33bffa5915f2fbdede1db712bfda
Opcode Fuzzy Hash: 12048d3a96264b5a1feaab47c2caa489972872adfc616a53d5776c20cf776202
Instruction Fuzzy Hash: 43014471A0020DEFCB04DFA9D441AAEB7F8EF48704F50406AF914E7351D7749E058BA4

Function 00BF625D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 365f5aee14ee708e07f98dcf559568959fc72efe0bdd287948746ebf0bd42a7c
Instruction ID: 491f1fa5d1b51c07ed15955b2b73c88887848e49dd3fa0f67db32ee28982fedd
Opcode Fuzzy Hash: 365f5aee14ee708e07f98dcf559568959fc72efe0bdd287948746ebf0bd42a7c
Instruction Fuzzy Hash: CE012C71A1020DABCB04DFA9D491AAEB7F8EF48704F10806AF914E7351D678AE018BA0

Function 00B1C310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: 078846e651a081387504c1a3d06849f25a9d053fe5d2d86085dc77935e71dec8
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: B4F081332847329BC73216595841BEBBED5CFC2F60F6980B5F1199B600C9708C42A3D4

Function 00BF634F Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6193bf1201f0a09d35d287d2fb5269da902d69cb2719a2e4cabf1592df6c272f
Instruction ID: 62efdedaa540bfba7e9edc7fcd35a445b8c853e6edc0a7f647896caff965cdbd
Opcode Fuzzy Hash: 6193bf1201f0a09d35d287d2fb5269da902d69cb2719a2e4cabf1592df6c272f
Instruction Fuzzy Hash: 36012C75A1020DABCB04DFA9E551AAEB7F8EF48704F10406AF914E7351D7789A019BA4

Function 00B5CA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: 3dd089d08ceca0063bb136d45eeb152586d4c572a46cd8d5c6aadfc20fd716e0
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: 3401D132200689AFD7229619C889B5ABFD9EF42B50F1840F1FE048B7A2DA79CD00C650

Function 00BF61E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abf6be473fd4ac9c4fd76d2aa632b94793986653afef8778330d4b05e4cda818
Instruction ID: 671231728c4fc753fbd94026a88bbfb2b9092848d18f7d44b6a4f1255132b24c
Opcode Fuzzy Hash: abf6be473fd4ac9c4fd76d2aa632b94793986653afef8778330d4b05e4cda818
Instruction Fuzzy Hash: 36012C71A01249ABCB04DFA9D846AEEB7F8EF49710F14409AF901E7291D778AA01CB94

Function 00BA63C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: cfa093513ca1972e68ab17afc53138cf2c7cc30ed988ac5895244004c19c9f1f
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: 3FF06D7220001DBFEF019F94DD81DAF7BBDEB49398B104165FA10A2120D631DE21ABA0

Function 00BAA4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ede27c5bada51f311fade1a9e7ef536aacf574ba60b10e6a54a50127759745cd
Instruction ID: d3f95402b00a8fca13e0ef489890d4faa7ab703260cf5e7a848c0b96c99c3111
Opcode Fuzzy Hash: ede27c5bada51f311fade1a9e7ef536aacf574ba60b10e6a54a50127759745cd
Instruction Fuzzy Hash: 25019736504209ABCF129F84DC40EDE3FA6FB4C764F068241FE1866220C732D970EB92

Function 00B1C0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45bcfed270b39c3e473954c6a70fd44247188029cc042233d116588277d9af32
Instruction ID: 59afbdc4a0b3c7d8dfea8ae75c66e79f22c163b72d0f3416adf4c6ac8ac7290f
Opcode Fuzzy Hash: 45bcfed270b39c3e473954c6a70fd44247188029cc042233d116588277d9af32
Instruction Fuzzy Hash: 22F02B712C42017BF31096559C01BB236D5D7C0750FA580B5FB099F2C2E970DC918394

Function 00B5656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c7f60d21b5f304fb6a5c104da9969fdb9a5231daa17a88cf50b91d9d9aa071
Instruction ID: c583d926c25e6af770bab9017a57bb15c5e91f379b6793c7160f480f6d0e7de8
Opcode Fuzzy Hash: d7c7f60d21b5f304fb6a5c104da9969fdb9a5231daa17a88cf50b91d9d9aa071
Instruction Fuzzy Hash: D101A470644A84DBE722AB38ED99F2933E4FB51B44FA841F0BD01CB6E2E768D801C614

Function 00BC437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: 9dfe19f7d8c3d49a09f12411b58121267abdabd72daf5059a0ce09ec90daaf5c
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: 07F0E235341E9287DB35AA2A8830F2FA6D5EFC0B01B1506BCA881CB680DF20DE008794

Function 00BAC89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f597d910565506f856e6b4cf0598b70361ec3e26418437de5e69f342ea71c0c7
Instruction ID: 5f7bcc4e47e0f4d1343180f569e973e7dc94e614db2bd23076e4d5a1e42b871e
Opcode Fuzzy Hash: f597d910565506f856e6b4cf0598b70361ec3e26418437de5e69f342ea71c0c7
Instruction Fuzzy Hash: 5CF0A4706097049FC310EF28C442A1BB7E4FF49700F40469AB894DB391E738EA00C756

Function 00BAE872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: df7981e0452fe9653c712a22b59e1a568a598be18bb1d2bf102d1fee6c90150e
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: 23F082337196119BD3319A49CCC0F17B3E8EFC6B60F6A01A5B524AB260C768EC01C7D0

Function 00B50854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: ae077e774f9ee8577746efaf26de604f58afe052d84f7ead9fea89f4f1e519d9
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: 58F0E972610204AFE724EF25CC01F96B3EDEF98350F2480F89945D7260FAB0EE41D654

Function 00BAC912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04b131d228b896fcc555218e5e0791f92d4d2d5c9765df3e9bd2c4d28dfdccf9
Instruction ID: 8f3bbdad302c663b3014f81b4c2f55b31dcf4424667c0b472d5c6494af941904
Opcode Fuzzy Hash: 04b131d228b896fcc555218e5e0791f92d4d2d5c9765df3e9bd2c4d28dfdccf9
Instruction Fuzzy Hash: ABF04F70A0524DAFCB04EF69D555B9EB7F4EF09700F1080A5B855EB395DA38EE05CB50

Function 00B247FB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b57d81bf40a56535f98bc210f1f82edf2c6352dc9e3551753d5a52c3994263
Instruction ID: 2e8d2d485c1641219bc96de26862841e64ebe8c7f4917dcdd4d612deb58384a6
Opcode Fuzzy Hash: f7b57d81bf40a56535f98bc210f1f82edf2c6352dc9e3551753d5a52c3994263
Instruction Fuzzy Hash: 5AF09A319326F49ED7228B68E044B62BBD8DB00760F1989EAE98D8FD02C764DC80C652

Function 00BE0115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53bc8b1661f5bcab6a5d1b544371cc5b11a9c3d8cb0198d6c2b86f30ef31d1b
Instruction ID: 919c7571039737c186c44d8169b80cc0352ff9eec9896a1745981142dc262df7
Opcode Fuzzy Hash: f53bc8b1661f5bcab6a5d1b544371cc5b11a9c3d8cb0198d6c2b86f30ef31d1b
Instruction Fuzzy Hash: ACF027A642A6C007CF217B2878513D57BE4E743310F0E10DAF4A17F202C6B48CC3C225

Function 00B5C5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8ccb23889d9ca6d690e13aba15235f6fe6b85e164dc483c7894a5abe2f386bb
Instruction ID: bfde8bce6b92a7dad2bc176eeb813c0937757a6a3c0b4c027b61d79f9699d998
Opcode Fuzzy Hash: e8ccb23889d9ca6d690e13aba15235f6fe6b85e164dc483c7894a5abe2f386bb
Instruction Fuzzy Hash: F8F027755117509FC332DB18C148B617FDAEB00BA3F19A5E5EC06C7512C3B0CE88CA50

Function 00B62619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: 3f6698b8d69aa1937c199443ae722b87921ddb7abd597fcd4e35d1fc54d68e58
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: D0E09232300A002BE7229F59CC81F4777AEEF82B10F0400B9B5045E252C9E6DD0982A4

Function 00BB6030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: a7cd0dde499c16c892eb257fcdc2c0fed945d4852fda0861620d5acc785c2bd3
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: A1F030721046049FE3249F06D9C4FA2B7E8EB15364F95C0A5E6099B561D3BDEC40DBA4

Function 00B20710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: 52c023b90c6bdec15c4a4b1ac79f848b6d29b87a6a7b886b8372502f404d87a4
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: 48F0E53A3043559BDB15DF15E080A957BE5EB45350F1040D5F85A8B312E731FD81CB41

Function 00B549D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: 46bd643091be31428fd890bb0fd7e4899e9aaf0626513b42b02b32e17f9c2c97
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: EFE0D832284544ABD3725A558801B6677E9DBD07A6F2504E9F9088B150DB70DCC4D7D8

Function 00BF4164 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3968df7da2063968ac5e97cd298b2920ad63237c3764c16cfafe992f764e6f8
Instruction ID: 395daccac3e7a338271b17bf579e6086b7c52288ba3cfee048897b1f2a6b0e99
Opcode Fuzzy Hash: f3968df7da2063968ac5e97cd298b2920ad63237c3764c16cfafe992f764e6f8
Instruction Fuzzy Hash: 3DF0E5319265948FD771D728D680B737BE4EF10730F1A05D4E50097A11C324DDC8C650

Function 00BC678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: c65f445be9c745685bb254b862bb2aa15dba3f038e87ddda9636b66ca2d77215
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: C2E0DF32A00120BBDB2197998D02F9ABBFCDF80FA5F1500A9BA00E70D0E530DE00C690

Function 00BF08C0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction ID: 2a4dbc19448b4aa544c4b11d095cbdb5a56c7ab59fbde99edadb03a240f485be
Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction Fuzzy Hash: 5FE09B316503588BCB249A19C141A73B7ECDFA57A1F2580E9DA0547623C231FC5AD6D0

Function 00BDA456 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction ID: 4565160c735ccc8063eb49cfdf91bab197ac6ebfce94844f1f52c6eca81d3567
Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction Fuzzy Hash: DFE01231010A50DFD7366F25D949B52B7E1FF40711F188CAEB09A116B1D7B5ECC1DA41

Function 00B225E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6352d9d89be14b9d3dd3686954c96a5911f5c591e1fff0bf948916e7bad48a76
Instruction ID: b9e2c6a17421f93f841834e2fd5dafc4259ddac5e87ab114b89cec6e1c4563d7
Opcode Fuzzy Hash: 6352d9d89be14b9d3dd3686954c96a5911f5c591e1fff0bf948916e7bad48a76
Instruction Fuzzy Hash: C3E0D832100A54ABC312FF29DD02F8B77DAEF50760F114565F119571A1CB34AD50C7C4

Function 00BA4000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: 18f894388dff3d1099844e3a0ca52e3bc17f40a7a74d346e54df0e45cf09600d
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: 87E0AE343042058BD725CF19C040B6277A6FFD6B10F28C0A9A9488F205EB72A8429A40

Function 00B5CA38 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dca93739551d2276ec2edec517fa473e52653da2ce60b59765b6750bc1bb1186
Instruction ID: 04c6f7d24892a8290a7f2b92727cc2b8759d39d75ee690ae477471bf179aecf3
Opcode Fuzzy Hash: dca93739551d2276ec2edec517fa473e52653da2ce60b59765b6750bc1bb1186
Instruction Fuzzy Hash: 38D0C2328811306ECB24E2147C04FA33EDAEB41321F0148E0F90892024D564CC8596C4

Function 00B1823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: b8bc036e5263be896af22c12dbdc0c8009b67eeabffd0529ab79471f0b7c2c5d
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: 35E08C31000A10EEEB322F11DC01F9277E1FB54B10F6448A9F089160A48B78ACC1DA84

Function 00B22050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68f33f4101c991091e3da725d8972d34ebe6823dff43b5314a19e07fe4206efa
Instruction ID: 5f17bccb9b4c62ba66138df1600d2f771692a91d44b9d7ea87c36f028bc09303
Opcode Fuzzy Hash: 68f33f4101c991091e3da725d8972d34ebe6823dff43b5314a19e07fe4206efa
Instruction Fuzzy Hash: 6AE08C321005606BC212FB5DED02F8A73DAEB95760F114261B155976A1CA34AD40C794

Function 00B58A90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: f781c60cd3c36ac7e83abac3c3768f5398bc0457dfede6edcf84ad5c4a4648f8
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: 78E08633111A1487C728DE18D511B7277E4EF45721F19467EAA5357790C934E948C794

Function 00B76AA4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction ID: 5266b2b3d04311738d0b7f8dbb2607d30122515a3728de5ca1f50b67799f1a72
Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction Fuzzy Hash: EBD05E36511A50AFC3329F1BEA00C13BBF9FBC4F10B05066EA44593920D670AC06CBA0

Function 00B5E59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: 18e3e15b83212952cf36a198c3e6ef69eeda17ab945ff320cbf32ab66362c2e0
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: CAD0C932654660ABDB72AA1CFC04FD373E9EB98B61F1604A9B019D7151C765AC81CA84

Function 00B9E908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: 906ba43b8f9656feaad85ca143f288c77fde3a0c6fe7121eb89a7b6d64541ca8
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: 8BE0EC359507849BCF12DF59D640F5AB7F5FB84B40F151094A0586B661C634ED00CB40

Function 00B1A0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: ac462daebfc66b6e1b621af326561d836d10dcfe8cb7329fd9c943b5dd67e432
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: 86D02232213030A3CB2857506904FA37985DB81B90F6A00AC340AB3800C0088C82D2E0

Function 00B5A830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: ce3862768a1cf005ae69984807a12bc045e82104f8f550143df21803a77b245a
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: 8ED012371D064CBBCB119F65DC02F957BE9E754BA0F545020B504875A1C63AE950D584

Function 00B5CA24 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed250d5b4429c0bf801e7c2bcca152fda86eb228f9b6132ffbb6471e7e8ebb61
Instruction ID: 5db568845aad405c79812baa06e13a5c9cdb36e7c4b92c8348492e6bb68c74e9
Opcode Fuzzy Hash: ed250d5b4429c0bf801e7c2bcca152fda86eb228f9b6132ffbb6471e7e8ebb61
Instruction Fuzzy Hash: B2D05E315012068FCF16CB04C911B6E3AF1EF20B42F4040F8EA0051220D328EC018600

Function 00B5C700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: b8fdb50208355a3b3e3e8935b35d8a5e7d77803cb7433db7f89dcde35801696e
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: FDC01232290648AFC712AA98CD02F027BE9EB98B40F500061F2048B671C635E920EA84

Function 00B40310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 24499e31141aeab42f7aabe11a1b77268b42495b4e760b8ac0899cda5cd5e535
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 91D01236110248EFCB01EF41C890D9A7B6AFBC8710F108019FD19076118A31ED62DA50

Function 00B20750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: 54ba7fb32a8db2ac57131b76a89b905b40740378c7d88d5ff33ec6b3ee216622
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: A4C04C797015418FCF15DB29D2D4F4577E4FB44750F1548D0E815CB721E624ED01CA10

Function 00B64340 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b31f53f3198de38dc7b39486861023f964537ff5e1b22a89f5db51044e53585a
Instruction ID: 5119832e032e9171ad4fb87f45ff6db9a1735751465c2c07d63108dbe099a003
Opcode Fuzzy Hash: b31f53f3198de38dc7b39486861023f964537ff5e1b22a89f5db51044e53585a
Instruction Fuzzy Hash: 9090023264580012924071584888546404597E0301B55C072E0564559C8E148A565361

Function 00B64650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5059b6a108641b29a708a0823d7ec354629feb67e7906dae44f48468d8d9d4a3
Instruction ID: 7712bd51416eafba838479382d4e135af044e9a33736ab3c59eb54b5d8ae1162
Opcode Fuzzy Hash: 5059b6a108641b29a708a0823d7ec354629feb67e7906dae44f48468d8d9d4a3
Instruction Fuzzy Hash: 7790026264150042424071584808406604597E1301395C176A0694565C8A1889559269

Function 00B62AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47c2dec684e49bab73665cb2d8b2d4471c9f5e9009892ab351f5521128929051
Instruction ID: 50a7a09ed1d627fabfe389164f2b9132452d43debdfd5c15de8e19472a8c47fd
Opcode Fuzzy Hash: 47c2dec684e49bab73665cb2d8b2d4471c9f5e9009892ab351f5521128929051
Instruction Fuzzy Hash: 1C9002A2241540924600B2588408B0A454587E0301B55C077E1194565CC92589519135

Function 00B62AF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4009757d308b5a5eeb2e3d21f82a82dd1d841f2bda8288361a10b7d41ccec9eb
Instruction ID: bb5c72b4d27cf9c9c15f29d6f8864efdfbe9ed2008f73cef54bad8a27f008315
Opcode Fuzzy Hash: 4009757d308b5a5eeb2e3d21f82a82dd1d841f2bda8288361a10b7d41ccec9eb
Instruction Fuzzy Hash: 2F900226261400020245B558060850B048597D6351395C076F1556595CCA2189655321

Function 00B62AD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3491393b91bb995fdcd250252dc909214dc9459ee3d5ba87f7ab0c4ba269ec2
Instruction ID: 5eabc92935f99de89eb936e391cd69d78c2321c729e9df4636e740444ea848d4
Opcode Fuzzy Hash: f3491393b91bb995fdcd250252dc909214dc9459ee3d5ba87f7ab0c4ba269ec2
Instruction Fuzzy Hash: 24900437351400030305F55C070C50700C7C7D5351355C073F1155555CDF31CD715131

Function 00B62BA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c06b5f87e41070421da8b3449fa3431049aada8525a92b3e05416f3a018c629b
Instruction ID: 15efed6d8a3cd8cfcaab9c091bc2a97c18e45b5230a914a16daeeffb3bbd0713
Opcode Fuzzy Hash: c06b5f87e41070421da8b3449fa3431049aada8525a92b3e05416f3a018c629b
Instruction Fuzzy Hash: E790023264540802D25071584418746004587D0301F55C072A0164659D8B558B5576A1

Function 00B62B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d944d18dbaab8880d316e0c164090517db2ebc59bce752333d4ec0a13ca6131
Instruction ID: ea9975191b0daef927106416d3f47f8d74ad55a3d435b74487be213108f8e3de
Opcode Fuzzy Hash: 9d944d18dbaab8880d316e0c164090517db2ebc59bce752333d4ec0a13ca6131
Instruction Fuzzy Hash: 1F90023224140802D20471584808686004587D0301F55C072A616465AE9A6589917131

Function 00B62BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 818a3a0ff149fab09f0e2238d65b96b3eb37182f405fb2de0dfba0ffddb87fd2
Instruction ID: a16f07d2e6b5d5977df8fca5645c8e1eaaf6862450af64be3df3012cabd4bb18
Opcode Fuzzy Hash: 818a3a0ff149fab09f0e2238d65b96b3eb37182f405fb2de0dfba0ffddb87fd2
Instruction Fuzzy Hash: D190023224140802D2807158440864A004587D1301F95C076A0165659DCE158B5977A1

Function 00B62BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0b7bc101e79939a8bf92abb193da8e6cd4fba85185634ef388b1519e8fe539c
Instruction ID: bbc3f43efbec9e619f5d891642cb1828b69a66c6294ab779ef7d1270ecbfedc5
Opcode Fuzzy Hash: d0b7bc101e79939a8bf92abb193da8e6cd4fba85185634ef388b1519e8fe539c
Instruction Fuzzy Hash: DF90023224544842D24071584408A46005587D0305F55C072A01A4699D9A258E55B661

Function 00B62CA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d83b3683d807a77f23a9cabc771d685399a437466a7017c45d6bbc5f9deb9f8
Instruction ID: 2998d5b6f1ca023e2c09f6d457b623db2db1a506549de4a25a311da6ec5d88ac
Opcode Fuzzy Hash: 2d83b3683d807a77f23a9cabc771d685399a437466a7017c45d6bbc5f9deb9f8
Instruction Fuzzy Hash: AC90023224140402D2007598540C646004587E0301F55D072A516455AECA6589916131

Function 00B62CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e2a57d9518b735dfe76f9d24698136b95c11f84597cfece7fd3996fbcb9d647
Instruction ID: 02b2bdf2c6ec6ca891152a87f532f578b3363f8069f75004bc7de4e41ac39f2a
Opcode Fuzzy Hash: 9e2a57d9518b735dfe76f9d24698136b95c11f84597cfece7fd3996fbcb9d647
Instruction Fuzzy Hash: F190023224140403D2007158550C707004587D0301F55D472A056455DDDA5689516121

Function 00B62CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2a2b923a925ebc9cff0cb9e47545060aca5780b83921d0070be6b65bea7a672
Instruction ID: 816c50afedf5dd80cd87758ea7c758c8292b8a78d5e8d177012bd0324396ea74
Opcode Fuzzy Hash: e2a2b923a925ebc9cff0cb9e47545060aca5780b83921d0070be6b65bea7a672
Instruction Fuzzy Hash: AA90022264540402D2407158541C706005587D0301F55D072A0164559DCA598B5566A1

Function 00B62C60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55dff3de7d1d06b4a5b83b9f5d1b622f9940ea1ba2a24fb2494403b8203080e4
Instruction ID: bf597bcf8451bbe3dcc8c03f644d89d134445002f8bf6fc2a0038e6edf5e4993
Opcode Fuzzy Hash: 55dff3de7d1d06b4a5b83b9f5d1b622f9940ea1ba2a24fb2494403b8203080e4
Instruction Fuzzy Hash: 8E90023224140842D20071584408B46004587E0301F55C077A0264659D8A15C9517521

Function 00B62DB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af31f62199bc29fdcf04a34cb492c4aeb6ad8712554251d2347ce80189936c9e
Instruction ID: 3487a7109cb35f3df6998a986b8debc0f59b2744d5f582712b4de495af2d1915
Opcode Fuzzy Hash: af31f62199bc29fdcf04a34cb492c4aeb6ad8712554251d2347ce80189936c9e
Instruction Fuzzy Hash: 0590023228140402D24171584408606004997D0341F95C073A0564559E8A558B56AA61

Function 00B62DD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 987dada823cbb8e56cfcfffd03cd7452d8530a343ab01d02dc27cb1f7ba519cc
Instruction ID: ea8fa1a69ac976557b2c739e0607dfc9c141a5e83ee6cb2aec0f6faf327688a8
Opcode Fuzzy Hash: 987dada823cbb8e56cfcfffd03cd7452d8530a343ab01d02dc27cb1f7ba519cc
Instruction Fuzzy Hash: 99900222282441525645B1584408507404697E0341795C073A1554955C89269956D621

Function 00B62D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1d373358aeef10c08d7e9f3422ec3493a867994bb20f6500133ce121afa8ae0
Instruction ID: 1b4cbf5cd39dd18c27b4ba1aa83aef606274ecdeb5c92b05985309bc37cb0516
Opcode Fuzzy Hash: d1d373358aeef10c08d7e9f3422ec3493a867994bb20f6500133ce121afa8ae0
Instruction Fuzzy Hash: 7A90022234140003D2407158541C6064045D7E1301F55D072E0554559CDD1589565222

Function 00B62D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c978df953e7f703f29f18bb49f9e0cf787be22600f61b6e9b66182b34a160274
Instruction ID: d95006c9309d59aff15bfac98a863d7223c95db2d66ad86b404eb9ec629fdd3d
Opcode Fuzzy Hash: c978df953e7f703f29f18bb49f9e0cf787be22600f61b6e9b66182b34a160274
Instruction Fuzzy Hash: DD90022A25340002D2807158540C60A004587D1302F95D476A015555DCCD1589695321

Function 00B62D00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12bac837ba4f0294292350cf71d6d1a9e3b609cbdcdfee2f6826941b197dc752
Instruction ID: 33d10399f6ed51ee3ccbe950f4caf5914b43645a59760dc37995a6306c9fa4c9
Opcode Fuzzy Hash: 12bac837ba4f0294292350cf71d6d1a9e3b609cbdcdfee2f6826941b197dc752
Instruction Fuzzy Hash: 0590022224544442D2007558540CA06004587D0305F55D072A11A459ADCA358951A131

Function 00B62EA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bd5106943ff05a7ba302f708a0dcea8bf6a864506cb568c9dc3d6137487919f
Instruction ID: 6d2dd2261f3b7231e19a8421b6238f6beb149cffdb65a61febaf3a7818b3a050
Opcode Fuzzy Hash: 2bd5106943ff05a7ba302f708a0dcea8bf6a864506cb568c9dc3d6137487919f
Instruction Fuzzy Hash: B990027224140402D24071584408746004587D0301F55C072A51A4559E8A598ED56665

Function 00B62E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62f5aae049e65f59bec71ef2c99a25a2fb0dfb2206335f41fb21f70471aaa287
Instruction ID: d38be7247a6dae9c27be774f988f4360edcd9634e4e9b6637af0f13fc824a7db
Opcode Fuzzy Hash: 62f5aae049e65f59bec71ef2c99a25a2fb0dfb2206335f41fb21f70471aaa287
Instruction Fuzzy Hash: EF90022264140502D20171584408616004A87D0341F95C073A116455AECE258A92A131

Function 00B62EE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e867bba015b6e993669becc5a08f847c930ada9f00e5381ef36f7db0197d69f9
Instruction ID: a18c23252576d84109603419ab0caa00052cdee88356d2d428c1e11d91d5f664
Opcode Fuzzy Hash: e867bba015b6e993669becc5a08f847c930ada9f00e5381ef36f7db0197d69f9
Instruction Fuzzy Hash: 9090026224180403D24075584808607004587D0302F55C072A21A455AE8E298D516135

Function 00B62E30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65936006216e879c77221d35c18e025dea6a87af18fa46e333f3712173c1b42a
Instruction ID: f28682912e1ba40b5cef1c22a8843a7aa036341eb08ac13b42ba1fef13588ab7
Opcode Fuzzy Hash: 65936006216e879c77221d35c18e025dea6a87af18fa46e333f3712173c1b42a
Instruction Fuzzy Hash: 5590022234140402D202715844186060049C7D1345F95C073E156455AD8A258A53A132

Function 00B62FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fbc2e67445769d13c56c0f68843404f997c552363bfca4a4cced609fe87b331
Instruction ID: 5b0ddba3c17e431c78978a9a0d4c5cf1f9e4a1eba7aad29c45938cc1639e3ac2
Opcode Fuzzy Hash: 0fbc2e67445769d13c56c0f68843404f997c552363bfca4a4cced609fe87b331
Instruction Fuzzy Hash: D6900222641400424240716888489064045ABE1311755C172A0AD8555D895989655665

Function 00B62FA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b3857b5780c1cfcb0aa4323cf41f4f23e23e602e3776975a1152e29477085e9
Instruction ID: 85a698abad0e6fd0b3e73ed69f203187bc27caf76cadf7337f940e3a8b700157
Opcode Fuzzy Hash: 6b3857b5780c1cfcb0aa4323cf41f4f23e23e602e3776975a1152e29477085e9
Instruction Fuzzy Hash: DA90023224180402D2007158480C747004587D0302F55C072A52A455AE8A65C9916531

Function 00B62F90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0ca55788a538c9a3b648d5fb3f85bf2c127f328a912f293c3dc22040aa01590
Instruction ID: 838bd73974365b240ff74421671aff3af745261e8698d9243fad7379ca35c948
Opcode Fuzzy Hash: a0ca55788a538c9a3b648d5fb3f85bf2c127f328a912f293c3dc22040aa01590
Instruction Fuzzy Hash: 5B90023224180402D2007158481870B004587D0302F55C072A12A455AD8A2589516571

Function 00B62FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 595e3a9fb7020ee616643e9cc66556446de5d6442c03f81cf9a56ccb63ca4876
Instruction ID: 178674a37ac824190ef23223f91b8bbbb0dac44acfc579ab6239d58248a8994a
Opcode Fuzzy Hash: 595e3a9fb7020ee616643e9cc66556446de5d6442c03f81cf9a56ccb63ca4876
Instruction Fuzzy Hash: 5D900222251C0042D30075684C18B07004587D0303F55C176A0294559CCD1589615521

Function 00B62F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fc64f27b308270dcb92faf24d09c3d52f0d5e3c6cd534b026fcb7e703c632cb
Instruction ID: 65ce9854cbf19a8b36b67ed6c26aa08a8a4dcc8729637972bc7936a31f67a052
Opcode Fuzzy Hash: 0fc64f27b308270dcb92faf24d09c3d52f0d5e3c6cd534b026fcb7e703c632cb
Instruction Fuzzy Hash: 2D90026238140442D20071584418B060045C7E1301F55C076E11A4559D8A19CD526126

Function 00B62F60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4691959526128f49a032819e2b2275db43fb2aaba26a6ef7223f5f4e266754d8
Instruction ID: 39dd8daeb861ad0f771f0f4715d9ca92f720513ba89cba92c84c36ce2477740a
Opcode Fuzzy Hash: 4691959526128f49a032819e2b2275db43fb2aaba26a6ef7223f5f4e266754d8
Instruction Fuzzy Hash: B890026225140042D20471584408706008587E1301F55C073A2294559CC9298D615125

Function 00B63090 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fcc8d916180f96b8e4840a23887665400fd10b61b2f2841723b72defb42566e
Instruction ID: de3a2d352964da6c4bf462ce8b0c13ee4830cfb769ed3c47d3359c434e179bf0
Opcode Fuzzy Hash: 3fcc8d916180f96b8e4840a23887665400fd10b61b2f2841723b72defb42566e
Instruction Fuzzy Hash: 5290022228140802D240715884187070046C7D0701F55C072A0164559D8A168A6566B1

Function 00B63010 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a54c69677609d5d613fe76d92ef0859110e5a253be7843608dc75cf4555dadc7
Instruction ID: 21f7a75a903d0eb8649834d8aedaef87d3794dda6d68d9d47952e1e8964cb67f
Opcode Fuzzy Hash: a54c69677609d5d613fe76d92ef0859110e5a253be7843608dc75cf4555dadc7
Instruction Fuzzy Hash: 7290022224184442D24072584808B0F414587E1302F95C07AA4296559CCD1589555721

Function 00B639B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb1784ca728e378cfdb8346d9b89daee8020baa964f0ebf8f838f86ae206fbdb
Instruction ID: 4ac2ebd4e22dc743eefd00ff37ad0af905ddffea41e51fe527c848104a0c4f2d
Opcode Fuzzy Hash: fb1784ca728e378cfdb8346d9b89daee8020baa964f0ebf8f838f86ae206fbdb
Instruction Fuzzy Hash: 2D90022228545102D250715C44086164045A7E0301F55C072A0954599D895589556221

Function 00111A7D Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2786935120.0000000000111000.00000040.00000001.01000000.00000003.sdmp, Offset: 00110000, based on PE: true

Associated: 00000000.00000002.2786916360.0000000000110000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_110000_5ZLQrKA4ge.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ec09bebdcd1da760829aad10b1930eb328b37b4b7c4ecd6c348289a7b305a90
Instruction ID: c5358b8763b4228719d4606302e3c238d53b999e59ad3c07c056f1be971c278d
Opcode Fuzzy Hash: 3ec09bebdcd1da760829aad10b1930eb328b37b4b7c4ecd6c348289a7b305a90
Instruction Fuzzy Hash: 2D900252048455C68955EB1488E8C586390E51527962413DC8175490D4CD11485E9204

Function 00B62C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 0e5deb892244cce782d54e538d0f994456bd1e81bd7fd44b7c636a27e31b453f
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 00B62890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00B6293C
___swprintf_l.LIBCMT ref: 00B6295E
___swprintf_l.LIBCMT ref: 00B629A3
___swprintf_l.LIBCMT ref: 00B9A52E

Strings

::%hs%u.%u.%u.%u, xrefs: 00B9A527
::ffff:0:%u.%u.%u.%u, xrefs: 00B9A54E
ffff:, xrefs: 00B9A504
:%u.%u.%u.%u, xrefs: 00B9A5B8

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 846b9616baa130bd6c0bd5cec5fc8528f10093be80eebbbac11bfa8fa86f097d
Instruction ID: ec9cbaebe02703ee5be92a220a58e3f0da02b441545993e0f1fd82ecb1b2f2d3
Opcode Fuzzy Hash: 846b9616baa130bd6c0bd5cec5fc8528f10093be80eebbbac11bfa8fa86f097d
Instruction Fuzzy Hash: 5351B9B5A00516BFDF14DBA8889097EF7F8FB58301B54C1B9E465D7681D238DE408BE0

Function 00BD2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00BD24A6
___swprintf_l.LIBCMT ref: 00BD24E2
___swprintf_l.LIBCMT ref: 00BD257D
___swprintf_l.LIBCMT ref: 00BD25A3
___swprintf_l.LIBCMT ref: 00BD25C8
___swprintf_l.LIBCMT ref: 00BD2608

Strings

:%u.%u.%u.%u, xrefs: 00BD25FF
ffff:, xrefs: 00BD247D, 00BD249D
::ffff:0:%u.%u.%u.%u, xrefs: 00BD24DA
::%hs%u.%u.%u.%u, xrefs: 00BD249E

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 79182ba4643d336caadbbdaefb12ff8ff271cbe9972a83c8ae0887cbdb8110f9
Instruction ID: 556ddb0db94c44626bf9db748b994ae15c12391856310970c539068cc6e9027c
Opcode Fuzzy Hash: 79182ba4643d336caadbbdaefb12ff8ff271cbe9972a83c8ae0887cbdb8110f9
Instruction Fuzzy Hash: 31510471A00685AECB20DF9CC99097EF7F8EB64304B50849BE599C3781F674EE408B60

Function 00B57630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Processing section info %ws..., xrefs: 00B94787
ExecuteOptions, xrefs: 00B946A0
Execute=1, xrefs: 00B94713
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00B94655
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00B94742
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00B94725
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00B946FC

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: b00ac53f80aee49e28ad02de77b54f3c37455928a8b831640b1dd3d297485bba
Instruction ID: 7b1a566bfde5f37d0dd4904039579dcddc078c6b666f5f89733f0a5b3aaa0a2a
Opcode Fuzzy Hash: b00ac53f80aee49e28ad02de77b54f3c37455928a8b831640b1dd3d297485bba
Instruction Fuzzy Hash: 9851F631744619AADF11ABA4FC8AFED77E8EB09301F1400E9E905A71D1EB709E498F51

Function 00BF6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
Instruction ID: f10f45b227cb9b2f9e539f9a572e59930f1ebf5f534aad87648dfc8b0c813520
Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
Instruction Fuzzy Hash: 96023675508345AFC305CF18C491A6BBBE5EFC8700F1489ADFA899B261DB31E909CB82

Function 00B6B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 00B6B6BF

Strings

+, xrefs: 00B6B65A
0, xrefs: 00B6B66F
-, xrefs: 00B6B650
0, xrefs: 00B6B695

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction ID: bc289b3b4f9f72000b0f5ee7447e8f3fa59dc76f5f1eb3170ccb930304d03a34
Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction Fuzzy Hash: 79819E70E452499EDF249E68C891FFEBBF6EF95310F18419AE861E7291C7389CC08B50

Function 00BD20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00BD214F
___swprintf_l.LIBCMT ref: 00BD2172

Strings

]:%u, xrefs: 00BD2169
%%%u, xrefs: 00BD2146
[, xrefs: 00BD212B

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: ca998306232a8c44cea3cc9e2cf1312c72920a748bf4183b285bba6b5542a4a5
Instruction ID: 648795912106557ff18d4487d7a69c5b4e5e08d7dfc09edae747db73088816ed
Opcode Fuzzy Hash: ca998306232a8c44cea3cc9e2cf1312c72920a748bf4183b285bba6b5542a4a5
Instruction Fuzzy Hash: 01215E76A00159ABDB10DF69CC41AEEBBF8EF68750F4441A6E915E3241FB309A018BA1

Function 00B4F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B902E7
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B902BD
RTL: Re-Waiting, xrefs: 00B9031E

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: b19ad6f841b6f4f08b9c4908618d6dabcca5c851ce65323175aa99fc763228af
Instruction ID: a488f2e959c5b85962d3afe8a726d8a75c0e16fe426833c76bdddf50bed9afc2
Opcode Fuzzy Hash: b19ad6f841b6f4f08b9c4908618d6dabcca5c851ce65323175aa99fc763228af
Instruction Fuzzy Hash: D9E1B030618742DFDB24DF28C885B2AB7E0FF49314F244AA9F5A58B2E1D774DA44DB42

Function 00B5B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B9728C

Strings

RTL: Resource at %p, xrefs: 00B972A3
RTL: Re-Waiting, xrefs: 00B972C1
RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00B97294

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 05be1cb89ae62e6e9905484dec232af57a0b674fe1dcccbeca51fcc76a03b14e
Instruction ID: 983f660b3a4d5eb730553ebab2a0523a9b75e001c4e595c036982e0d32b6abf4
Opcode Fuzzy Hash: 05be1cb89ae62e6e9905484dec232af57a0b674fe1dcccbeca51fcc76a03b14e
Instruction Fuzzy Hash: F4411231654606ABCB20DF64CC82F6AB7E1FF85711F2006A8FC55AB381DB30E81687D1

Function 00BD2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00BD238D
___swprintf_l.LIBCMT ref: 00BD23B3

Strings

%%%u, xrefs: 00BD2384
]:%u, xrefs: 00BD23AA

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: b8e5f875beba4a115b0b4e597fbe1613405be7b787a807e4b4a6fb678818b8b8
Instruction ID: 5e03f72d977d1aa63989bc143344e211518e471ea96a61756d8436ae7bb7a88a
Opcode Fuzzy Hash: b8e5f875beba4a115b0b4e597fbe1613405be7b787a807e4b4a6fb678818b8b8
Instruction Fuzzy Hash: B7315076A102599FCB20DF29CC41BEEB7F8EB54710F944596E859E3241FB34AE448FA0

Function 00B29126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 00B29175
$, xrefs: 00B29191

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: a733d43706e704eab295929810c4fffa1a003004e5261fb38b402834666e70dd
Instruction ID: 712f0126e25c9713e8804862ae292bf14637e8ab75d796fa8ce3f50c27fc91b8
Opcode Fuzzy Hash: a733d43706e704eab295929810c4fffa1a003004e5261fb38b402834666e70dd
Instruction Fuzzy Hash: A8810971D002699BDB21DF54DC45BEEB7B8AF09750F1081EAA91DB7290E7709E84CFA0

Function 00BACEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

@_EH4_CallFilterFunc@8.LIBCMT ref: 00BACFBD

Strings

@4Cw@4Cw, xrefs: 00BACFD5, 00BACFDA, 00BACFF1
@, xrefs: 00BACF0A

Memory Dump Source

Source File: 00000000.00000002.2787146850.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_af0000_5ZLQrKA4ge.jbxd

Similarity

API ID: CallFilterFunc@8
String ID: @$@4Cw@4Cw
API String ID: 4062629308-3101775584
Opcode ID: cfacbd52cb910fdacd9c3f03ed6458c78cdac8096c706846d9e75743055a4fc6
Instruction ID: 4780b113f8c09802437ce78f48b58c6537db21b855a2afcb55575279df4cf322
Opcode Fuzzy Hash: cfacbd52cb910fdacd9c3f03ed6458c78cdac8096c706846d9e75743055a4fc6
Instruction Fuzzy Hash: 9841E171904214DFCB21DFA5C841AAEBBF8FF46B04F1081AAF905DB261D734C945DBA0

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 5ZLQrKA4ge.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

E-Banking Fraud

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: 5ZLQrKA4ge.exePID: 6200, Parent PID: 4004

General

Chronological Activities

Disassembly

Analysis Process: 5ZLQrKA4ge.exePID: 6200, Parent PID: 4004COMMON

Execution Graph

Graph

Executed Functions

Function 00127843 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Control-flow Graph

Function 0013C703 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON

Control-flow Graph

Windows Analysis Report
5ZLQrKA4ge.exe

Function 00127843 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Function 0013C703 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Function 00B62B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 00B62C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 00B62DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 00B635C0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00127839 Relevance: 1.5, APIs: 1, Instructions: 37
libraryloaderCOMMON

Function 0013CA23 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 0013CA73 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 0013CAC3 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Function 00B62C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE