Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tZz1Ogtr2C.exe

Overview

General Information

Sample name:tZz1Ogtr2C.exe
renamed because original name is a hash value
Original sample name:2b2dd793a745ce3221f4e6641e88562fe642b37b08ff48ce004cdd886db6a5a1.exe
Analysis ID:1530783
MD5:d6afb0bc04fe2f54920119de06a0e344
SHA1:766646d307944b5e70cad48ce6b0b70860e4685c
SHA256:2b2dd793a745ce3221f4e6641e88562fe642b37b08ff48ce004cdd886db6a5a1
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Machine Learning detection for sample
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • tZz1Ogtr2C.exe (PID: 752 cmdline: "C:\Users\user\Desktop\tZz1Ogtr2C.exe" MD5: D6AFB0BC04FE2F54920119DE06A0E344)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2be80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13f4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2df43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x16012:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.tZz1Ogtr2C.exe.d10000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0.2.tZz1Ogtr2C.exe.d10000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2e143:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x16212:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: tZz1Ogtr2C.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: tZz1Ogtr2C.exeReversingLabs: Detection: 60%
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: tZz1Ogtr2C.exeJoe Sandbox ML: detected
        Source: tZz1Ogtr2C.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: tZz1Ogtr2C.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: tZz1Ogtr2C.exe, 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1681346410.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.000000000126E000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1679288329.0000000000D66000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: tZz1Ogtr2C.exe, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1681346410.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.000000000126E000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1679288329.0000000000D66000.00000004.00000020.00020000.00000000.sdmp

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D3C1E3 NtClose,0_2_00D3C1E3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142B60 NtClose,LdrInitializeThunk,0_2_01142B60
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01142DF0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01142C70
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011435C0 NtCreateMutant,LdrInitializeThunk,0_2_011435C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01144340 NtSetContextThread,0_2_01144340
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01144650 NtSuspendThread,0_2_01144650
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142B80 NtQueryInformationFile,0_2_01142B80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142BA0 NtEnumerateValueKey,0_2_01142BA0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142BF0 NtAllocateVirtualMemory,0_2_01142BF0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142BE0 NtQueryValueKey,0_2_01142BE0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142AB0 NtWaitForSingleObject,0_2_01142AB0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142AD0 NtReadFile,0_2_01142AD0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142AF0 NtWriteFile,0_2_01142AF0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142D10 NtMapViewOfSection,0_2_01142D10
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142D00 NtSetInformationFile,0_2_01142D00
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142D30 NtUnmapViewOfSection,0_2_01142D30
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142DB0 NtEnumerateKey,0_2_01142DB0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142DD0 NtDelayExecution,0_2_01142DD0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142C00 NtQueryInformationProcess,0_2_01142C00
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142C60 NtCreateKey,0_2_01142C60
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142CA0 NtQueryInformationToken,0_2_01142CA0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142CC0 NtQueryVirtualMemory,0_2_01142CC0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142CF0 NtOpenProcess,0_2_01142CF0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142F30 NtCreateSection,0_2_01142F30
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142F60 NtCreateProcessEx,0_2_01142F60
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142F90 NtProtectVirtualMemory,0_2_01142F90
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142FB0 NtResumeThread,0_2_01142FB0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142FA0 NtQuerySection,0_2_01142FA0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142FE0 NtCreateFile,0_2_01142FE0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142E30 NtWriteVirtualMemory,0_2_01142E30
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142E80 NtReadVirtualMemory,0_2_01142E80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142EA0 NtAdjustPrivilegesToken,0_2_01142EA0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142EE0 NtQueueApcThread,0_2_01142EE0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01143010 NtOpenDirectoryObject,0_2_01143010
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01143090 NtSetValueKey,0_2_01143090
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011439B0 NtGetContextThread,0_2_011439B0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01143D10 NtOpenProcessToken,0_2_01143D10
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01143D70 NtOpenThread,0_2_01143D70
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D3E8330_2_00D3E833
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D111A00_2_00D111A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D129300_2_00D12930
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D1292C0_2_00D1292C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D122510_2_00D12251
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D122600_2_00D12260
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D1FA630_2_00D1FA63
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D263830_2_00D26383
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D263800_2_00D26380
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D1FC830_2_00D1FC83
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D1DD030_2_00D1DD03
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D12E400_2_00D12E40
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AA1180_2_011AA118
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011001000_2_01100100
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011981580_2_01198158
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D01AA0_2_011D01AA
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C41A20_2_011C41A2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C81CC0_2_011C81CC
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A20000_2_011A2000
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CA3520_2_011CA352
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111E3F00_2_0111E3F0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D03E60_2_011D03E6
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B02740_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011902C00_2_011902C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011105350_2_01110535
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D05910_2_011D0591
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B44200_2_011B4420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C24460_2_011C2446
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011BE4F60_2_011BE4F6
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011347500_2_01134750
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011107700_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110C7C00_2_0110C7C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112C6E00_2_0112C6E0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011269620_2_01126962
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A00_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011DA9A60_2_011DA9A6
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111A8400_2_0111A840
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011128400_2_01112840
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F68B80_2_010F68B8
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E8F00_2_0113E8F0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CAB400_2_011CAB40
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C6BD70_2_011C6BD7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110EA800_2_0110EA80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011ACD1F0_2_011ACD1F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111AD000_2_0111AD00
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01128DBF0_2_01128DBF
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110ADE00_2_0110ADE0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110C000_2_01110C00
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0CB50_2_011B0CB5
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01100CF20_2_01100CF2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01130F300_2_01130F30
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B2F300_2_011B2F30
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01152F280_2_01152F28
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01184F400_2_01184F40
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118EFA00_2_0118EFA0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01102FC80_2_01102FC8
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111CFE00_2_0111CFE0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CEE260_2_011CEE26
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110E590_2_01110E59
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01122E900_2_01122E90
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CCE930_2_011CCE93
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CEEDB0_2_011CEEDB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011DB16B0_2_011DB16B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0114516C0_2_0114516C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FF1720_2_010FF172
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111B1B00_2_0111B1B0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011170C00_2_011170C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011BF0CC0_2_011BF0CC
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C70E90_2_011C70E9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CF0E00_2_011CF0E0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C132D0_2_011C132D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FD34C0_2_010FD34C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0115739A0_2_0115739A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011152A00_2_011152A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112B2C00_2_0112B2C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B12ED0_2_011B12ED
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C75710_2_011C7571
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AD5B00_2_011AD5B0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D95C30_2_011D95C3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CF43F0_2_011CF43F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011014600_2_01101460
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CF7B00_2_011CF7B0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011556300_2_01155630
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C16CC0_2_011C16CC
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A59100_2_011A5910
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011199500_2_01119950
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112B9500_2_0112B950
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117D8000_2_0117D800
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011138E00_2_011138E0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CFB760_2_011CFB76
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112FB800_2_0112FB80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01185BF00_2_01185BF0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0114DBF90_2_0114DBF9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CFA490_2_011CFA49
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C7A460_2_011C7A46
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01183A6C0_2_01183A6C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01155AA00_2_01155AA0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011ADAAC0_2_011ADAAC
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B1AA30_2_011B1AA3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011BDAC60_2_011BDAC6
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C1D5A0_2_011C1D5A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01113D400_2_01113D40
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C7D730_2_011C7D73
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112FDC00_2_0112FDC0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01189C320_2_01189C32
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CFCF20_2_011CFCF2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CFF090_2_011CFF09
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01111F920_2_01111F92
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CFFB10_2_011CFFB1
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010D3FD50_2_010D3FD5
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010D3FD20_2_010D3FD2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01119EB00_2_01119EB0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: String function: 01145130 appears 58 times
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: String function: 010FB970 appears 280 times
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: String function: 01157E54 appears 111 times
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: String function: 0117EA12 appears 86 times
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: String function: 0118F290 appears 105 times
        Source: tZz1Ogtr2C.exeStatic PE information: No import functions for PE file found
        Source: tZz1Ogtr2C.exe, 00000000.00000002.2019518337.00000000013A1000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs tZz1Ogtr2C.exe
        Source: tZz1Ogtr2C.exe, 00000000.00000003.1681346410.0000000001048000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs tZz1Ogtr2C.exe
        Source: tZz1Ogtr2C.exe, 00000000.00000003.1679288329.0000000000E89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs tZz1Ogtr2C.exe
        Source: tZz1Ogtr2C.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: tZz1Ogtr2C.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: tZz1Ogtr2C.exeStatic PE information: Section .text
        Source: classification engineClassification label: mal80.troj.winEXE@1/0@0/0
        Source: tZz1Ogtr2C.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: tZz1Ogtr2C.exeReversingLabs: Detection: 60%
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeSection loaded: apphelp.dllJump to behavior
        Source: tZz1Ogtr2C.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: tZz1Ogtr2C.exe, 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1681346410.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.000000000126E000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1679288329.0000000000D66000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: tZz1Ogtr2C.exe, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1681346410.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.000000000126E000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1679288329.0000000000D66000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D130C0 push eax; ret 0_2_00D130C2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D181B7 push es; iretd 0_2_00D181B9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D34253 push edx; retf 0_2_00D34254
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D1AA0B push ebp; retf 0_2_00D1AA24
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D23A3F push FFFFFFBBh; retf 0_2_00D23AC2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D24594 push esi; ret 0_2_00D245B2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D23F1D push cs; ret 0_2_00D23F30
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D21F30 push es; iretd 0_2_00D21F33
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010D225F pushad ; ret 0_2_010D27F9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010D27FA pushad ; ret 0_2_010D27F9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011009AD push ecx; mov dword ptr [esp], ecx0_2_011009B6
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010D283D push eax; iretd 0_2_010D2858
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010D1368 push eax; iretd 0_2_010D1369
        Source: tZz1Ogtr2C.exeStatic PE information: section name: .text entropy: 7.995237143421081
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0114096E rdtsc 0_2_0114096E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeAPI coverage: 0.6 %
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe TID: 5540Thread sleep time: -30000s >= -30000sJump to behavior
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0114096E rdtsc 0_2_0114096E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_00D27333 LdrLoadDll,0_2_00D27333
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AA118 mov ecx, dword ptr fs:[00000030h]0_2_011AA118
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AA118 mov eax, dword ptr fs:[00000030h]0_2_011AA118
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AA118 mov eax, dword ptr fs:[00000030h]0_2_011AA118
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AA118 mov eax, dword ptr fs:[00000030h]0_2_011AA118
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C0115 mov eax, dword ptr fs:[00000030h]0_2_011C0115
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h]0_2_011AE10E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE10E mov ecx, dword ptr fs:[00000030h]0_2_011AE10E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h]0_2_011AE10E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h]0_2_011AE10E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE10E mov ecx, dword ptr fs:[00000030h]0_2_011AE10E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h]0_2_011AE10E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h]0_2_011AE10E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE10E mov ecx, dword ptr fs:[00000030h]0_2_011AE10E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h]0_2_011AE10E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE10E mov ecx, dword ptr fs:[00000030h]0_2_011AE10E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01130124 mov eax, dword ptr fs:[00000030h]0_2_01130124
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01198158 mov eax, dword ptr fs:[00000030h]0_2_01198158
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01106154 mov eax, dword ptr fs:[00000030h]0_2_01106154
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01106154 mov eax, dword ptr fs:[00000030h]0_2_01106154
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FC156 mov eax, dword ptr fs:[00000030h]0_2_010FC156
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01194144 mov eax, dword ptr fs:[00000030h]0_2_01194144
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01194144 mov eax, dword ptr fs:[00000030h]0_2_01194144
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01194144 mov ecx, dword ptr fs:[00000030h]0_2_01194144
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01194144 mov eax, dword ptr fs:[00000030h]0_2_01194144
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01194144 mov eax, dword ptr fs:[00000030h]0_2_01194144
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4164 mov eax, dword ptr fs:[00000030h]0_2_011D4164
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4164 mov eax, dword ptr fs:[00000030h]0_2_011D4164
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118019F mov eax, dword ptr fs:[00000030h]0_2_0118019F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118019F mov eax, dword ptr fs:[00000030h]0_2_0118019F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118019F mov eax, dword ptr fs:[00000030h]0_2_0118019F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118019F mov eax, dword ptr fs:[00000030h]0_2_0118019F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01140185 mov eax, dword ptr fs:[00000030h]0_2_01140185
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011BC188 mov eax, dword ptr fs:[00000030h]0_2_011BC188
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011BC188 mov eax, dword ptr fs:[00000030h]0_2_011BC188
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FA197 mov eax, dword ptr fs:[00000030h]0_2_010FA197
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FA197 mov eax, dword ptr fs:[00000030h]0_2_010FA197
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FA197 mov eax, dword ptr fs:[00000030h]0_2_010FA197
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A4180 mov eax, dword ptr fs:[00000030h]0_2_011A4180
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A4180 mov eax, dword ptr fs:[00000030h]0_2_011A4180
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E1D0 mov eax, dword ptr fs:[00000030h]0_2_0117E1D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E1D0 mov eax, dword ptr fs:[00000030h]0_2_0117E1D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E1D0 mov ecx, dword ptr fs:[00000030h]0_2_0117E1D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E1D0 mov eax, dword ptr fs:[00000030h]0_2_0117E1D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E1D0 mov eax, dword ptr fs:[00000030h]0_2_0117E1D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C61C3 mov eax, dword ptr fs:[00000030h]0_2_011C61C3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C61C3 mov eax, dword ptr fs:[00000030h]0_2_011C61C3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011301F8 mov eax, dword ptr fs:[00000030h]0_2_011301F8
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D61E5 mov eax, dword ptr fs:[00000030h]0_2_011D61E5
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111E016 mov eax, dword ptr fs:[00000030h]0_2_0111E016
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111E016 mov eax, dword ptr fs:[00000030h]0_2_0111E016
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111E016 mov eax, dword ptr fs:[00000030h]0_2_0111E016
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111E016 mov eax, dword ptr fs:[00000030h]0_2_0111E016
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01184000 mov ecx, dword ptr fs:[00000030h]0_2_01184000
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h]0_2_011A2000
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h]0_2_011A2000
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h]0_2_011A2000
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h]0_2_011A2000
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h]0_2_011A2000
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h]0_2_011A2000
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h]0_2_011A2000
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h]0_2_011A2000
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01196030 mov eax, dword ptr fs:[00000030h]0_2_01196030
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FA020 mov eax, dword ptr fs:[00000030h]0_2_010FA020
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FC020 mov eax, dword ptr fs:[00000030h]0_2_010FC020
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01102050 mov eax, dword ptr fs:[00000030h]0_2_01102050
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01186050 mov eax, dword ptr fs:[00000030h]0_2_01186050
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112C073 mov eax, dword ptr fs:[00000030h]0_2_0112C073
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110208A mov eax, dword ptr fs:[00000030h]0_2_0110208A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C60B8 mov eax, dword ptr fs:[00000030h]0_2_011C60B8
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C60B8 mov ecx, dword ptr fs:[00000030h]0_2_011C60B8
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F80A0 mov eax, dword ptr fs:[00000030h]0_2_010F80A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011980A8 mov eax, dword ptr fs:[00000030h]0_2_011980A8
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011820DE mov eax, dword ptr fs:[00000030h]0_2_011820DE
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011420F0 mov ecx, dword ptr fs:[00000030h]0_2_011420F0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FA0E3 mov ecx, dword ptr fs:[00000030h]0_2_010FA0E3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011860E0 mov eax, dword ptr fs:[00000030h]0_2_011860E0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011080E9 mov eax, dword ptr fs:[00000030h]0_2_011080E9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FC0F0 mov eax, dword ptr fs:[00000030h]0_2_010FC0F0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01120310 mov ecx, dword ptr fs:[00000030h]0_2_01120310
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A30B mov eax, dword ptr fs:[00000030h]0_2_0113A30B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A30B mov eax, dword ptr fs:[00000030h]0_2_0113A30B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A30B mov eax, dword ptr fs:[00000030h]0_2_0113A30B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FC310 mov ecx, dword ptr fs:[00000030h]0_2_010FC310
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D8324 mov eax, dword ptr fs:[00000030h]0_2_011D8324
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D8324 mov ecx, dword ptr fs:[00000030h]0_2_011D8324
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D8324 mov eax, dword ptr fs:[00000030h]0_2_011D8324
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D8324 mov eax, dword ptr fs:[00000030h]0_2_011D8324
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118035C mov eax, dword ptr fs:[00000030h]0_2_0118035C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118035C mov eax, dword ptr fs:[00000030h]0_2_0118035C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118035C mov eax, dword ptr fs:[00000030h]0_2_0118035C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118035C mov ecx, dword ptr fs:[00000030h]0_2_0118035C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118035C mov eax, dword ptr fs:[00000030h]0_2_0118035C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118035C mov eax, dword ptr fs:[00000030h]0_2_0118035C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A8350 mov ecx, dword ptr fs:[00000030h]0_2_011A8350
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CA352 mov eax, dword ptr fs:[00000030h]0_2_011CA352
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01182349 mov eax, dword ptr fs:[00000030h]0_2_01182349
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D634F mov eax, dword ptr fs:[00000030h]0_2_011D634F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A437C mov eax, dword ptr fs:[00000030h]0_2_011A437C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FE388 mov eax, dword ptr fs:[00000030h]0_2_010FE388
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FE388 mov eax, dword ptr fs:[00000030h]0_2_010FE388
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FE388 mov eax, dword ptr fs:[00000030h]0_2_010FE388
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F8397 mov eax, dword ptr fs:[00000030h]0_2_010F8397
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F8397 mov eax, dword ptr fs:[00000030h]0_2_010F8397
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F8397 mov eax, dword ptr fs:[00000030h]0_2_010F8397
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112438F mov eax, dword ptr fs:[00000030h]0_2_0112438F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112438F mov eax, dword ptr fs:[00000030h]0_2_0112438F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE3DB mov eax, dword ptr fs:[00000030h]0_2_011AE3DB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE3DB mov eax, dword ptr fs:[00000030h]0_2_011AE3DB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE3DB mov ecx, dword ptr fs:[00000030h]0_2_011AE3DB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AE3DB mov eax, dword ptr fs:[00000030h]0_2_011AE3DB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A43D4 mov eax, dword ptr fs:[00000030h]0_2_011A43D4
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A43D4 mov eax, dword ptr fs:[00000030h]0_2_011A43D4
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h]0_2_0110A3C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h]0_2_0110A3C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h]0_2_0110A3C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h]0_2_0110A3C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h]0_2_0110A3C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h]0_2_0110A3C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011083C0 mov eax, dword ptr fs:[00000030h]0_2_011083C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011083C0 mov eax, dword ptr fs:[00000030h]0_2_011083C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011083C0 mov eax, dword ptr fs:[00000030h]0_2_011083C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011083C0 mov eax, dword ptr fs:[00000030h]0_2_011083C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011BC3CD mov eax, dword ptr fs:[00000030h]0_2_011BC3CD
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011863C0 mov eax, dword ptr fs:[00000030h]0_2_011863C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111E3F0 mov eax, dword ptr fs:[00000030h]0_2_0111E3F0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111E3F0 mov eax, dword ptr fs:[00000030h]0_2_0111E3F0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111E3F0 mov eax, dword ptr fs:[00000030h]0_2_0111E3F0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011363FF mov eax, dword ptr fs:[00000030h]0_2_011363FF
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h]0_2_011103E9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h]0_2_011103E9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h]0_2_011103E9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h]0_2_011103E9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h]0_2_011103E9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h]0_2_011103E9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h]0_2_011103E9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h]0_2_011103E9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F823B mov eax, dword ptr fs:[00000030h]0_2_010F823B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D625D mov eax, dword ptr fs:[00000030h]0_2_011D625D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01106259 mov eax, dword ptr fs:[00000030h]0_2_01106259
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011BA250 mov eax, dword ptr fs:[00000030h]0_2_011BA250
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011BA250 mov eax, dword ptr fs:[00000030h]0_2_011BA250
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01188243 mov eax, dword ptr fs:[00000030h]0_2_01188243
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01188243 mov ecx, dword ptr fs:[00000030h]0_2_01188243
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FA250 mov eax, dword ptr fs:[00000030h]0_2_010FA250
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F826B mov eax, dword ptr fs:[00000030h]0_2_010F826B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h]0_2_011B0274
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01104260 mov eax, dword ptr fs:[00000030h]0_2_01104260
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01104260 mov eax, dword ptr fs:[00000030h]0_2_01104260
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01104260 mov eax, dword ptr fs:[00000030h]0_2_01104260
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E284 mov eax, dword ptr fs:[00000030h]0_2_0113E284
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E284 mov eax, dword ptr fs:[00000030h]0_2_0113E284
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01180283 mov eax, dword ptr fs:[00000030h]0_2_01180283
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01180283 mov eax, dword ptr fs:[00000030h]0_2_01180283
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01180283 mov eax, dword ptr fs:[00000030h]0_2_01180283
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011102A0 mov eax, dword ptr fs:[00000030h]0_2_011102A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011102A0 mov eax, dword ptr fs:[00000030h]0_2_011102A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011962A0 mov eax, dword ptr fs:[00000030h]0_2_011962A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011962A0 mov ecx, dword ptr fs:[00000030h]0_2_011962A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011962A0 mov eax, dword ptr fs:[00000030h]0_2_011962A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011962A0 mov eax, dword ptr fs:[00000030h]0_2_011962A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011962A0 mov eax, dword ptr fs:[00000030h]0_2_011962A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011962A0 mov eax, dword ptr fs:[00000030h]0_2_011962A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D62D6 mov eax, dword ptr fs:[00000030h]0_2_011D62D6
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A2C3 mov eax, dword ptr fs:[00000030h]0_2_0110A2C3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A2C3 mov eax, dword ptr fs:[00000030h]0_2_0110A2C3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A2C3 mov eax, dword ptr fs:[00000030h]0_2_0110A2C3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A2C3 mov eax, dword ptr fs:[00000030h]0_2_0110A2C3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A2C3 mov eax, dword ptr fs:[00000030h]0_2_0110A2C3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011102E1 mov eax, dword ptr fs:[00000030h]0_2_011102E1
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011102E1 mov eax, dword ptr fs:[00000030h]0_2_011102E1
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011102E1 mov eax, dword ptr fs:[00000030h]0_2_011102E1
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01196500 mov eax, dword ptr fs:[00000030h]0_2_01196500
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h]0_2_011D4500
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h]0_2_011D4500
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h]0_2_011D4500
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h]0_2_011D4500
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h]0_2_011D4500
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h]0_2_011D4500
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h]0_2_011D4500
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110535 mov eax, dword ptr fs:[00000030h]0_2_01110535
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110535 mov eax, dword ptr fs:[00000030h]0_2_01110535
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110535 mov eax, dword ptr fs:[00000030h]0_2_01110535
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110535 mov eax, dword ptr fs:[00000030h]0_2_01110535
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110535 mov eax, dword ptr fs:[00000030h]0_2_01110535
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110535 mov eax, dword ptr fs:[00000030h]0_2_01110535
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E53E mov eax, dword ptr fs:[00000030h]0_2_0112E53E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E53E mov eax, dword ptr fs:[00000030h]0_2_0112E53E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E53E mov eax, dword ptr fs:[00000030h]0_2_0112E53E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E53E mov eax, dword ptr fs:[00000030h]0_2_0112E53E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E53E mov eax, dword ptr fs:[00000030h]0_2_0112E53E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01108550 mov eax, dword ptr fs:[00000030h]0_2_01108550
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01108550 mov eax, dword ptr fs:[00000030h]0_2_01108550
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113656A mov eax, dword ptr fs:[00000030h]0_2_0113656A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113656A mov eax, dword ptr fs:[00000030h]0_2_0113656A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113656A mov eax, dword ptr fs:[00000030h]0_2_0113656A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E59C mov eax, dword ptr fs:[00000030h]0_2_0113E59C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01102582 mov eax, dword ptr fs:[00000030h]0_2_01102582
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01102582 mov ecx, dword ptr fs:[00000030h]0_2_01102582
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01134588 mov eax, dword ptr fs:[00000030h]0_2_01134588
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011245B1 mov eax, dword ptr fs:[00000030h]0_2_011245B1
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011245B1 mov eax, dword ptr fs:[00000030h]0_2_011245B1
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011805A7 mov eax, dword ptr fs:[00000030h]0_2_011805A7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011805A7 mov eax, dword ptr fs:[00000030h]0_2_011805A7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011805A7 mov eax, dword ptr fs:[00000030h]0_2_011805A7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011065D0 mov eax, dword ptr fs:[00000030h]0_2_011065D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A5D0 mov eax, dword ptr fs:[00000030h]0_2_0113A5D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A5D0 mov eax, dword ptr fs:[00000030h]0_2_0113A5D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E5CF mov eax, dword ptr fs:[00000030h]0_2_0113E5CF
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E5CF mov eax, dword ptr fs:[00000030h]0_2_0113E5CF
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011025E0 mov eax, dword ptr fs:[00000030h]0_2_011025E0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h]0_2_0112E5E7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h]0_2_0112E5E7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h]0_2_0112E5E7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h]0_2_0112E5E7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h]0_2_0112E5E7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h]0_2_0112E5E7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h]0_2_0112E5E7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h]0_2_0112E5E7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113C5ED mov eax, dword ptr fs:[00000030h]0_2_0113C5ED
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113C5ED mov eax, dword ptr fs:[00000030h]0_2_0113C5ED
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01138402 mov eax, dword ptr fs:[00000030h]0_2_01138402
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01138402 mov eax, dword ptr fs:[00000030h]0_2_01138402
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01138402 mov eax, dword ptr fs:[00000030h]0_2_01138402
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A430 mov eax, dword ptr fs:[00000030h]0_2_0113A430
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FC427 mov eax, dword ptr fs:[00000030h]0_2_010FC427
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FE420 mov eax, dword ptr fs:[00000030h]0_2_010FE420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FE420 mov eax, dword ptr fs:[00000030h]0_2_010FE420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FE420 mov eax, dword ptr fs:[00000030h]0_2_010FE420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01186420 mov eax, dword ptr fs:[00000030h]0_2_01186420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01186420 mov eax, dword ptr fs:[00000030h]0_2_01186420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01186420 mov eax, dword ptr fs:[00000030h]0_2_01186420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01186420 mov eax, dword ptr fs:[00000030h]0_2_01186420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01186420 mov eax, dword ptr fs:[00000030h]0_2_01186420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01186420 mov eax, dword ptr fs:[00000030h]0_2_01186420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01186420 mov eax, dword ptr fs:[00000030h]0_2_01186420
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112245A mov eax, dword ptr fs:[00000030h]0_2_0112245A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011BA456 mov eax, dword ptr fs:[00000030h]0_2_011BA456
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h]0_2_0113E443
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h]0_2_0113E443
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h]0_2_0113E443
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h]0_2_0113E443
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h]0_2_0113E443
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h]0_2_0113E443
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h]0_2_0113E443
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h]0_2_0113E443
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F645D mov eax, dword ptr fs:[00000030h]0_2_010F645D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112A470 mov eax, dword ptr fs:[00000030h]0_2_0112A470
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112A470 mov eax, dword ptr fs:[00000030h]0_2_0112A470
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112A470 mov eax, dword ptr fs:[00000030h]0_2_0112A470
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118C460 mov ecx, dword ptr fs:[00000030h]0_2_0118C460
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011BA49A mov eax, dword ptr fs:[00000030h]0_2_011BA49A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011344B0 mov ecx, dword ptr fs:[00000030h]0_2_011344B0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118A4B0 mov eax, dword ptr fs:[00000030h]0_2_0118A4B0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011064AB mov eax, dword ptr fs:[00000030h]0_2_011064AB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011004E5 mov ecx, dword ptr fs:[00000030h]0_2_011004E5
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01100710 mov eax, dword ptr fs:[00000030h]0_2_01100710
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01130710 mov eax, dword ptr fs:[00000030h]0_2_01130710
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113C700 mov eax, dword ptr fs:[00000030h]0_2_0113C700
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117C730 mov eax, dword ptr fs:[00000030h]0_2_0117C730
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113273C mov eax, dword ptr fs:[00000030h]0_2_0113273C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113273C mov ecx, dword ptr fs:[00000030h]0_2_0113273C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113273C mov eax, dword ptr fs:[00000030h]0_2_0113273C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113C720 mov eax, dword ptr fs:[00000030h]0_2_0113C720
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113C720 mov eax, dword ptr fs:[00000030h]0_2_0113C720
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01100750 mov eax, dword ptr fs:[00000030h]0_2_01100750
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142750 mov eax, dword ptr fs:[00000030h]0_2_01142750
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142750 mov eax, dword ptr fs:[00000030h]0_2_01142750
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118E75D mov eax, dword ptr fs:[00000030h]0_2_0118E75D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01184755 mov eax, dword ptr fs:[00000030h]0_2_01184755
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113674D mov esi, dword ptr fs:[00000030h]0_2_0113674D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113674D mov eax, dword ptr fs:[00000030h]0_2_0113674D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113674D mov eax, dword ptr fs:[00000030h]0_2_0113674D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01108770 mov eax, dword ptr fs:[00000030h]0_2_01108770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110770 mov eax, dword ptr fs:[00000030h]0_2_01110770
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A678E mov eax, dword ptr fs:[00000030h]0_2_011A678E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B47A0 mov eax, dword ptr fs:[00000030h]0_2_011B47A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011007AF mov eax, dword ptr fs:[00000030h]0_2_011007AF
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110C7C0 mov eax, dword ptr fs:[00000030h]0_2_0110C7C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011807C3 mov eax, dword ptr fs:[00000030h]0_2_011807C3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011047FB mov eax, dword ptr fs:[00000030h]0_2_011047FB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011047FB mov eax, dword ptr fs:[00000030h]0_2_011047FB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118E7E1 mov eax, dword ptr fs:[00000030h]0_2_0118E7E1
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011227ED mov eax, dword ptr fs:[00000030h]0_2_011227ED
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011227ED mov eax, dword ptr fs:[00000030h]0_2_011227ED
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011227ED mov eax, dword ptr fs:[00000030h]0_2_011227ED
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01142619 mov eax, dword ptr fs:[00000030h]0_2_01142619
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111260B mov eax, dword ptr fs:[00000030h]0_2_0111260B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111260B mov eax, dword ptr fs:[00000030h]0_2_0111260B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111260B mov eax, dword ptr fs:[00000030h]0_2_0111260B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111260B mov eax, dword ptr fs:[00000030h]0_2_0111260B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111260B mov eax, dword ptr fs:[00000030h]0_2_0111260B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111260B mov eax, dword ptr fs:[00000030h]0_2_0111260B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111260B mov eax, dword ptr fs:[00000030h]0_2_0111260B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E609 mov eax, dword ptr fs:[00000030h]0_2_0117E609
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01136620 mov eax, dword ptr fs:[00000030h]0_2_01136620
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01138620 mov eax, dword ptr fs:[00000030h]0_2_01138620
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111E627 mov eax, dword ptr fs:[00000030h]0_2_0111E627
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110262C mov eax, dword ptr fs:[00000030h]0_2_0110262C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0111C640 mov eax, dword ptr fs:[00000030h]0_2_0111C640
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01132674 mov eax, dword ptr fs:[00000030h]0_2_01132674
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C866E mov eax, dword ptr fs:[00000030h]0_2_011C866E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C866E mov eax, dword ptr fs:[00000030h]0_2_011C866E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A660 mov eax, dword ptr fs:[00000030h]0_2_0113A660
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A660 mov eax, dword ptr fs:[00000030h]0_2_0113A660
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01104690 mov eax, dword ptr fs:[00000030h]0_2_01104690
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01104690 mov eax, dword ptr fs:[00000030h]0_2_01104690
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011366B0 mov eax, dword ptr fs:[00000030h]0_2_011366B0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113C6A6 mov eax, dword ptr fs:[00000030h]0_2_0113C6A6
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0113A6C7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A6C7 mov eax, dword ptr fs:[00000030h]0_2_0113A6C7
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E6F2 mov eax, dword ptr fs:[00000030h]0_2_0117E6F2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E6F2 mov eax, dword ptr fs:[00000030h]0_2_0117E6F2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E6F2 mov eax, dword ptr fs:[00000030h]0_2_0117E6F2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E6F2 mov eax, dword ptr fs:[00000030h]0_2_0117E6F2
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011806F1 mov eax, dword ptr fs:[00000030h]0_2_011806F1
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011806F1 mov eax, dword ptr fs:[00000030h]0_2_011806F1
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118C912 mov eax, dword ptr fs:[00000030h]0_2_0118C912
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F8918 mov eax, dword ptr fs:[00000030h]0_2_010F8918
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F8918 mov eax, dword ptr fs:[00000030h]0_2_010F8918
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E908 mov eax, dword ptr fs:[00000030h]0_2_0117E908
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117E908 mov eax, dword ptr fs:[00000030h]0_2_0117E908
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118892A mov eax, dword ptr fs:[00000030h]0_2_0118892A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0119892B mov eax, dword ptr fs:[00000030h]0_2_0119892B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4940 mov eax, dword ptr fs:[00000030h]0_2_011D4940
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01180946 mov eax, dword ptr fs:[00000030h]0_2_01180946
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A4978 mov eax, dword ptr fs:[00000030h]0_2_011A4978
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A4978 mov eax, dword ptr fs:[00000030h]0_2_011A4978
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118C97C mov eax, dword ptr fs:[00000030h]0_2_0118C97C
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01126962 mov eax, dword ptr fs:[00000030h]0_2_01126962
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01126962 mov eax, dword ptr fs:[00000030h]0_2_01126962
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01126962 mov eax, dword ptr fs:[00000030h]0_2_01126962
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0114096E mov eax, dword ptr fs:[00000030h]0_2_0114096E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0114096E mov edx, dword ptr fs:[00000030h]0_2_0114096E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0114096E mov eax, dword ptr fs:[00000030h]0_2_0114096E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011889B3 mov esi, dword ptr fs:[00000030h]0_2_011889B3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011889B3 mov eax, dword ptr fs:[00000030h]0_2_011889B3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011889B3 mov eax, dword ptr fs:[00000030h]0_2_011889B3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h]0_2_011129A0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011009AD mov eax, dword ptr fs:[00000030h]0_2_011009AD
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011009AD mov eax, dword ptr fs:[00000030h]0_2_011009AD
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h]0_2_0110A9D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h]0_2_0110A9D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h]0_2_0110A9D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h]0_2_0110A9D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h]0_2_0110A9D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h]0_2_0110A9D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011349D0 mov eax, dword ptr fs:[00000030h]0_2_011349D0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CA9D3 mov eax, dword ptr fs:[00000030h]0_2_011CA9D3
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011969C0 mov eax, dword ptr fs:[00000030h]0_2_011969C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011329F9 mov eax, dword ptr fs:[00000030h]0_2_011329F9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011329F9 mov eax, dword ptr fs:[00000030h]0_2_011329F9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118E9E0 mov eax, dword ptr fs:[00000030h]0_2_0118E9E0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118C810 mov eax, dword ptr fs:[00000030h]0_2_0118C810
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A483A mov eax, dword ptr fs:[00000030h]0_2_011A483A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A483A mov eax, dword ptr fs:[00000030h]0_2_011A483A
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113A830 mov eax, dword ptr fs:[00000030h]0_2_0113A830
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01122835 mov eax, dword ptr fs:[00000030h]0_2_01122835
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01122835 mov eax, dword ptr fs:[00000030h]0_2_01122835
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01122835 mov eax, dword ptr fs:[00000030h]0_2_01122835
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01122835 mov ecx, dword ptr fs:[00000030h]0_2_01122835
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01122835 mov eax, dword ptr fs:[00000030h]0_2_01122835
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01122835 mov eax, dword ptr fs:[00000030h]0_2_01122835
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01130854 mov eax, dword ptr fs:[00000030h]0_2_01130854
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01104859 mov eax, dword ptr fs:[00000030h]0_2_01104859
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01104859 mov eax, dword ptr fs:[00000030h]0_2_01104859
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01112840 mov ecx, dword ptr fs:[00000030h]0_2_01112840
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01196870 mov eax, dword ptr fs:[00000030h]0_2_01196870
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01196870 mov eax, dword ptr fs:[00000030h]0_2_01196870
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118E872 mov eax, dword ptr fs:[00000030h]0_2_0118E872
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118E872 mov eax, dword ptr fs:[00000030h]0_2_0118E872
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118C89D mov eax, dword ptr fs:[00000030h]0_2_0118C89D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01100887 mov eax, dword ptr fs:[00000030h]0_2_01100887
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112E8C0 mov eax, dword ptr fs:[00000030h]0_2_0112E8C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D08C0 mov eax, dword ptr fs:[00000030h]0_2_011D08C0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113C8F9 mov eax, dword ptr fs:[00000030h]0_2_0113C8F9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113C8F9 mov eax, dword ptr fs:[00000030h]0_2_0113C8F9
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CA8E4 mov eax, dword ptr fs:[00000030h]0_2_011CA8E4
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h]0_2_0117EB1D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h]0_2_0117EB1D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h]0_2_0117EB1D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h]0_2_0117EB1D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h]0_2_0117EB1D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h]0_2_0117EB1D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h]0_2_0117EB1D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h]0_2_0117EB1D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h]0_2_0117EB1D
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4B00 mov eax, dword ptr fs:[00000030h]0_2_011D4B00
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112EB20 mov eax, dword ptr fs:[00000030h]0_2_0112EB20
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112EB20 mov eax, dword ptr fs:[00000030h]0_2_0112EB20
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C8B28 mov eax, dword ptr fs:[00000030h]0_2_011C8B28
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011C8B28 mov eax, dword ptr fs:[00000030h]0_2_011C8B28
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AEB50 mov eax, dword ptr fs:[00000030h]0_2_011AEB50
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D2B57 mov eax, dword ptr fs:[00000030h]0_2_011D2B57
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D2B57 mov eax, dword ptr fs:[00000030h]0_2_011D2B57
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D2B57 mov eax, dword ptr fs:[00000030h]0_2_011D2B57
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D2B57 mov eax, dword ptr fs:[00000030h]0_2_011D2B57
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B4B4B mov eax, dword ptr fs:[00000030h]0_2_011B4B4B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B4B4B mov eax, dword ptr fs:[00000030h]0_2_011B4B4B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011A8B42 mov eax, dword ptr fs:[00000030h]0_2_011A8B42
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01196B40 mov eax, dword ptr fs:[00000030h]0_2_01196B40
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01196B40 mov eax, dword ptr fs:[00000030h]0_2_01196B40
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011CAB40 mov eax, dword ptr fs:[00000030h]0_2_011CAB40
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010F8B50 mov eax, dword ptr fs:[00000030h]0_2_010F8B50
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_010FCB7E mov eax, dword ptr fs:[00000030h]0_2_010FCB7E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B4BB0 mov eax, dword ptr fs:[00000030h]0_2_011B4BB0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011B4BB0 mov eax, dword ptr fs:[00000030h]0_2_011B4BB0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110BBE mov eax, dword ptr fs:[00000030h]0_2_01110BBE
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110BBE mov eax, dword ptr fs:[00000030h]0_2_01110BBE
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AEBD0 mov eax, dword ptr fs:[00000030h]0_2_011AEBD0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01120BCB mov eax, dword ptr fs:[00000030h]0_2_01120BCB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01120BCB mov eax, dword ptr fs:[00000030h]0_2_01120BCB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01120BCB mov eax, dword ptr fs:[00000030h]0_2_01120BCB
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01100BCD mov eax, dword ptr fs:[00000030h]0_2_01100BCD
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01100BCD mov eax, dword ptr fs:[00000030h]0_2_01100BCD
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01100BCD mov eax, dword ptr fs:[00000030h]0_2_01100BCD
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01108BF0 mov eax, dword ptr fs:[00000030h]0_2_01108BF0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01108BF0 mov eax, dword ptr fs:[00000030h]0_2_01108BF0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01108BF0 mov eax, dword ptr fs:[00000030h]0_2_01108BF0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118CBF0 mov eax, dword ptr fs:[00000030h]0_2_0118CBF0
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112EBFC mov eax, dword ptr fs:[00000030h]0_2_0112EBFC
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0118CA11 mov eax, dword ptr fs:[00000030h]0_2_0118CA11
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01124A35 mov eax, dword ptr fs:[00000030h]0_2_01124A35
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01124A35 mov eax, dword ptr fs:[00000030h]0_2_01124A35
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113CA38 mov eax, dword ptr fs:[00000030h]0_2_0113CA38
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113CA24 mov eax, dword ptr fs:[00000030h]0_2_0113CA24
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0112EA2E mov eax, dword ptr fs:[00000030h]0_2_0112EA2E
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h]0_2_01106A50
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h]0_2_01106A50
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h]0_2_01106A50
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h]0_2_01106A50
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h]0_2_01106A50
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h]0_2_01106A50
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h]0_2_01106A50
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110A5B mov eax, dword ptr fs:[00000030h]0_2_01110A5B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01110A5B mov eax, dword ptr fs:[00000030h]0_2_01110A5B
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117CA72 mov eax, dword ptr fs:[00000030h]0_2_0117CA72
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0117CA72 mov eax, dword ptr fs:[00000030h]0_2_0117CA72
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011AEA60 mov eax, dword ptr fs:[00000030h]0_2_011AEA60
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113CA6F mov eax, dword ptr fs:[00000030h]0_2_0113CA6F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113CA6F mov eax, dword ptr fs:[00000030h]0_2_0113CA6F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0113CA6F mov eax, dword ptr fs:[00000030h]0_2_0113CA6F
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_01138A90 mov edx, dword ptr fs:[00000030h]0_2_01138A90
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h]0_2_0110EA80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h]0_2_0110EA80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h]0_2_0110EA80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h]0_2_0110EA80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h]0_2_0110EA80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h]0_2_0110EA80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h]0_2_0110EA80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h]0_2_0110EA80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h]0_2_0110EA80
        Source: C:\Users\user\Desktop\tZz1Ogtr2C.exeCode function: 0_2_011D4A80 mov eax, dword ptr fs:[00000030h]0_2_011D4A80
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        DLL Side-Loading        		1
        DLL Side-Loading        		2
        Virtualization/Sandbox Evasion        		OS Credential Dumping2
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
        Software Packing        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Deobfuscate/Decode Files or Information        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        System Information Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
        Obfuscated Files or Information        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        tZz1Ogtr2C.exe61%ReversingLabsWin32.Backdoor.FormBook
        tZz1Ogtr2C.exe100%AviraTR/Crypt.ZPACK.Gen
        tZz1Ogtr2C.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        No contacted domains info

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1530783
        Start date and time:2024-10-10 14:40:35 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 1s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Run name:Run with higher sleep bypass
        Number of analysed new started processes analysed:5
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:tZz1Ogtr2C.exe
        renamed because original name is a hash value
        Original Sample Name:2b2dd793a745ce3221f4e6641e88562fe642b37b08ff48ce004cdd886db6a5a1.exe
        Detection:MAL
        Classification:mal80.troj.winEXE@1/0@0/0
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 98%
        • Number of executed functions: 10
        • Number of non-executed functions: 334
        Cookbook Comments:
        • Found application associated with file extension: .exe
        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
        • Stop behavior analysis, all processes terminated

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size exceeded maximum capacity and may have missing disassembly code.
        • VT rate limit hit for: tZz1Ogtr2C.exe

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):7.991230960265921
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.98%
        • DOS Executable Generic (2002/1) 0.02%
        File name:tZz1Ogtr2C.exe
        File size:283'648 bytes
        MD5:d6afb0bc04fe2f54920119de06a0e344
        SHA1:766646d307944b5e70cad48ce6b0b70860e4685c
        SHA256:2b2dd793a745ce3221f4e6641e88562fe642b37b08ff48ce004cdd886db6a5a1
        SHA512:66fceaf6aa7dd6ec7c835de978b5cd4137e3f52969333e7e6c84833884cffc0799bfaf237e6d0afdcae24f52dd9240054ae7f5f6b37610db10f98df1d0569730
        SSDEEP:6144:HxDSS+IFiEfheucl+EGYPyos4hDinMeJI7Ky8DSO3OIlI4ZPg9g6:RDSS9FFheuo+FpYKGKxSGOYD6
        TLSH:7A5422077E746052D4958A355C2D3C504AFB3D170E7A629B2ACCA8C377317ECEB82A66
        File Content Preview:MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L....~.Z.................P...................`....@................

        File Icon

        Icon Hash:00928e8e8686b000

        Static PE Info

        General

        Entrypoint:0x401480
        Entrypoint Section:.text
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Time Stamp:0x5A0E7EAF [Fri Nov 17 06:16:15 2017 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:6
        OS Version Minor:0
        File Version Major:6
        File Version Minor:0
        Subsystem Version Major:6
        Subsystem Version Minor:0
        Import Hash:

        Entrypoint Preview

        Instruction
        push ebp
        mov ebp, esp
        sub esp, 000003D0h
        push ebx
        push esi
        push edi
        push 000003C8h
        lea eax, dword ptr [ebp-000003CCh]
        push 00000000h
        push eax
        mov dword ptr [ebp-000003D0h], 00000000h
        call 00007FF8091B9EECh
        add esp, 0Ch
        xor ebx, ebx
        xor edi, edi
        xor esi, esi
        inc esi
        mov eax, 92492493h
        imul esi
        add edx, esi
        sar edx, 02h
        mov eax, edx
        shr eax, 1Fh
        add eax, edx
        lea ecx, dword ptr [00000000h+eax*8]
        sub ecx, eax
        mov eax, esi
        sub eax, ecx
        jne 00007FF8091B85C3h
        inc esi
        cmp esi, 0000284Ch
        jl 00007FF8091B8596h
        call 00007FF8091BA1A2h
        mov dword ptr [ebp-00000114h], eax
        lea eax, dword ptr [ebp-000001A8h]
        push eax
        push 00001141h
        call 00007FF8091B826Bh
        lea eax, dword ptr [ebp-0000014Ch]
        push eax
        push 000038C7h
        call 00007FF8091B825Ah
        add esp, 10h
        mov edi, 00001408h
        mov eax, 1B4E81B5h
        imul edi
        sar edx, 03h
        mov edi, edx
        shr edi, 1Fh
        add edi, edx
        jne 00007FF8091B85AFh
        lea eax, dword ptr [ebp-0000014Ch]
        push 0145433Ah
        push eax
        call 00007FF8091B8B1Eh
        add esp, 08h
        mov ecx, 0000496Bh
        mov edx, 0000001Eh
        mov eax, 000000D8h

        Rich Headers

        Programming Language:
        • [C++] VS2012 build 50727
        • [ASM] VS2012 build 50727
        • [LNK] VS2012 build 50727

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000x44ec40x45000d0631fbe8c55097bb3fc9f325da0aa36False0.9896611752717391data7.995237143421081IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

        Network Behavior

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Oct 10, 2024 14:42:20.188899994 CEST5351562162.159.36.2192.168.2.8
        Oct 10, 2024 14:42:20.757322073 CEST53610741.1.1.1192.168.2.8

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:08:41:35
        Start date:10/10/2024
        Path:C:\Users\user\Desktop\tZz1Ogtr2C.exe
        Wow64 process (32bit):true
        Commandline:"C:\Users\user\Desktop\tZz1Ogtr2C.exe"
        Imagebase:0xd10000
        File size:283'648 bytes
        MD5 hash:D6AFB0BC04FE2F54920119DE06A0E344
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Yara matches:
        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
        Reputation:low
        Has exited:true

        Disassembly

        Reset < >

          Execution Graph

          Execution Coverage:0.8%
          Dynamic/Decrypted Code Coverage:5.6%
          Signature Coverage:9.3%
          Total number of Nodes:107
          Total number of Limit Nodes:10
          execution_graph 95610 d3f4f3 95613 d3e2d3 95610->95613 95616 d3c543 95613->95616 95615 d3e2ec 95617 d3c560 95616->95617 95618 d3c571 RtlFreeHeap 95617->95618 95618->95615 95619 d3f493 95620 d3f4a3 95619->95620 95621 d3f4a9 95619->95621 95624 d3e3b3 95621->95624 95623 d3f4cf 95627 d3c4f3 95624->95627 95626 d3e3ce 95626->95623 95628 d3c510 95627->95628 95629 d3c521 RtlAllocateHeap 95628->95629 95629->95626 95630 d34933 95634 d3494c 95630->95634 95631 d349d9 95632 d34994 95633 d3e2d3 RtlFreeHeap 95632->95633 95635 d349a4 95633->95635 95634->95631 95634->95632 95636 d349d4 95634->95636 95637 d3e2d3 RtlFreeHeap 95636->95637 95637->95631 95719 d3b7e3 95720 d3b800 95719->95720 95723 1142df0 LdrInitializeThunk 95720->95723 95721 d3b828 95723->95721 95729 d345a3 95730 d345bf 95729->95730 95731 d345e7 95730->95731 95732 d345fb 95730->95732 95733 d3c1e3 NtClose 95731->95733 95734 d3c1e3 NtClose 95732->95734 95735 d345f0 95733->95735 95736 d34604 95734->95736 95739 d3e3f3 RtlAllocateHeap 95736->95739 95738 d3460f 95739->95738 95638 d27333 95639 d27357 95638->95639 95640 d27393 LdrLoadDll 95639->95640 95641 d2735e 95639->95641 95640->95641 95740 d23823 95742 d23843 95740->95742 95744 d238ac 95742->95744 95745 d2af93 RtlFreeHeap LdrInitializeThunk 95742->95745 95743 d238a2 95745->95743 95746 1142b60 LdrInitializeThunk 95642 d34134 95643 d34155 95642->95643 95644 d34173 95643->95644 95645 d34188 95643->95645 95646 d3c1e3 NtClose 95644->95646 95653 d3c1e3 95645->95653 95648 d3417c 95646->95648 95649 d341c8 95650 d34191 95650->95649 95651 d3e2d3 RtlFreeHeap 95650->95651 95652 d341bc 95651->95652 95654 d3c200 95653->95654 95655 d3c211 NtClose 95654->95655 95655->95650 95656 d1197b 95657 d11983 95656->95657 95660 d3f963 95657->95660 95658 d11a7d 95658->95658 95663 d3de43 95660->95663 95664 d3de86 95663->95664 95673 d172e3 95664->95673 95666 d3de9c 95672 d3def8 95666->95672 95676 d2ac83 95666->95676 95668 d3debb 95669 d3ded0 95668->95669 95670 d3c593 ExitProcess 95668->95670 95687 d3c593 95669->95687 95670->95669 95672->95658 95690 d25ff3 95673->95690 95675 d172f0 95675->95666 95677 d2acaf 95676->95677 95708 d2ab73 95677->95708 95680 d2acf4 95683 d2ad10 95680->95683 95685 d3c1e3 NtClose 95680->95685 95681 d2acdc 95682 d2ace7 95681->95682 95684 d3c1e3 NtClose 95681->95684 95682->95668 95683->95668 95684->95682 95686 d2ad06 95685->95686 95686->95668 95688 d3c5b0 95687->95688 95689 d3c5c1 ExitProcess 95688->95689 95689->95672 95691 d2600d 95690->95691 95693 d26026 95691->95693 95694 d3cc23 95691->95694 95693->95675 95696 d3cc3d 95694->95696 95695 d3cc6c 95695->95693 95696->95695 95701 d3b833 95696->95701 95699 d3e2d3 RtlFreeHeap 95700 d3cce2 95699->95700 95700->95693 95702 d3b850 95701->95702 95705 1142c0a 95702->95705 95703 d3b87c 95703->95699 95706 1142c11 95705->95706 95707 1142c1f LdrInitializeThunk 95705->95707 95706->95703 95707->95703 95709 d2ac69 95708->95709 95710 d2ab8d 95708->95710 95709->95680 95709->95681 95714 d3b8d3 95710->95714 95713 d3c1e3 NtClose 95713->95709 95715 d3b8f0 95714->95715 95718 11435c0 LdrInitializeThunk 95715->95718 95716 d2ac5d 95716->95713 95718->95716

          Executed Functions

          Function 00D27333 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 25 d27333-d2735c call d3efd3 28 d27362-d27370 call d3f5d3 25->28 29 d2735e-d27361 25->29 32 d27372-d2737d call d3f873 28->32 33 d27380-d27391 call d3d913 28->33 32->33 38 d27393-d273a7 LdrLoadDll 33->38 39 d273aa-d273ad 33->39 38->39
          APIs
          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00D273A5
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID: Load
          • String ID:
          • API String ID: 2234796835-0
          • Opcode ID: e7dc6d0ee477ae157b340f19dc69921457d9f0c8687afbf7a2d1384491327b0c
          • Instruction ID: 67fe635fdbdce42e22eeb9b12aedd8afc781730ca0d5d8ea08c2f30c6f5e9eb5
          • Opcode Fuzzy Hash: e7dc6d0ee477ae157b340f19dc69921457d9f0c8687afbf7a2d1384491327b0c
          • Instruction Fuzzy Hash: BE011EB5D0020DABDF10DBE4DC42F9EB7B8AB54308F0481A5ED1897281F671EB189BB1
          Function 00D3C1E3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 50 d3c1e3-d3c21f call d14563 call d3d413 NtClose
          APIs
          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00D3C21A
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID: Close
          • String ID:
          • API String ID: 3535843008-0
          • Opcode ID: 70fa0a461b69641f6e22b1b0db186f14ee8558141ab0a1675547a1011abc406e
          • Instruction ID: 33cbf494bd2b2e8b5bb37c1e9443788f8610170223e2a15dd40a73d863cd9ecc
          • Opcode Fuzzy Hash: 70fa0a461b69641f6e22b1b0db186f14ee8558141ab0a1675547a1011abc406e
          • Instruction Fuzzy Hash: 6CE08C322002087BE620EB59EC42FDB77ADDFC5720F008415FA08AB242D7B1BA018BF0
          Function 01142B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 64 1142b60-1142b6c LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: a90c2b1da3a24100a86a9835afa027171611ddc174f0a61628c0e0b864a7baf4
          • Instruction ID: 24c54b08d534af1a448593e9c19fc1330cb911b1899edcd7107a9966507bce0f
          • Opcode Fuzzy Hash: a90c2b1da3a24100a86a9835afa027171611ddc174f0a61628c0e0b864a7baf4
          • Instruction Fuzzy Hash: B690026120240043424971598514616400A97E0201B55C021F5115590DC62589916625
          Function 01142DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 66 1142df0-1142dfc LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 3b1c48adf025244af7bc636abfddebca4b121fac4d8d8fad738348bce1348cb5
          • Instruction ID: e8523e5f539f76d97e6074d5a3e98f1b02a3e4efa5dbe39e5cf5af5196f756f2
          • Opcode Fuzzy Hash: 3b1c48adf025244af7bc636abfddebca4b121fac4d8d8fad738348bce1348cb5
          • Instruction Fuzzy Hash: B290023120140453D25571598604707000997D0241F95C412B4525558DD7568A52A621
          Function 01142C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 65 1142c70-1142c7c LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 4acbf673a99cf0cb73d2cb224781aab4a0c1cde6cc9a44e086f3f592bdc2dd3e
          • Instruction ID: 3bc3e2892cb4fc14f3fb96c7f22e7f9f92baf7275aae44581ea1ff5ad72ae39a
          • Opcode Fuzzy Hash: 4acbf673a99cf0cb73d2cb224781aab4a0c1cde6cc9a44e086f3f592bdc2dd3e
          • Instruction Fuzzy Hash: E490023120148842D2547159C50474A000597D0301F59C411B8525658DC79589917621
          Function 011435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 67 11435c0-11435cc LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: cbfdf6cad0dca05251499e114acad9e979c719ef36b0f4eda97f0819788579aa
          • Instruction ID: 3ca4f1105e5f8c84f35f36511cc64975d0b04f166e50e3c8b1360365d02ffd98
          • Opcode Fuzzy Hash: cbfdf6cad0dca05251499e114acad9e979c719ef36b0f4eda97f0819788579aa
          • Instruction Fuzzy Hash: FF90023160550442D24471598614706100597D0201F65C411B4525568DC7958A516AA2
          Function 00D3C4F3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 40 d3c4f3-d3c537 call d14563 call d3d413 RtlAllocateHeap
          APIs
          • RtlAllocateHeap.NTDLL(?,00D2E134,?,?,00000000,?,00D2E134,?,?,?), ref: 00D3C532
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID: AllocateHeap
          • String ID:
          • API String ID: 1279760036-0
          • Opcode ID: fb9fff82549313d8670c2276e85e9b2aab0521e3aa021a12b13ef06f0889fb10
          • Instruction ID: edebb5b46d1849223da20b9ae18ade34019473a107290158b3439b9e5c20f1ca
          • Opcode Fuzzy Hash: fb9fff82549313d8670c2276e85e9b2aab0521e3aa021a12b13ef06f0889fb10
          • Instruction Fuzzy Hash: 1EE092722002087BD610EF58EC45FDB77ADDFC9710F004418F908A7242DA70B9118BB4
          Function 00D3C543 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 45 d3c543-d3c587 call d14563 call d3d413 RtlFreeHeap
          APIs
          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BCA62C1,00000007,00000000,00000004,00000000,00D26BBA,000000F4), ref: 00D3C582
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID: FreeHeap
          • String ID:
          • API String ID: 3298025750-0
          • Opcode ID: 1d1f6edd5cc5d22d980b07ef0471be2f6c713a232603b345be949fbbdcefdb86
          • Instruction ID: 7cc8d563c92ad315167612c610ed27b1b7715063b287ca4e309351be7ec0721c
          • Opcode Fuzzy Hash: 1d1f6edd5cc5d22d980b07ef0471be2f6c713a232603b345be949fbbdcefdb86
          • Instruction Fuzzy Hash: 5CE06D716002047BD610EE58EC41FDB77ADEFC5710F004418F908A7242DA71B9108BB5
          Function 00D3C593 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 55 d3c593-d3c5cf call d14563 call d3d413 ExitProcess
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID: ExitProcess
          • String ID:
          • API String ID: 621844428-0
          • Opcode ID: 9d95a9a420eb605355ae14fdb3f4d3759436f2a3bd64715c38d85b3c9f926ae9
          • Instruction ID: 4ea4111a596c5d2f667656a70dbf6a5ce26e51929201aef7d563e61f966a5b8b
          • Opcode Fuzzy Hash: 9d95a9a420eb605355ae14fdb3f4d3759436f2a3bd64715c38d85b3c9f926ae9
          • Instruction Fuzzy Hash: 20E08C366003147BD620EA5AEC41FDB7BADDFC5720F008419FA08A7242CBB0BA018BF0
          Function 01142C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 60 1142c0a-1142c0f 61 1142c11-1142c18 60->61 62 1142c1f-1142c26 LdrInitializeThunk 60->62
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: dba909999f6eedaa3c6d7c0f03c52461cd82fe67309f8eceeab1734e858887a3
          • Instruction ID: 51df5e1f68fe0b5a2ecdb307994e9fb93c240db987ca5410b4ebd93c8612a4fa
          • Opcode Fuzzy Hash: dba909999f6eedaa3c6d7c0f03c52461cd82fe67309f8eceeab1734e858887a3
          • Instruction Fuzzy Hash: 3EB09B719015C5C6DB55E7645708717790077D0701F25C061F2130641F4778C1D1E675

          Non-executed Functions

          Function 01182349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
          • API String ID: 0-2160512332
          • Opcode ID: 7a3a4d6a68cb176733b82a9fe0219aef92aee87dd1f7bc591adefc347a8de12d
          • Instruction ID: c74f28e9324c2d48f8f058eb236482a8236ed9433850122b3e912be90f3f9a0f
          • Opcode Fuzzy Hash: 7a3a4d6a68cb176733b82a9fe0219aef92aee87dd1f7bc591adefc347a8de12d
          • Instruction Fuzzy Hash: EC928071604742AFE72AEF19C840B6BBBE8BB84754F04892DFA95D7250D770E844CF92
          Function 010F68B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-3089669407
          • Opcode ID: fe0cb4d1a61d9ee4fb864c8397a8296beb76b0b4d8256562173dfcf88da28271
          • Instruction ID: 17c64ae3238f16e2a6f1c6dcbaec049120bde384ae757427d65311e3b1986408
          • Opcode Fuzzy Hash: fe0cb4d1a61d9ee4fb864c8397a8296beb76b0b4d8256562173dfcf88da28271
          • Instruction Fuzzy Hash: D28160B2D0221DBF9B59EAE4DDC1EEE77BEAB04614B04043ABA50F7110E731DD458BA1
          Function 011A5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
          Download Yara Rule
          Strings
          • @, xrefs: 011A61B0
          • Control Panel\Desktop, xrefs: 011A615E
          • @, xrefs: 011A63A0
          • @, xrefs: 011A647A
          • PreferredUILanguages, xrefs: 011A63D1
          • @, xrefs: 011A6027
          • PreferredUILanguagesPending, xrefs: 011A61D2
          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 011A635D
          • InstallLanguageFallback, xrefs: 011A6050
          • @, xrefs: 011A6277
          • LanguageConfigurationPending, xrefs: 011A6221
          • LanguageConfiguration, xrefs: 011A6420
          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 011A5FE1
          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 011A5A84
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
          • API String ID: 0-1325123933
          • Opcode ID: a7624a8ee945f701e2dd7c6b0232ccf33b95f5cc7811326add494cc3048e6bd4
          • Instruction ID: 332c293950b04043aedc7c3430ddb8fac958bb7b85d1dcda6c1c021cc8882830
          • Opcode Fuzzy Hash: a7624a8ee945f701e2dd7c6b0232ccf33b95f5cc7811326add494cc3048e6bd4
          • Instruction Fuzzy Hash: B17259755083419FD369DF28C840BABBBEAFB88754F84492EFA95D7250E730D805CB92
          Function 01138620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
          Download Yara Rule
          Strings
          • Invalid debug info address of this critical section, xrefs: 011754B6
          • Critical section address., xrefs: 01175502
          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0117540A, 01175496, 01175519
          • Thread identifier, xrefs: 0117553A
          • Address of the debug info found in the active list., xrefs: 011754AE, 011754FA
          • undeleted critical section in freed memory, xrefs: 0117542B
          • corrupted critical section, xrefs: 011754C2
          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011754E2
          • Critical section debug info address, xrefs: 0117541F, 0117552E
          • 8, xrefs: 011752E3
          • double initialized or corrupted critical section, xrefs: 01175508
          • Thread is in a state in which it cannot own a critical section, xrefs: 01175543
          • Critical section address, xrefs: 01175425, 011754BC, 01175534
          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011754CE
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
          • API String ID: 0-2368682639
          • Opcode ID: dbfbdc1d62834fc8b2abfb9429bc21b548139ab6def3c6eb504c1f9139e50503
          • Instruction ID: 87c1c57de1ec13071f9f8b2afd0ffcc3489b52227d7cde1e81868d679e489d2a
          • Opcode Fuzzy Hash: dbfbdc1d62834fc8b2abfb9429bc21b548139ab6def3c6eb504c1f9139e50503
          • Instruction Fuzzy Hash: A181B1B1A40358EFDB68CF9AC845BAEBBF6FB48704F14811AF544BB690D371A940CB50
          Function 011329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
          Download Yara Rule
          Strings
          • @, xrefs: 0117259B
          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01172506
          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01172409
          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01172498
          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011725EB
          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011724C0
          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011722E4
          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01172412
          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01172602
          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01172624
          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0117261F
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
          • API String ID: 0-4009184096
          • Opcode ID: 8f94c29fed009465d2fb82066915d0d30da7209f75069077107f7cfa868c072e
          • Instruction ID: 0cdb13c0438db5ccb82bf3e4b1b754a6232439bde5de7975805dad90b2ec572e
          • Opcode Fuzzy Hash: 8f94c29fed009465d2fb82066915d0d30da7209f75069077107f7cfa868c072e
          • Instruction Fuzzy Hash: E3028EF1D002299FDB39DB54CC80BDAB7B8AB54704F0141EAA649A7241EB309F85CF99
          Function 01130F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
          • API String ID: 0-360209818
          • Opcode ID: ac6276236376f876ddd1806be3ffd6cda393892c6c4b6ee1175e050cac0ad4d1
          • Instruction ID: f29c162e27fa8d219e19c0e66dabf8990ff602019f429f0d0fb83202ec93b0ef
          • Opcode Fuzzy Hash: ac6276236376f876ddd1806be3ffd6cda393892c6c4b6ee1175e050cac0ad4d1
          • Instruction Fuzzy Hash: 9062AFB1E00229AFEB28CF18C8417A9B7B6BFC5310F5582DAD549AB344D7725AD1CF41
          Function 011A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
          • API String ID: 0-2515994595
          • Opcode ID: e9456fac12bf28b26eeb9f0d37f5f67c4adaa81bee39604064803961c1c262c1
          • Instruction ID: fa5d65193a7072ab729670868cde2359603bdf677ba117fdedb9863453b970eb
          • Opcode Fuzzy Hash: e9456fac12bf28b26eeb9f0d37f5f67c4adaa81bee39604064803961c1c262c1
          • Instruction Fuzzy Hash: DD51CD755083119BC32DDF18C844BABBFE8EF94649F94492EE998C7284E770D608CBD2
          Function 011B12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
          • API String ID: 0-3591852110
          • Opcode ID: bd106b5824f48d362cc5dd0cf4b2938bf9f84ac6e827077800643c5de6edca23
          • Instruction ID: 96ec6d75c996da60f3732f279e2a1c86702c78f06356b8981249e0c617c12e04
          • Opcode Fuzzy Hash: bd106b5824f48d362cc5dd0cf4b2938bf9f84ac6e827077800643c5de6edca23
          • Instruction Fuzzy Hash: 0C129A30604642EFD7298F29D4A5BF6BBE1FF0A714F1A845DE9868BA41D734E880CB51
          Function 0111AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
          • API String ID: 0-3197712848
          • Opcode ID: e6d293ee30d2d44a50a35dd4f6c2d768fe6e6fe329856c8763efe53ccaadfff1
          • Instruction ID: 9b247c73bd4d4b4aeb6648608dab90326a5d067a73e68231cac7187d6e996f69
          • Opcode Fuzzy Hash: e6d293ee30d2d44a50a35dd4f6c2d768fe6e6fe329856c8763efe53ccaadfff1
          • Instruction Fuzzy Hash: 2B12EE716093928FD32CDF28D440BAAFBE5BF84718F05492DF9858B299E730D944CB92
          Function 010FD34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
          • API String ID: 0-3532704233
          • Opcode ID: af1bd7cfff5c3695a305bc3a187cca52422747097d1062d66bfd675090f4b272
          • Instruction ID: 3e7b122304ea2f6ed9661557e926e9be7568c8b9d53033237b4464524a1723a3
          • Opcode Fuzzy Hash: af1bd7cfff5c3695a305bc3a187cca52422747097d1062d66bfd675090f4b272
          • Instruction Fuzzy Hash: AEB1AC725083129FD765CF68C481A6FBBE8BF88B14F01492EFAD9D7600D730D9448B92
          Function 011B0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
          • API String ID: 0-1357697941
          • Opcode ID: a96d4bc798d8689f2d5bf294aadbe7a939688c3c3d33be5016e0d0c528644570
          • Instruction ID: 13407f625b1e53b8e6e6baf58cbd131cb9e061152ddc17ce79393434829b8e39
          • Opcode Fuzzy Hash: a96d4bc798d8689f2d5bf294aadbe7a939688c3c3d33be5016e0d0c528644570
          • Instruction Fuzzy Hash: FEF11031A04646EFDB29DF68C491BEABBF4FF09714F09805DE6819B682C730A945CB51
          Function 011B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
          • API String ID: 0-1700792311
          • Opcode ID: a2ae273c6e324c6524fb6163d2f9596774166f4592ae34925a4cd282e687755c
          • Instruction ID: ee75d759714772a57ecac2ddac0b850811a7f4ea45225d18bd0b073ddc8a6c52
          • Opcode Fuzzy Hash: a2ae273c6e324c6524fb6163d2f9596774166f4592ae34925a4cd282e687755c
          • Instruction Fuzzy Hash: 72D1FC31604A86DFDB2ADF68C481AEEBBF1FF4A714F18805DF5859BA52C7349981CB10
          Function 011889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
          Download Yara Rule
          Strings
          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01188A67
          • VerifierDebug, xrefs: 01188CA5
          • AVRF: -*- final list of providers -*- , xrefs: 01188B8F
          • VerifierDlls, xrefs: 01188CBD
          • VerifierFlags, xrefs: 01188C50
          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01188A3D
          • HandleTraces, xrefs: 01188C8F
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
          • API String ID: 0-3223716464
          • Opcode ID: 3c2327bd9caf76df4957809764e1c4631eabaaa5f8cdfcbe29a2090b3edc9890
          • Instruction ID: 4165861cc3f54f6437ac8ac57b2fee38bad01c551db5eb03a2199a3292d6babd
          • Opcode Fuzzy Hash: 3c2327bd9caf76df4957809764e1c4631eabaaa5f8cdfcbe29a2090b3edc9890
          • Instruction Fuzzy Hash: 4C914672641716EFD32DFF288880F6A7BE5AB94758F85852CFA40AB285C7309C45CF91
          Function 0110EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
          • API String ID: 0-1109411897
          • Opcode ID: cab8013b49d2b5842ddd4102f20633f9351f755bb6aca06f388073a97edbb81c
          • Instruction ID: 3c3c13111c5e64e4058feb24028fe800ccb8aa1f7842a7d5341af349e23a7f88
          • Opcode Fuzzy Hash: cab8013b49d2b5842ddd4102f20633f9351f755bb6aca06f388073a97edbb81c
          • Instruction Fuzzy Hash: 7CA25770E0562ACFDB79CF19C8887A9BBB5AF49304F1442E9D90DA7690DB719E81CF01
          Function 010FF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-523794902
          • Opcode ID: 6edc10cd3d39216fafc37ec182b05e1b46ec50030ca50f666e80a244ecaee4c6
          • Instruction ID: e78878c3f7171ff0834a34876a23d3fc1b09a0e3266296e0f2e4506f0678abb6
          • Opcode Fuzzy Hash: 6edc10cd3d39216fafc37ec182b05e1b46ec50030ca50f666e80a244ecaee4c6
          • Instruction Fuzzy Hash: C9420F36609382CFD759CF28C885A6ABBE1FF88604F04496DEAD5CB742DB34D941CB52
          Function 0110ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
          • API String ID: 0-4098886588
          • Opcode ID: c77cb84718cce393b4b4391f431fc291874bce51a3c67979bff02fe259dedd94
          • Instruction ID: 2bfe9c073972de8f7d35c4936e131e93f52b2d1f3c17f84fbeb39c808403156b
          • Opcode Fuzzy Hash: c77cb84718cce393b4b4391f431fc291874bce51a3c67979bff02fe259dedd94
          • Instruction Fuzzy Hash: 9C32C274D082698BDB2BCF18C894BEEB7B9BF44340F1140E9E859A7291D7B19E81CF45
          Function 0111B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
          • API String ID: 0-122214566
          • Opcode ID: 43de980ba17541b49685d7b974d3fd68ece78dd12c27824060f0d0f454116599
          • Instruction ID: 1c6d71a0f9082e846ed90fb07e5693770ec9e48e9e9f378a078c1a5313c79daf
          • Opcode Fuzzy Hash: 43de980ba17541b49685d7b974d3fd68ece78dd12c27824060f0d0f454116599
          • Instruction Fuzzy Hash: 32C17A31A083159BDB2D9F68C880BBEFBB5AF45304F04807DED029B289EB74D854C395
          Function 011363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
          • API String ID: 0-792281065
          • Opcode ID: 3ef4555fcfdd757692296e5b689304846083bf0035aa964b1dbc46e00a4dd8cd
          • Instruction ID: 2f477dc64db8d289606ef4ff4dcc1168c8f3e15d8ccc4ac22f744ecb5c7cd7ea
          • Opcode Fuzzy Hash: 3ef4555fcfdd757692296e5b689304846083bf0035aa964b1dbc46e00a4dd8cd
          • Instruction Fuzzy Hash: CC914830F01711ABEB2DEF18E844BAE7BB6BF81B58F14012CE9606B785D7709981C791
          Function 010F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
          Download Yara Rule
          Strings
          • apphelp.dll, xrefs: 010F6496
          • minkernel\ntdll\ldrinit.c, xrefs: 01159A11, 01159A3A
          • LdrpInitShimEngine, xrefs: 011599F4, 01159A07, 01159A30
          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011599ED
          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01159A01
          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01159A2A
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-204845295
          • Opcode ID: 8600f15b4ff490954977c1b1e6f3ca070f07a3a679b4a4536e462b017178bf54
          • Instruction ID: 0105d6a5b7afee8a44bf9b703e45c45d53e986014c31dc236679d648efa72888
          • Opcode Fuzzy Hash: 8600f15b4ff490954977c1b1e6f3ca070f07a3a679b4a4536e462b017178bf54
          • Instruction Fuzzy Hash: 2C519171218709DFE728DB24C846BAB77E9FB84748F04052DFAA59B150D731E944CBA3
          Function 01132674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
          Download Yara Rule
          Strings
          • RtlGetAssemblyStorageRoot, xrefs: 01172160, 0117219A, 011721BA
          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01172178
          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0117219F
          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01172180
          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011721BF
          • SXS: %s() passed the empty activation context, xrefs: 01172165
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
          • API String ID: 0-861424205
          • Opcode ID: 91341de77713065024127f48def8947872e50e0d650309a56ebd9f24ddd7eaca
          • Instruction ID: 4b803dbda3d26632e8035cce6cb245441c395455d49eb4ee860c9ab7f15d8b83
          • Opcode Fuzzy Hash: 91341de77713065024127f48def8947872e50e0d650309a56ebd9f24ddd7eaca
          • Instruction Fuzzy Hash: BC314B36F402117BF72AAA9A9C45F5B7B78FFE5A90F054059BB046B204D3709A02C7E1
          Function 0113C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
          Download Yara Rule
          Strings
          • LdrpInitializeImportRedirection, xrefs: 01178177, 011781EB
          • Loading import redirection DLL: '%wZ', xrefs: 01178170
          • Unable to build import redirection Table, Status = 0x%x, xrefs: 011781E5
          • LdrpInitializeProcess, xrefs: 0113C6C4
          • minkernel\ntdll\ldrinit.c, xrefs: 0113C6C3
          • minkernel\ntdll\ldrredirect.c, xrefs: 01178181, 011781F5
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
          • API String ID: 0-475462383
          • Opcode ID: 5a9d4e1ed07c907d6c38554771211797a9a57838c2e9a91b8173336fdfee5dfe
          • Instruction ID: d89eca977d084c413ca2290f6bed91aecf97f7c28e7d046e48d1edc30582131c
          • Opcode Fuzzy Hash: 5a9d4e1ed07c907d6c38554771211797a9a57838c2e9a91b8173336fdfee5dfe
          • Instruction Fuzzy Hash: DD31F7716447469FC21CEF29D84AE1A7BE5EF94B54F04056CF9856B391DB20EC04C7A2
          Function 01119950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
          • API String ID: 0-3393094623
          • Opcode ID: cf921c3ee52eb01e1c5379f4a3e64d58468d80932dd07479f82ce1c671d1d2c9
          • Instruction ID: 01cd070dbe81f0a144f1b8e4fcc1e80b56203fb8059082c38b12f451b15450ff
          • Opcode Fuzzy Hash: cf921c3ee52eb01e1c5379f4a3e64d58468d80932dd07479f82ce1c671d1d2c9
          • Instruction Fuzzy Hash: 3D02AE715093958FD729CF28C090BABFBE5BF84708F45882EE9A987254E771D844CB93
          Function 0114096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 01142DF0: LdrInitializeThunk.NTDLL ref: 01142DFA
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140BA3
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140BB6
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140D60
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140D74
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
          • String ID:
          • API String ID: 1404860816-0
          • Opcode ID: c717cc1cbf402d1c37e0fd08505c0535d7e6cb697f6009eda8c739a77c887831
          • Instruction ID: 5f8a9fae589bea6fa889a8234bd27eea2d0d25a7ba87fa1c14510f41d55c7050
          • Opcode Fuzzy Hash: c717cc1cbf402d1c37e0fd08505c0535d7e6cb697f6009eda8c739a77c887831
          • Instruction Fuzzy Hash: 25426C71900719DFDB29CF28C840BEAB7F5BF48714F1445A9EA89EB241E770A984CF61
          Function 01184F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
          • API String ID: 0-2518169356
          • Opcode ID: 8ea2c1e49d8cbd21f256c8b18369f5210c0593320eb24f07913cf9f04f5e730b
          • Instruction ID: db24f2fcdeeeae8e2c3fd4d0ae93fd4ffb13aedc38b38c3868a3bbbd50743053
          • Opcode Fuzzy Hash: 8ea2c1e49d8cbd21f256c8b18369f5210c0593320eb24f07913cf9f04f5e730b
          • Instruction Fuzzy Hash: 6D91C172D0061A9BCB29DF9CC880AAEFBB2FF48314F598169E915E7350E735D901CB91
          Function 011170C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
          • API String ID: 0-3178619729
          • Opcode ID: b3473d616008b1a018c910b9b99a8d44989e35fbd53123625c1bd40d326d9f73
          • Instruction ID: b321ae3c948db504c75022a666746bd6d3ba4ff408c634c17c23ab416a6fbdfa
          • Opcode Fuzzy Hash: b3473d616008b1a018c910b9b99a8d44989e35fbd53123625c1bd40d326d9f73
          • Instruction Fuzzy Hash: E9138C70A0065ACFDB2DCF68C4907A9FBF1FF49304F1481A9D949AB389D734A946CB91
          Function 0111A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
          Download Yara Rule
          Strings
          • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01167D03
          • SsHd, xrefs: 0111A885
          • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01167D56
          • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01167D39
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
          • API String ID: 0-2905229100
          • Opcode ID: 0cc4097445e1ce654b5b68b852aa3c2a3dae31f1cf812963c680e0070b4ac097
          • Instruction ID: 7566d66c21b6d85198706133e4ca550ecba0145491223d76096785b49e6a125b
          • Opcode Fuzzy Hash: 0cc4097445e1ce654b5b68b852aa3c2a3dae31f1cf812963c680e0070b4ac097
          • Instruction Fuzzy Hash: 69D1C436A01259CFDB1DCF98E4C0AADFBB6FF58314F154069E905AB349E3319891CB91
          Function 0110A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
          • API String ID: 0-379654539
          • Opcode ID: 137ed1b1b4559b06d8ac901f47a618df4964f89f59c1220565a70541b24deb4b
          • Instruction ID: 8d9d59ed0fb216b578c021d27dcb41be6d6e679dc181d4c7953549c20ea109f8
          • Opcode Fuzzy Hash: 137ed1b1b4559b06d8ac901f47a618df4964f89f59c1220565a70541b24deb4b
          • Instruction Fuzzy Hash: 11C19B74908382CFD71ACF68D040B6AB7E4BF84704F05896AF995CB291E7B5C949CB53
          Function 01138402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
          Download Yara Rule
          Strings
          • LdrpInitializeProcess, xrefs: 01138422
          • minkernel\ntdll\ldrinit.c, xrefs: 01138421
          • @, xrefs: 01138591
          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0113855E
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
          • API String ID: 0-1918872054
          • Opcode ID: 4e8ba1fceae5eb6a269a61dca5daa7137c95f6ab92e0764292e5827f577b2456
          • Instruction ID: 8d90befcd33ba622f1d6cdbad24c0a63a841c611ff55f41ba053b74c08abe7c1
          • Opcode Fuzzy Hash: 4e8ba1fceae5eb6a269a61dca5daa7137c95f6ab92e0764292e5827f577b2456
          • Instruction Fuzzy Hash: 7B91BF71648345AFD72ADF65CC40FABBBE8BF84744F400A2EFA8496145E734D944CB62
          Function 01110C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
          Download Yara Rule
          Strings
          • HEAP: , xrefs: 011654E0, 011655A1
          • HEAP[%wZ]: , xrefs: 011654D1, 01165592
          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 011654ED
          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 011655AE
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
          • API String ID: 0-1657114761
          • Opcode ID: bd645ac5b6b9e0b8b9aa1b15a612b204f062b64d5705eeb2b15ca4ecc27ce08f
          • Instruction ID: 8c7860d693b33783d5417a741d39595075d2c0551abbf68c4ce07cfdd64fe062
          • Opcode Fuzzy Hash: bd645ac5b6b9e0b8b9aa1b15a612b204f062b64d5705eeb2b15ca4ecc27ce08f
          • Instruction Fuzzy Hash: 28A1B130A043069BDB2DCF28C8417BAFBB1AF59304F54817DF5968B64AD734E984CB51
          Function 0113273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
          Download Yara Rule
          Strings
          • .Local, xrefs: 011328D8
          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011721D9, 011722B1
          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011722B6
          • SXS: %s() passed the empty activation context, xrefs: 011721DE
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
          • API String ID: 0-1239276146
          • Opcode ID: 554dc23cbe5ea9089c72dadc5f0aa521907d8d6d4eeea82f491467dac6daa2bd
          • Instruction ID: 19fa4677a29528a8e6955f3208eb65c8ed556f6551a5350811eec772d14d9b9e
          • Opcode Fuzzy Hash: 554dc23cbe5ea9089c72dadc5f0aa521907d8d6d4eeea82f491467dac6daa2bd
          • Instruction Fuzzy Hash: 80A1D031900229DFDB28DF68C884BA9B7B1BF98354F1541EAD948AB355E730DE81CF81
          Function 011064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
          Download Yara Rule
          Strings
          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0116106B
          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01160FE5
          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011610AE
          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01161028
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
          • API String ID: 0-1468400865
          • Opcode ID: c54f6e17a1fb3beacf4a283a7a35f171365af6181bbe1ebd629df9661c7c283d
          • Instruction ID: ff80e41c19c789bfa8dae64999b6d208fe4cf64dc5aa752a307d4d3b98bac25c
          • Opcode Fuzzy Hash: c54f6e17a1fb3beacf4a283a7a35f171365af6181bbe1ebd629df9661c7c283d
          • Instruction Fuzzy Hash: D071F1719043459FCB25DF14C884F977FA8AF987A8F000468F9488B186D375D598CFD2
          Function 0112245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
          Download Yara Rule
          Strings
          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0116A992
          • apphelp.dll, xrefs: 01122462
          • minkernel\ntdll\ldrinit.c, xrefs: 0116A9A2
          • LdrpDynamicShimModule, xrefs: 0116A998
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-176724104
          • Opcode ID: a798aef0b444a009b73d7bff5dea67ce574210a5859cc1c43a1749d994e88fde
          • Instruction ID: 203210ef61ae1e5b50505bcff116300aca3bc382ee5c071ee7851424f8e2affb
          • Opcode Fuzzy Hash: a798aef0b444a009b73d7bff5dea67ce574210a5859cc1c43a1749d994e88fde
          • Instruction Fuzzy Hash: C6313B75600301ABD73D9F5DE845EAE77B9FF84704F26002EE52177245D7B15992CB80
          Function 011129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
          Download Yara Rule
          Strings
          • HEAP: , xrefs: 01113264
          • HEAP[%wZ]: , xrefs: 01113255
          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0111327D
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
          • API String ID: 0-617086771
          • Opcode ID: 6960e3ae1fa7d802744ea23e5a9d71c8f0d7e3ebe15e1eee1397da4e5babef34
          • Instruction ID: 5e5ec3c3e76dca513b3feb66b7b5665a4b06a85a5962c7cb24e8ecda19425522
          • Opcode Fuzzy Hash: 6960e3ae1fa7d802744ea23e5a9d71c8f0d7e3ebe15e1eee1397da4e5babef34
          • Instruction Fuzzy Hash: 8E92CC71A042499FDB29CF68C440BAEFBF1FF48314F288469E859AB399D734A941CF51
          Function 011902C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: """"$MitigationAuditOptions$MitigationOptions
          • API String ID: 0-1670051934
          • Opcode ID: b8c5e7bda3ca1a6b118775c7cb6ca75ef5bec6c9b472b505483aecdfeaba926b
          • Instruction ID: 8a40daf8ab73db0d42b3cbd33e3979e1ddc8343080c4c996269b8e0596787e3e
          • Opcode Fuzzy Hash: b8c5e7bda3ca1a6b118775c7cb6ca75ef5bec6c9b472b505483aecdfeaba926b
          • Instruction Fuzzy Hash: 21227172A047429FDB2CCF2DC85162ABBE5BBC8310F15892DF2EA87650D771E544CB42
          Function 01110770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-4253913091
          • Opcode ID: b2a42a4e925baaf3afe3565a492494e2a9f0152a5888afb97249a4f68c469c71
          • Instruction ID: 02aab9af601e5ef88c3d83ab22dc17ed7249476d1b89c988054ed1044d913805
          • Opcode Fuzzy Hash: b2a42a4e925baaf3afe3565a492494e2a9f0152a5888afb97249a4f68c469c71
          • Instruction Fuzzy Hash: 0FF1AA30A00606DFEB2DCF68C894B6AFBB6FF48344F148168E5569B385D731E991CB91
          Function 01101460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
          Download Yara Rule
          Strings
          • HEAP: , xrefs: 01101596
          • HEAP[%wZ]: , xrefs: 01101712
          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01101728
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
          • API String ID: 0-3178619729
          • Opcode ID: f967679ceac27be4017eb73a3aa5c6f772979e32431b91b7cb3ea1d1c5ff5325
          • Instruction ID: 0c0b4ab603e3d4e704178d07dbed64cc353ec79132fb0a693daa7307ab13b013
          • Opcode Fuzzy Hash: f967679ceac27be4017eb73a3aa5c6f772979e32431b91b7cb3ea1d1c5ff5325
          • Instruction Fuzzy Hash: 99E1E330A04646AFDB2ECF68C85177ABBF1BF45304F19845DE996CB286D7B8D841CB50
          Function 01126962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: $@
          • API String ID: 0-1077428164
          • Opcode ID: 7a82c829d0979ff9f14dd90c04523a12cced82af553861fa740a6ca4021ab94d
          • Instruction ID: c19774033a636c201ad0497e93d6cdae631fe7249bc1032b21d1e88c020a72c1
          • Opcode Fuzzy Hash: 7a82c829d0979ff9f14dd90c04523a12cced82af553861fa740a6ca4021ab94d
          • Instruction Fuzzy Hash: B5C290716083519FDB2DCF28C840BABBBE5AF98714F05892DE9C9C7281E735D815CB92
          Function 010FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: FilterFullPath$UseFilter$\??\
          • API String ID: 0-2779062949
          • Opcode ID: 9f7c34f27af5b20b78968093c22d2d9403229e01aa037bcba3d26e57ed8c2ed1
          • Instruction ID: a6815c8990f52e5e7abe8609a1e9c5c5b08a25bf098869b11f3fe662bc6e2b9e
          • Opcode Fuzzy Hash: 9f7c34f27af5b20b78968093c22d2d9403229e01aa037bcba3d26e57ed8c2ed1
          • Instruction Fuzzy Hash: 15A15A75901629DBDB75DF28CC88BEABBB8EF44714F1001E9EA18A7250D7359E84CF90
          Function 01120BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
          Download Yara Rule
          Strings
          • minkernel\ntdll\ldrinit.c, xrefs: 0116A121
          • LdrpCheckModule, xrefs: 0116A117
          • Failed to allocated memory for shimmed module list, xrefs: 0116A10F
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
          • API String ID: 0-161242083
          • Opcode ID: 2b21330b3f3b3db5c04cdb5238529bb84625dd272201dc6d901b85a5612f0695
          • Instruction ID: d0af74ea31169fc0389b3c491f52b6e089adac99a5798a1f44d45790dd3e8a4a
          • Opcode Fuzzy Hash: 2b21330b3f3b3db5c04cdb5238529bb84625dd272201dc6d901b85a5612f0695
          • Instruction Fuzzy Hash: D271F1B0A00205DFDB2DEF68C980AAEB7F4FF48304F15416DE912A7255E731ADA2CB51
          Function 01110A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-1334570610
          • Opcode ID: b5cf4223f25fc89f252b42ed3c5226945bf6228dad8c25d9437f404df1694971
          • Instruction ID: 7ec4390c2485292224b8c04fd0876dc88ad013c0ee89c29be23d27b64ed6f927
          • Opcode Fuzzy Hash: b5cf4223f25fc89f252b42ed3c5226945bf6228dad8c25d9437f404df1694971
          • Instruction Fuzzy Hash: 0F61A931A043019FDB2DCF28C440B6ABBA6FF48704F14856DE4998B286D771E891CB95
          Function 00D12930 Relevance: 3.9, Strings: 3, Instructions: 163COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: gfff$gfff$yxxx
          • API String ID: 0-1994713751
          • Opcode ID: b4e4bfff943e8d23a43cf4d1cbded85d06716b6dfead488e9869986026dcd52b
          • Instruction ID: 79fa2e796b7eb5454c9c3bd8da6e40a08193773d2d86e051d08de782f901e187
          • Opcode Fuzzy Hash: b4e4bfff943e8d23a43cf4d1cbded85d06716b6dfead488e9869986026dcd52b
          • Instruction Fuzzy Hash: 5E511831B0014E1BCB2C896DEC413F97A66EF94300F1C8279D999DF395E9369EA54BA0
          Function 00D1292C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: gfff$gfff$yxxx
          • API String ID: 0-1994713751
          • Opcode ID: 744a65770da792fb396e52651ff3e8b9fea32cf6d62d1665ccbc863cbc308b6f
          • Instruction ID: d7969cdfefda0f407288080f7d1169723103f2f052265ff68b2f848e513c3186
          • Opcode Fuzzy Hash: 744a65770da792fb396e52651ff3e8b9fea32cf6d62d1665ccbc863cbc308b6f
          • Instruction Fuzzy Hash: 9E511931B0014D1BCB2C895DE8413F97A66EF94300F1C8275D999DF396E9369EA54BA0
          Function 0113C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
          Download Yara Rule
          Strings
          • minkernel\ntdll\ldrinit.c, xrefs: 011782E8
          • Failed to reallocate the system dirs string !, xrefs: 011782D7
          • LdrpInitializePerUserWindowsDirectory, xrefs: 011782DE
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
          • API String ID: 0-1783798831
          • Opcode ID: 1ab8264c74e21f184c1f5946da8ade1b03c0e200086e8f04ec28549899b1499d
          • Instruction ID: 74cc8d37c76934fed1adeae42332d38eae7ad3b78a7dd01fd2348ee25768f837
          • Opcode Fuzzy Hash: 1ab8264c74e21f184c1f5946da8ade1b03c0e200086e8f04ec28549899b1499d
          • Instruction Fuzzy Hash: D8412072504701ABC72DEB28D845B5BBBF8AF84664F00493EF958E3294EB30D840CBD1
          Function 011BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
          Download Yara Rule
          Strings
          • @, xrefs: 011BC1F1
          • PreferredUILanguages, xrefs: 011BC212
          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 011BC1C5
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
          • API String ID: 0-2968386058
          • Opcode ID: 17b65584584d7c3e9c84ea27463022d03e38540fc1d1003ab99d1ca14e10a207
          • Instruction ID: f245a4544c09880a81b262fcef637492fff51f975b7064d0dcd0e8e56dcf73a6
          • Opcode Fuzzy Hash: 17b65584584d7c3e9c84ea27463022d03e38540fc1d1003ab99d1ca14e10a207
          • Instruction Fuzzy Hash: F5418671E00219EBEF19DFD8C881FEEBBB9AB14704F1440AAE609F7240D7749A45CB90
          Function 01194144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
          • API String ID: 0-1373925480
          • Opcode ID: f2f83971e868a4065bd90bc6c6945652cf2ead45a00ec8ea0a8822604c34e93f
          • Instruction ID: e4452f99105487729630bb480e5a18fee5af50e36c682408274b8b723d153d12
          • Opcode Fuzzy Hash: f2f83971e868a4065bd90bc6c6945652cf2ead45a00ec8ea0a8822604c34e93f
          • Instruction Fuzzy Hash: B5413671A002588BEF2EDBD8DA40BACBBB5FF55354F1400AAD921EBB81D7349902CB11
          Function 01184755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          Strings
          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01184888
          • LdrpCheckRedirection, xrefs: 0118488F
          • minkernel\ntdll\ldrredirect.c, xrefs: 01184899
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
          • API String ID: 0-3154609507
          • Opcode ID: 9d5943cb8a46caec800479073441ef2afb3f0baaacb39c0a2e7326584529bcb3
          • Instruction ID: 74012c8be688fefa2d488a450d4e54f52d06889da090507e874c0b468b35d214
          • Opcode Fuzzy Hash: 9d5943cb8a46caec800479073441ef2afb3f0baaacb39c0a2e7326584529bcb3
          • Instruction Fuzzy Hash: 7841C6326147529BCB29FF9CD440B267BE4BF4A650F06856DED9497B15EB30D800CF91
          Function 01110BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-2558761708
          • Opcode ID: 6c44718911bceb7695ed6152b7405dd5fb3c4c6aba5668d8a079fa91b6a2e9ab
          • Instruction ID: c5bbed57cb789d52d6abf77c0dfe4638689a27f595d17227756484e741a9319a
          • Opcode Fuzzy Hash: 6c44718911bceb7695ed6152b7405dd5fb3c4c6aba5668d8a079fa91b6a2e9ab
          • Instruction Fuzzy Hash: DB113330315102CFDB6DCA18C881B7AF3AAFF45619F1980ADF446CB255EB35D880C756
          Function 011820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
          Download Yara Rule
          Strings
          • minkernel\ntdll\ldrinit.c, xrefs: 01182104
          • Process initialization failed with status 0x%08lx, xrefs: 011820F3
          • LdrpInitializationFailure, xrefs: 011820FA
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
          • API String ID: 0-2986994758
          • Opcode ID: d4e2b9f856df6bb82324818b57445c662ca7dfbbb498cec1a7cb949dd57c928e
          • Instruction ID: 2739ce66f1667d459695e1074f3142b82ee3d9a4daf6a30fdc11e3b056037d76
          • Opcode Fuzzy Hash: d4e2b9f856df6bb82324818b57445c662ca7dfbbb498cec1a7cb949dd57c928e
          • Instruction Fuzzy Hash: E9F0C275641708AFE72CE64DCD46F9937BCEB40B58F60406DF6506B681D7B0A940CA91
          Function 011103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: #%u
          • API String ID: 48624451-232158463
          • Opcode ID: aed879fd29ab437cf356379b5998f724a70d335454a7759080dcb96ca79c367e
          • Instruction ID: 5d244d36874fcdb598fa842a89ac1ff24bffc655e70c8a29c297ce6a0e527f4f
          • Opcode Fuzzy Hash: aed879fd29ab437cf356379b5998f724a70d335454a7759080dcb96ca79c367e
          • Instruction Fuzzy Hash: 3B715971A0014A9FDB09DFA8C980BAEBBF8FF18744F154065E901E7655EB34ED41CBA1
          Function 011152A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: @$@
          • API String ID: 0-149943524
          • Opcode ID: 4351eda77e8c98928f55bd712603801c46cd2afc4c1bc3443d94ec63540e6d4b
          • Instruction ID: 474a2733b6ada91fde4298c4b308806dd751b9d9eb3a0d4e5a5db641d357382f
          • Opcode Fuzzy Hash: 4351eda77e8c98928f55bd712603801c46cd2afc4c1bc3443d94ec63540e6d4b
          • Instruction Fuzzy Hash: 693299705083118BD76CCF19C490B3EFBE6AFC6744F15492EEA958B298E734C880CB92
          Function 0110A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
          Download Yara Rule
          Strings
          • LdrResSearchResource Enter, xrefs: 0110AA13
          • LdrResSearchResource Exit, xrefs: 0110AA25
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
          • API String ID: 0-4066393604
          • Opcode ID: fb61ac6f24d62b900d914b4cc9e4dbe440575517978c5701588499d64ec438a3
          • Instruction ID: bbb10179765715cf27783567e57f7796f8bf7e15b2be462cfc3f49a5bd9e2f91
          • Opcode Fuzzy Hash: fb61ac6f24d62b900d914b4cc9e4dbe440575517978c5701588499d64ec438a3
          • Instruction Fuzzy Hash: F9E19D71E00719EBEF2ECE98D980BAEBBB9BF44314F11442AE911E72C1D7B59940CB51
          Function 01102FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: @4Qw@4Qw$PATH
          • API String ID: 0-1814558670
          • Opcode ID: dbed2a0a65bfde0f78127063bf7d4fbc7bd92f6ef06e40bf86adc5969a9a16a1
          • Instruction ID: 8eae774f1cf4e7f3842da9fd73856b481aedde5437f7f2fcd7cfa8e1ab259154
          • Opcode Fuzzy Hash: dbed2a0a65bfde0f78127063bf7d4fbc7bd92f6ef06e40bf86adc5969a9a16a1
          • Instruction Fuzzy Hash: 91F1D271D20219EFCB2EDF99D881ABEBBB1FF48710F454029E564AB384D7B09841CB51
          Function 011CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: `$`
          • API String ID: 0-197956300
          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
          • Instruction ID: 7e9548397967897a5607d0cc589485d6415361d03a08d50725758eaf4bfab4e9
          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
          • Instruction Fuzzy Hash: 81C1E73120434A9BE72ACF28D841B6BBBE5BFE4B18F084A2CF695C7290E775D505CB41
          Function 01100CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
          Download Yara Rule
          Strings
          • ResIdCount less than 2., xrefs: 0115EEC9
          • Failed to retrieve service checksum., xrefs: 0115EE56
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
          • API String ID: 0-863616075
          • Opcode ID: 14486f02d2bc69fbd06c9d09b4e7d7b9489d1399d803e87571024771010bf9fa
          • Instruction ID: a5316cd9fe9a39b28449689c5e41d031379e3c058b1b2628036308e32dd64f2b
          • Opcode Fuzzy Hash: 14486f02d2bc69fbd06c9d09b4e7d7b9489d1399d803e87571024771010bf9fa
          • Instruction Fuzzy Hash: 94E1E1B19083449FE369CF15C440BABBBE4FB88354F40892EF5E99B280DB719949CF56
          Function 0117E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: Legacy$UEFI
          • API String ID: 2994545307-634100481
          • Opcode ID: ad716482f21f4979ac4b69c13d754ac86367df264332d3e902e55cb86dfafe75
          • Instruction ID: 777f4066d3406b579ed7854b11b2c449777d7833b26e018c53ca3f01fd83a2eb
          • Opcode Fuzzy Hash: ad716482f21f4979ac4b69c13d754ac86367df264332d3e902e55cb86dfafe75
          • Instruction Fuzzy Hash: 51614B71E016199FDB29DFA9C840BAEBBF9FB48704F1440ADE649EB391D731A940CB50
          Function 011A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: @$MUI
          • API String ID: 0-17815947
          • Opcode ID: 57e1938c27bde4d75730be99b672d073a6f9847702bef8aef184eafa21d4d085
          • Instruction ID: 04d31c477224af701fc8cd08e53178afc0106e2e20eb7dd0fff0371f845dfd2c
          • Opcode Fuzzy Hash: 57e1938c27bde4d75730be99b672d073a6f9847702bef8aef184eafa21d4d085
          • Instruction Fuzzy Hash: A8515875E0021DAFDB15DFA9DC80AEEBFB8EB04758F14052AEA10B7680D7709A45CB60
          Function 011004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
          Download Yara Rule
          Strings
          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0110063D
          • kLsE, xrefs: 01100540
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
          • API String ID: 0-2547482624
          • Opcode ID: 0658d5aad5df068acf6e4e9e8c0fda63418f97c156f1a5fc40531ea478b4ebee
          • Instruction ID: 92bd8ea9fda9b67737d64f01ad8babae623409cef9a247588b67b75804334438
          • Opcode Fuzzy Hash: 0658d5aad5df068acf6e4e9e8c0fda63418f97c156f1a5fc40531ea478b4ebee
          • Instruction Fuzzy Hash: BA51B1719047428FD72AEF68C8407A7B7E5AF88344F10483EFAE987281E7B5D545CB92
          Function 0110A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
          Download Yara Rule
          Strings
          • RtlpResUltimateFallbackInfo Exit, xrefs: 0110A309
          • RtlpResUltimateFallbackInfo Enter, xrefs: 0110A2FB
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
          • API String ID: 0-2876891731
          • Opcode ID: 5ccc9953a8129bc7c5f19903c9eb654e7463607fdaa26067647f292840429f24
          • Instruction ID: 7e5972a6d5783d9e9f2316382dd6677c88898fd573fbc265d8dbaa048975a146
          • Opcode Fuzzy Hash: 5ccc9953a8129bc7c5f19903c9eb654e7463607fdaa26067647f292840429f24
          • Instruction Fuzzy Hash: 6241AC31E08745CBDB1A8F59D840BA9BBB4FF94314F148065E910DB291E7B5D900CB41
          Function 0113A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: Cleanup Group$Threadpool!
          • API String ID: 2994545307-4008356553
          • Opcode ID: 00c744059969314ae524181fa60c0a08f83d966688a6f4baa12fac5f2e068f3b
          • Instruction ID: 5a2b8ccc956ab1646bbba2be6a11931a8868290bdbd84a3c61fe5059e43a0661
          • Opcode Fuzzy Hash: 00c744059969314ae524181fa60c0a08f83d966688a6f4baa12fac5f2e068f3b
          • Instruction Fuzzy Hash: 1301D1B2240700AFD315DF14DD45F1677E9EB84B29F018939A698CB194E334D844DB46
          Function 0110C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: MUI
          • API String ID: 0-1339004836
          • Opcode ID: b500bcf85d5cbd7f093bb0f4634867aa2f442d5c499adb751c25462b6fedd243
          • Instruction ID: ca256832cf70e1d9782bcaf7dd9eee4ac156f3d74f2100dc168e4abc18f3ddac
          • Opcode Fuzzy Hash: b500bcf85d5cbd7f093bb0f4634867aa2f442d5c499adb751c25462b6fedd243
          • Instruction Fuzzy Hash: 4C827F75E002198FDF2ACFA9D8807EDBBB1BF44350F1581A9E919AB290D7B09D41CF91
          Function 01152F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: P`?wRb?w
          • API String ID: 0-3112501033
          • Opcode ID: 3e3026598eb1bf471433ef186c89f754f405cd3e022abd911941213abb4ec52c
          • Instruction ID: d85bf648b73b54b4e6d0067ecd0050d69da799336a92ac362ebd62ae43170b5c
          • Opcode Fuzzy Hash: 3e3026598eb1bf471433ef186c89f754f405cd3e022abd911941213abb4ec52c
          • Instruction Fuzzy Hash: 03420571D2425AEEEFADCBACD4446BDBBB0BF04394F14801AED71AB281D7708A81C751
          Function 011ACD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: @
          • API String ID: 0-2766056989
          • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
          • Instruction ID: b6326cc10441c7d10717f90e06b2791d45517a9b0d06121080c526cdcdd1d6b2
          • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
          • Instruction Fuzzy Hash: BE622870D012188FCB98DF9AC4D4AADB7B2FF8C311F608199E9816BB45C7356A16CF60
          Function 01122E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: ec8bc66e88867e012e9f0fe5639b4f489233e86187feabe51a4c385cc4c0f75e
          • Instruction ID: 6bf39d3aa41dd61ced3817d54d0312aa3f404d750371b8a94be3ea381cc91e1f
          • Opcode Fuzzy Hash: ec8bc66e88867e012e9f0fe5639b4f489233e86187feabe51a4c385cc4c0f75e
          • Instruction Fuzzy Hash: C8F1CF71618366CFD72ECF28C080A6ABBE1BF8C714F15486DE9A987241DB38D915CB52
          Function 00D26383 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: (
          • API String ID: 0-3887548279
          • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
          • Instruction ID: 33bfcab9913d709ec1795fe059d2a2bab35e2b851ee038ae9be4d396df28b470
          • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
          • Instruction Fuzzy Hash: E4022F76E006189FDB14CF99D4805DDFBF2FF88314F1AC1AAD849A7315D674AA418F90
          Function 00D26380 Relevance: 1.7, Strings: 1, Instructions: 422COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: (
          • API String ID: 0-3887548279
          • Opcode ID: 7c7c1b891ae17a26a2b398dc2a8b4df16fb3d9945cdd523c8502367fafe806e4
          • Instruction ID: b8efb42d99ef7b3b30fc5236fe8fce6d075f0f16ed4bc43ef8ee31fb5389b1e3
          • Opcode Fuzzy Hash: 7c7c1b891ae17a26a2b398dc2a8b4df16fb3d9945cdd523c8502367fafe806e4
          • Instruction Fuzzy Hash: 9D022EB6E006189FDB14CF9AD4805DDFBF2FF88314F1AC1AAD849A7315D674AA418F90
          Function 0118EFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: __aullrem
          • String ID:
          • API String ID: 3758378126-0
          • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
          • Instruction ID: 09cd16287a2a8a41901927fbbc97d6329246e083cdbf8b0ca21ac967a4d04ee2
          • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
          • Instruction Fuzzy Hash: C4415E71F0011A9FDF18EEA9C8805AEF7F2BF88314B19C679D615E7284D734A9528B90
          Function 01100100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 092c435925ef479f5d0795fc02d1e413e7c786f016edc0b424b834d797b88eac
          • Instruction ID: 413a9b1c3ee7ecade1cc34d791889549c490411f1fa9dff8570cae2161c81afa
          • Opcode Fuzzy Hash: 092c435925ef479f5d0795fc02d1e413e7c786f016edc0b424b834d797b88eac
          • Instruction Fuzzy Hash: 0FA15D31E08259ABDF6FCA24C841BFE6BA55B5D384F0540A9FE8A9B1C1C7F4CE408B51
          Function 011B4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 135478ceb4404cf53ba875edba6cb6a0f521ecfeeafdcd0c5d3610d51e900168
          • Instruction ID: 9637584c8cd0560839361a281cefc357d11dfa281b4b0e7450d6e840177e218f
          • Opcode Fuzzy Hash: 135478ceb4404cf53ba875edba6cb6a0f521ecfeeafdcd0c5d3610d51e900168
          • Instruction Fuzzy Hash: 58A118306047686ADF3DDA28CCC1BF92BA49F5A754F04C499EE879BA83D774C940CA54
          Function 01186420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 7831e801fb8fb876c745410e4699485f2868c9e5d1357b01109d9386b2c40cf4
          • Instruction ID: 68b9cbab4a3b0498632b9f1c1af1e4cfea9cd204cf2e7fd92f764a688139872f
          • Opcode Fuzzy Hash: 7831e801fb8fb876c745410e4699485f2868c9e5d1357b01109d9386b2c40cf4
          • Instruction Fuzzy Hash: FF916371940619AFEB29EF95CD85FAEBBB8EF18B54F104065F600AB194D774AD00CFA0
          Function 011AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 9844880305e20b2435b968f6e7b7239abafc4cf660e7a366f018eb427826a449
          • Instruction ID: 9ef0d5ccaa41f5694c59170100233ebb6666bbcc88ed896157cde0428c90671f
          • Opcode Fuzzy Hash: 9844880305e20b2435b968f6e7b7239abafc4cf660e7a366f018eb427826a449
          • Instruction Fuzzy Hash: A191BF35902609BFDB2AABA5DC44FEFBFB9EF85754F50002AF501A7250EB349901CB91
          Function 00D12260 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: sHM
          • API String ID: 0-1294282591
          • Opcode ID: 99211d45e58e42832c6b47f78a3df078bc52cb0df1ad70641a9b29cc5436603f
          • Instruction ID: 93bf4d3447201b46260ed67b8580c3fbc137c1284ac0d6d601dcfcbf5986427d
          • Opcode Fuzzy Hash: 99211d45e58e42832c6b47f78a3df078bc52cb0df1ad70641a9b29cc5436603f
          • Instruction Fuzzy Hash: DE61B772B001059BDB18CE5CEC906FD7392EBE4315F688139D959CF391E936EDA187A0
          Function 00D111A0 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: gfff
          • API String ID: 0-1553575800
          • Opcode ID: 6c78c9078b06e3ce8a3f1d7e34281e0170a6edda573031d04b7c4c147e29cdc4
          • Instruction ID: b52b503417216366e4c44e34d9ffd6e0952373fd4d6d5c5462024c10483e2ea8
          • Opcode Fuzzy Hash: 6c78c9078b06e3ce8a3f1d7e34281e0170a6edda573031d04b7c4c147e29cdc4
          • Instruction Fuzzy Hash: 6D81D375E1060A97CF088F9CD8901EDF771FFA5310F24926AE918EB251EB759A818B90
          Function 0113A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: GlobalTags
          • API String ID: 0-1106856819
          • Opcode ID: 617a395d82045228657dab4f15921c8c5c9c37631f9a6cd7c0e4110780231e90
          • Instruction ID: cf1d48868858b8c7a5c36cc572e478e4474f8acb0c40d55f0774584845fd96e4
          • Opcode Fuzzy Hash: 617a395d82045228657dab4f15921c8c5c9c37631f9a6cd7c0e4110780231e90
          • Instruction Fuzzy Hash: C6716CB5E00B1A8FEF2CCF99D5906ADBBB1BF48750F14812EE505A7345E7319941CB50
          Function 011A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: .mui
          • API String ID: 0-1199573805
          • Opcode ID: 48a6d21ac90960895e36e320dd2a6d5ba4d7c38f3980479a72715c8363d54708
          • Instruction ID: 6f1f4c5d6c62cb1bbfdcfbd11f4f18295d1d0cf056f663cbabd03fc77dc337e9
          • Opcode Fuzzy Hash: 48a6d21ac90960895e36e320dd2a6d5ba4d7c38f3980479a72715c8363d54708
          • Instruction Fuzzy Hash: BE51A676D0032ADBDF19DF99D840AAEBFB4BF08654F494129E912BB640D7B49C01CBE4
          Function 0111E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: EXT-
          • API String ID: 0-1948896318
          • Opcode ID: 67d7db61c4533e620b220a97e89a99e4e1f6ac9c641b06a4f519c4a96a8e32ad
          • Instruction ID: cf24862c44614d8383fb3d5f40fab1642682721c2d084cddd06d98542d6897e4
          • Opcode Fuzzy Hash: 67d7db61c4533e620b220a97e89a99e4e1f6ac9c641b06a4f519c4a96a8e32ad
          • Instruction Fuzzy Hash: 564171725097129BE71ADBB5C840B6BFBE8AF88618F44093DFA84D7184E774D904C793
          Function 0117C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: BinaryHash
          • API String ID: 0-2202222882
          • Opcode ID: 488fdd06b4e1fc3d879711585cec84ae2601cf64717268c6a0208da59a48be8b
          • Instruction ID: 53b650a9f5e61cefbc0f8e39263cbbf7df182f0567feabfdc2fe9931e3458330
          • Opcode Fuzzy Hash: 488fdd06b4e1fc3d879711585cec84ae2601cf64717268c6a0208da59a48be8b
          • Instruction Fuzzy Hash: CD4133B1D0052EABDB25DB50DC84FDEB77CAB55718F0045E5AB08AB240DB709E898FE4
          Function 01196B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: #
          • API String ID: 0-1885708031
          • Opcode ID: 2041c08bf6a0a8da179527c83fc3387805d02bf46dc0a89f0a0082d7a6621da1
          • Instruction ID: 3db62b92c6bb4aa9d5de5b92c72980a7bf9c5a2f17db7d93dd8ca9b739115871
          • Opcode Fuzzy Hash: 2041c08bf6a0a8da179527c83fc3387805d02bf46dc0a89f0a0082d7a6621da1
          • Instruction Fuzzy Hash: D7312C31A007599BDF2ADF69C850FEE7BA8DF05704F144028F961AB282D775E905CB60
          Function 0117CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: BinaryName
          • API String ID: 0-215506332
          • Opcode ID: d5ae4b5d65ae1b30bfda67a46ae44b99f26579f87824eaacf23a9747f0548223
          • Instruction ID: bf0a514c989641d9d90358d3f31299661c75cf353447c93d50895b2d5ed7c051
          • Opcode Fuzzy Hash: d5ae4b5d65ae1b30bfda67a46ae44b99f26579f87824eaacf23a9747f0548223
          • Instruction Fuzzy Hash: A531E13690051AAFEB1EDA59C855FBFFBB4EB807A0F124129B905A7350D7309E04DBE0
          Function 0118892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
          Download Yara Rule
          Strings
          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0118895E
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
          • API String ID: 0-702105204
          • Opcode ID: fa8236399cfdd90228550f682c70d1b41d4dde4f20f9524743ae59f7a65653cb
          • Instruction ID: b1e0b845226df3a35b4fb5a9929a8fa10cbd3d8e3e33e914ceffeea4d1fcb4a5
          • Opcode Fuzzy Hash: fa8236399cfdd90228550f682c70d1b41d4dde4f20f9524743ae59f7a65653cb
          • Instruction Fuzzy Hash: D6012B36A14206DFEB3D7B5ADC84B667F66EFC1298B44412CF74116552DF206C81CF92
          Function 0113E8F0 Relevance: 1.0, Instructions: 985COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 946e1eee485aee9cc1127d9fdfda9ea2a4b00df61d18e2ededf4d0ac7370649d
          • Instruction ID: 4abb2f9753e7f179b84b4fe433cd2ea8235ea07fd8472be1e4108ab4a5943443
          • Opcode Fuzzy Hash: 946e1eee485aee9cc1127d9fdfda9ea2a4b00df61d18e2ededf4d0ac7370649d
          • Instruction Fuzzy Hash: DA823472F102188BCB58CFADDC916DDB7F2EF88314B19812DE416EB349DA34AC568B45
          Function 0114516C Relevance: .8, Instructions: 785COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bf91c65761307a5d6c8f8ae658a86c19c106e421f4481277e30963afde9be139
          • Instruction ID: 1964de5716752baf40ef9a6594d5e6a2db6d5c2061e9533c33bd78fb54321881
          • Opcode Fuzzy Hash: bf91c65761307a5d6c8f8ae658a86c19c106e421f4481277e30963afde9be139
          • Instruction Fuzzy Hash: 6F62AD3690864AEFCF69CF08D4904AEBB73BF55B14B4AC25DC89A27605D331BA44CBD1
          Function 011A2000 Relevance: .8, Instructions: 757COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: efe895a9c8e8ede6d7748474a60be717b111a0e5f2437a0abe527ce1ee95d175
          • Instruction ID: ce071218bfdc30d9942139d2ce92d01927d0e52c8e80cf577dce58640e0ec19b
          • Opcode Fuzzy Hash: efe895a9c8e8ede6d7748474a60be717b111a0e5f2437a0abe527ce1ee95d175
          • Instruction Fuzzy Hash: A542D3396083419FE72DCF68C890A6BBFE5BF98704F88092DFA8697250D770D945CB52
          Function 0115739A Relevance: .7, Instructions: 705COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 82057f16250126a763ba6b1bfeb551f7c41f521d5abdce83e31a8b5adc757a17
          • Instruction ID: 827f8a779346cdd52ffeacfbdb4d7aab40188892e07c16b5def2126b8acee917
          • Opcode Fuzzy Hash: 82057f16250126a763ba6b1bfeb551f7c41f521d5abdce83e31a8b5adc757a17
          • Instruction Fuzzy Hash: 1542A171A00616CFDB5DCF59C4816BEBBB2FF88314B54856DD966AB380D734E842CBA0
          Function 0112B2C0 Relevance: .6, Instructions: 629COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5affe0b603b194e5f29f5401e63e3f35ed5a8c2717fa39f0555b6241019c4133
          • Instruction ID: 0f00ac13d341867857d378f09708e6fe1f4cd3d86f562194b2baf6a038880f4a
          • Opcode Fuzzy Hash: 5affe0b603b194e5f29f5401e63e3f35ed5a8c2717fa39f0555b6241019c4133
          • Instruction Fuzzy Hash: EB32D175E04269DFCF28DF98C890BAEBBB1FF54714F180129E805AB380E7359921CB95
          Function 01198158 Relevance: .6, Instructions: 617COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d1d879ea18fb3b7ef76e4bdfd31dbb400148aa3f27a5d0b4851e39e2db07d735
          • Instruction ID: 2c0a17399d7c8caef55c51e29583e02909f959957cff8885f73de8c106dbfad3
          • Opcode Fuzzy Hash: d1d879ea18fb3b7ef76e4bdfd31dbb400148aa3f27a5d0b4851e39e2db07d735
          • Instruction Fuzzy Hash: 7F427D75E102198FEF28CF69C881BADBBF5BF89304F158099E959EB241D7349981CF60
          Function 01112840 Relevance: .6, Instructions: 605COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4e0dd4f20ab21955c30b26591a6b8c1931d53099d45a38b7182b3186755e8a11
          • Instruction ID: a5cd469b47fb4a4be99e944845c4311973d35f90d73731ebf0147d472e122d45
          • Opcode Fuzzy Hash: 4e0dd4f20ab21955c30b26591a6b8c1931d53099d45a38b7182b3186755e8a11
          • Instruction Fuzzy Hash: 5A32DF70A007598FDB2DCF69C8447BEBBFABF84704F24412DD4869B284E736A861CB51
          Function 011AA118 Relevance: .6, Instructions: 591COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b7848ffb8c90d26bcb2ec5c3a4455ae98198f2e6473965a941a6c36c2e93452
          • Instruction ID: 29d74f5eeb8cd7b4a89ba37b5743ec4087751c07e8878f59c61bd17bba0bdd93
          • Opcode Fuzzy Hash: 9b7848ffb8c90d26bcb2ec5c3a4455ae98198f2e6473965a941a6c36c2e93452
          • Instruction Fuzzy Hash: 9B22C2786046618FEB2DCF2DE054372BFF1AF45304F89845AEA968F286D335E452CB61
          Function 011C16CC Relevance: .6, Instructions: 571COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 980ece26617e3d2a6221ae2b7c109dc6db37093d41dafb4e6e93bc09f4385ea2
          • Instruction ID: 87bb899f3d2f64ab9877051f8d1a4c8c31fbbab57062d9e403383edebfc28971
          • Opcode Fuzzy Hash: 980ece26617e3d2a6221ae2b7c109dc6db37093d41dafb4e6e93bc09f4385ea2
          • Instruction Fuzzy Hash: D722DF35A00216DFDB1DCF58C480ABEB7B2BF99B14B24856DD9519B346EB30E942CB90
          Function 0112FB80 Relevance: .6, Instructions: 559COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e474969aeb5cf0258a3651d38f27086c80bd002c11293e89fa664f7fd5852f43
          • Instruction ID: 7b597b2b403bfaa7693a2d8285f35657edc6b5e7cd08cd59ef2938472561a0af
          • Opcode Fuzzy Hash: e474969aeb5cf0258a3651d38f27086c80bd002c11293e89fa664f7fd5852f43
          • Instruction Fuzzy Hash: CC22C67590030ADFDB19DFA8C880BAEB7B5FF49304F244169E9159B385E734EA85CB90
          Function 01128DBF Relevance: .6, Instructions: 554COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eb4d51cd96a702888dfab7a15edacf3131af1abbcfccc4b9081c60893231f337
          • Instruction ID: d69fffed3522d042fd4548399e83ca6861c3cc789a01978f75b04915debbaa42
          • Opcode Fuzzy Hash: eb4d51cd96a702888dfab7a15edacf3131af1abbcfccc4b9081c60893231f337
          • Instruction Fuzzy Hash: 69225F70E0022A9BCF1DCF99D4809BEFBF6BF48304B15805AE985AB241E735DD61CB65
          Function 01106A50 Relevance: .5, Instructions: 548COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 997adbec5a28c35f3e197a5f34e602173e24d6a226e23508f81de0c5a9631235
          • Instruction ID: 61f98d060cdc35b1e32ef11f4a079ef2583f1dd72ef3758db8c51f67822b9e80
          • Opcode Fuzzy Hash: 997adbec5a28c35f3e197a5f34e602173e24d6a226e23508f81de0c5a9631235
          • Instruction Fuzzy Hash: 2332DF70A04205DFDB2ACF68C480BAEB7F5FF88310F248569E956AB391D771E861CB51
          Function 011C2446 Relevance: .5, Instructions: 485COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 848462d6225d446ec7d897ec46650a1b1f153396a8e1969448c802ae5210a0c1
          • Instruction ID: 24bc9704390d0078838314adca0c1a0db11429928f98b8b9e29781b5f2158462
          • Opcode Fuzzy Hash: 848462d6225d446ec7d897ec46650a1b1f153396a8e1969448c802ae5210a0c1
          • Instruction Fuzzy Hash: B002E3746046518BDB2CCF2DC4902B6BBF1AF65B00B19819EE9D6CB282E735D842DB61
          Function 01155630 Relevance: .5, Instructions: 458COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
          • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
          • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
          • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
          Function 011C41A2 Relevance: .5, Instructions: 452COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 84e28b248f1ffc96d298b09178ab1872cafdc2c4213e1cc90b5ee9cef2adf5bb
          • Instruction ID: 99eb13e3e7ceb2abe43e2a577316d24664951ca8c9584296e88f3303dbdc72c5
          • Opcode Fuzzy Hash: 84e28b248f1ffc96d298b09178ab1872cafdc2c4213e1cc90b5ee9cef2adf5bb
          • Instruction Fuzzy Hash: E002B071E08215CFCB1DCF98C4A06ADBBB2FFA9704F29816DD456ABB45D330A942CB50
          Function 011DB16B Relevance: .4, Instructions: 450COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d827d4e88be32b5033d46570ae806fc26bb7d95d2b273e4c85142b649514c590
          • Instruction ID: 9acdebe489301c6563425e9b42e6212ad4ac19920ebd3fdf2ea26046c0825b06
          • Opcode Fuzzy Hash: d827d4e88be32b5033d46570ae806fc26bb7d95d2b273e4c85142b649514c590
          • Instruction Fuzzy Hash: A5F1E273E042159BCB1CCE6DC9A067EBBF6AF9921071A416DD857DB381E734EA00CB54
          Function 00D1FC83 Relevance: .4, Instructions: 435COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ddd306e0e9c30e1f09d9d673b35127d502cc62013a8ed18779ce27edd5701ad3
          • Instruction ID: 5acf60564d974933d4c76c47e2ff904145753efb73fb39667833b813c5732e97
          • Opcode Fuzzy Hash: ddd306e0e9c30e1f09d9d673b35127d502cc62013a8ed18779ce27edd5701ad3
          • Instruction Fuzzy Hash: 1E026E73E547164FE720DE4ACDC4765B3A3EFC8311F5B81B8CA142B613CA39BA525A90
          Function 011DA9A6 Relevance: .4, Instructions: 425COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 26a18c9a1177dc0ffb35ae489c0e58b5293db5bc4a547d58336a8e7e8b21192b
          • Instruction ID: e1c54682c584dfa017667bf4b7615d0bcb5cdde74fbff10bed2b0aa9decaac4b
          • Opcode Fuzzy Hash: 26a18c9a1177dc0ffb35ae489c0e58b5293db5bc4a547d58336a8e7e8b21192b
          • Instruction Fuzzy Hash: 5FF1C073E005269BCB1CCEA8D5A05BDFFF5AF55210B1A426AD856EB380D734EE41CB90
          Function 01124A35 Relevance: .4, Instructions: 423COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
          • Instruction ID: d11324c25cb7dcc4a312d90c62711facd3aae156dddbdc1f7044a8fdd4e4ef72
          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
          • Instruction Fuzzy Hash: 9EF19F70E0022A9BDB1DCF99C590BAEBBF9BF48314F058129E905EB740E774D861CB64
          Function 011B2F30 Relevance: .4, Instructions: 412COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3e2d37dabed45b2313cbd4c64ef3297b6bdc66ef4ec3d61097d43299773843e3
          • Instruction ID: 79bb87200cda97bc583a79eac1a9135b6f75143b186a20b139e79aace5c44357
          • Opcode Fuzzy Hash: 3e2d37dabed45b2313cbd4c64ef3297b6bdc66ef4ec3d61097d43299773843e3
          • Instruction Fuzzy Hash: 7EE10531A142859FDB28CFACC4807FEBBF1BF45310F14841EE4A6AB281D735A999CB51
          Function 0119892B Relevance: .4, Instructions: 386COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a5764c5b3950422e46bc6cdf8425afac50ea7e37e0dc8268447e8d74fe615ea9
          • Instruction ID: 2645f4e2fe971514e833f0e5c50c981a51dd5ec3062c5dd0b309aa3e5893b202
          • Opcode Fuzzy Hash: a5764c5b3950422e46bc6cdf8425afac50ea7e37e0dc8268447e8d74fe615ea9
          • Instruction Fuzzy Hash: 3AD1F371A0060E9BDF0DCF69C841AFEB7F1AF89304F198169D966E7241E739E901CB60
          Function 011065D0 Relevance: .4, Instructions: 383COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 23734c89afd1d79b845e5bf066da52c5a7d002a449bd066373e7e7b8658f23cd
          • Instruction ID: 7773cd224d417e0ee8007aee72192db6228862d12aa659dbf4f5449f5207a905
          • Opcode Fuzzy Hash: 23734c89afd1d79b845e5bf066da52c5a7d002a449bd066373e7e7b8658f23cd
          • Instruction Fuzzy Hash: C8E1B271A08342CFC71ACF28C480A6ABBE1FF89314F15896DF59587391E771E915CB92
          Function 010F8397 Relevance: .4, Instructions: 380COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 264d1a5280f98bf75bae78f89090a3e142f17e60c2d670727b92c2568dd88bad
          • Instruction ID: 8814af6c621e5e90218d733f32e36864c2cf1be5ccd7fe6bea1183b8e36ebfe2
          • Opcode Fuzzy Hash: 264d1a5280f98bf75bae78f89090a3e142f17e60c2d670727b92c2568dd88bad
          • Instruction Fuzzy Hash: A3D1E571A04206DBDB18DF69C882BFE77E6BF54304F04852EEA55DB680EB30E955CB60
          Function 0112C6E0 Relevance: .4, Instructions: 367COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d03203df5f2472d826b611d88b84487e7461fa436e136570eba70508cac4da5d
          • Instruction ID: c9464ea44154427e1eac0a7e48815c7280d70fc755711028c08ca588dab1bc30
          • Opcode Fuzzy Hash: d03203df5f2472d826b611d88b84487e7461fa436e136570eba70508cac4da5d
          • Instruction Fuzzy Hash: 5DD18D35E042298BEF2CCF9CC5453BDBBB1FB44350F15812ADA02A7285E7B58961CBC6
          Function 011138E0 Relevance: .3, Instructions: 349COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 76ae3ed4beb8cf936bf584314e9110327500e9fd3d9f44c07f02c668c7670579
          • Instruction ID: 6db69b1a06bac42b1cb9e6cd1b7d46465f57696d1c05c2f9a82112783fa9d481
          • Opcode Fuzzy Hash: 76ae3ed4beb8cf936bf584314e9110327500e9fd3d9f44c07f02c668c7670579
          • Instruction Fuzzy Hash: 41E15B75A00205CFDB1CCF59C890AAABBF5FF48320F158169E955EB399D730E941CB94
          Function 0111CFE0 Relevance: .3, Instructions: 345COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 53e6ec3014924e1e48a3aabb0d6745f788c79de22e3b8fe2c8da42e9109e2b2d
          • Instruction ID: 3ba78f7036db9820b9c270bc26418ea9a0d7c4ce2e0bf048eb827643d12e0db2
          • Opcode Fuzzy Hash: 53e6ec3014924e1e48a3aabb0d6745f788c79de22e3b8fe2c8da42e9109e2b2d
          • Instruction Fuzzy Hash: F0D1D431A043298FEF3DDB98D888BAAF7B1BB45304F0540B9D909A7649DB34AD85CF51
          Function 011D95C3 Relevance: .3, Instructions: 326COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1ec44235532bf17a9f6389e5551394bcac54a68b6379e47a24fa8dba60a5185c
          • Instruction ID: 8fcb9e2bbcc9063ba7b0e7d9c110093c226226570b33eef6585e8c76f3ca6edd
          • Opcode Fuzzy Hash: 1ec44235532bf17a9f6389e5551394bcac54a68b6379e47a24fa8dba60a5185c
          • Instruction Fuzzy Hash: 3AB179B19101296FFB2D8B64DC55FFBB6ACEB04B54F044299BA19F61C0DB709EC48B60
          Function 01188243 Relevance: .3, Instructions: 322COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
          • Instruction ID: 9a81aa998957efa5f2f5d164652a098793f404f880eeab79b1e076e7becf83b3
          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
          • Instruction Fuzzy Hash: 36B18574A006099FDB28EF99C940EAFBBB6FF84304F94845DAA4297795DB34E905CF10
          Function 01110535 Relevance: .3, Instructions: 300COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
          • Instruction ID: 211a207c707e49a2681694065e0ba8db399019a3b81d317dbe6ed606a35d3221
          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
          • Instruction Fuzzy Hash: C3B12931A00646AFDB1DCB68C850BBEFBFAAF48304F1505A9E652D7285D731DD81CB91
          Function 011083C0 Relevance: .3, Instructions: 281COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f29ad45960eae98ac349d6cf616705e73c7f46264a993e4390560546047d6eda
          • Instruction ID: 8f164748568259bab5c2c254776745f4c1eac025072aae3bf75c6cf6c6601df8
          • Opcode Fuzzy Hash: f29ad45960eae98ac349d6cf616705e73c7f46264a993e4390560546047d6eda
          • Instruction Fuzzy Hash: A0C16870A08341DFD769CF19C484BABB7E9BF88304F44496DE98987291D7B5E908CF92
          Function 010FC427 Relevance: .3, Instructions: 280COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ab87aecfb6e08d92531bc682c29c7a048b9f454940728754a38ab662bdd58aa6
          • Instruction ID: 1d4ba2b7ba1d12e25fbabfebb745886b562e86387004f6eeb4115db259e0122b
          • Opcode Fuzzy Hash: ab87aecfb6e08d92531bc682c29c7a048b9f454940728754a38ab662bdd58aa6
          • Instruction Fuzzy Hash: 8FB17270A002698BEB68DF58C991BADB7F1EF44744F0485EDD64AE7641EB309DC5CB20
          Function 0112E5E7 Relevance: .3, Instructions: 278COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 97e396b801829338eabc56e97039d40dec1a20097253cfa78bdfcc28fa1892e7
          • Instruction ID: 6881a6a70fef207bb3304a5feb19e3d3718c35abfd2f2e795c88ea8a124cf4f6
          • Opcode Fuzzy Hash: 97e396b801829338eabc56e97039d40dec1a20097253cfa78bdfcc28fa1892e7
          • Instruction Fuzzy Hash: 15A13631E0162A9FEB3DDB58D854FAEBBB9FB00714F050125EA11AB280D7749D61CBD1
          Function 01140185 Relevance: .3, Instructions: 276COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 409a83bfacbee3eb4feb2e7e56e2b939db9919678fae46cd257de53f01be832a
          • Instruction ID: 65e0fb13dbc805a052228f76fadbdf411e7b96cb8952fd2c9114cde117767883
          • Opcode Fuzzy Hash: 409a83bfacbee3eb4feb2e7e56e2b939db9919678fae46cd257de53f01be832a
          • Instruction Fuzzy Hash: 10A1A170B0061A9FDB2DDF6AC990BAAB7B1FF48718F044129FB4597281DB34A855CB90
          Function 011D4500 Relevance: .3, Instructions: 275COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 372aebff1c0cf07eec0cc482f115d0a5346a0c44f47587732468ed82d2dbded9
          • Instruction ID: 1d75b03a36bd7d5125d24e0a16350852bd29dcac293a1591aad06906134e2a18
          • Opcode Fuzzy Hash: 372aebff1c0cf07eec0cc482f115d0a5346a0c44f47587732468ed82d2dbded9
          • Instruction Fuzzy Hash: 8FA1EC72A00612EFD72ADF58C980B6ABBE9FF48758F05052CF5899BA54D334EC41CB91
          Function 011D2B57 Relevance: .3, Instructions: 266COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
          • Instruction ID: 1eddfa9c897c564334f670f75c08af22e38fb3ec9281479e987c176206276b11
          • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
          • Instruction Fuzzy Hash: A2B12871E0061ADFDF29CFADC880AADBBB5FF48314F148169E925A7354D730A945CB90
          Function 011860E0 Relevance: .3, Instructions: 264COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d84bdd099a23bf2de6e451c46914132246f26f1b69f3f260eaccc7d3bfa4af77
          • Instruction ID: 4f75c706dc8d695ed831f7991ba684bd164267ec09e756da64f6b9f919a6abbb
          • Opcode Fuzzy Hash: d84bdd099a23bf2de6e451c46914132246f26f1b69f3f260eaccc7d3bfa4af77
          • Instruction Fuzzy Hash: F291C371D04216AFDB19DFA8D884BAEBFB6AF49710F158169EA14EB341D734D900CFA0
          Function 0111E3F0 Relevance: .3, Instructions: 261COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f61552c13da5b49293af52c1b6590e1ea74b2c44e0c218a8619b6bb79c37adc
          • Instruction ID: 7c5369a45cdebcd1d428986804a28a99807d3e0d262237a94f09fb8b0638f352
          • Opcode Fuzzy Hash: 7f61552c13da5b49293af52c1b6590e1ea74b2c44e0c218a8619b6bb79c37adc
          • Instruction Fuzzy Hash: F9912235A0121ACFEB2E9B98C440BBDFBA5EB84728F058079EE05DB248E735D841CB51
          Function 01134750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
          • Instruction ID: a8fc9325587919026444250f87bdd91d4718d9a2a71a06208ee4ca38f4d2e008
          • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
          • Instruction Fuzzy Hash: 1E818C21A142958BEB2E4EECC8C126DBF70FF93300F1946BAD5529BB45C364DC46D792
          Function 011CF7B0 Relevance: .2, Instructions: 242COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ea5facd85f33f1dc56d592eea380d266b2a6c77a0bd6b9d202a7b85ad67ebcf0
          • Instruction ID: 7405b50b4980430623c59ce52a0aca0fff42a9b388ff9cec66bcfbdae0e4b076
          • Opcode Fuzzy Hash: ea5facd85f33f1dc56d592eea380d266b2a6c77a0bd6b9d202a7b85ad67ebcf0
          • Instruction Fuzzy Hash: 9691F531A00217ABEB19CF28C8407ABBBE3EF64714F15857DE955DB281E734E906CB90
          Function 011CF43F Relevance: .2, Instructions: 241COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 06a498cd926bf0a0fbff7b9ca07c00af608a37e478563b48f3d27bfb2db162dc
          • Instruction ID: 97385d4f24095c2824efd51e5600cc93a3aab388ffffbbcca16dc75a4c9a8a77
          • Opcode Fuzzy Hash: 06a498cd926bf0a0fbff7b9ca07c00af608a37e478563b48f3d27bfb2db162dc
          • Instruction Fuzzy Hash: C991E172A0011A8BCB18CF79C8906BEBBF2EF98314F19827DD855DB295DB34D905CB50
          Function 011C81CC Relevance: .2, Instructions: 232COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 348bc58551f821eb174e14641251388a27f59c35caa5538fa810d8ab92a398ba
          • Instruction ID: 425ce1f9cc2db413b748e53263aec8d4f8d91970ac5466d52e496c9ac902d74d
          • Opcode Fuzzy Hash: 348bc58551f821eb174e14641251388a27f59c35caa5538fa810d8ab92a398ba
          • Instruction Fuzzy Hash: 2481B371E045159BCB1CCFADC8C45AEB7F2FF98624B19422ED921E7280E774E952CB90
          Function 01110E59 Relevance: .2, Instructions: 231COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8cbac1014217bbbd5f51913a587a4462dda01c512a94f8fbbaa790e601c218ab
          • Instruction ID: f60f1061b2e73c2a1a0eb0e501410b7c0f7ba2191143e86bff356516a3b5fd97
          • Opcode Fuzzy Hash: 8cbac1014217bbbd5f51913a587a4462dda01c512a94f8fbbaa790e601c218ab
          • Instruction Fuzzy Hash: 3581A431E001299FDB1DCE6DC8849AEFBB3FF89250B25C2A5E8549B349D731E941CB91
          Function 011BE4F6 Relevance: .2, Instructions: 224COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aed48ac415f34deab3c19d7bef75137aa4bba2585eb0d1d9acef6db2825aa311
          • Instruction ID: 0c11fad61bb23890354dc8a34411076236561df04f8517fc43cfaa34d6fb4af2
          • Opcode Fuzzy Hash: aed48ac415f34deab3c19d7bef75137aa4bba2585eb0d1d9acef6db2825aa311
          • Instruction Fuzzy Hash: 0B818D76A012159BCB2CCFA8C5D1AEDFBF1EF89310F19816AD816EB385D7349941CB90
          Function 011CAB40 Relevance: .2, Instructions: 222COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
          • Instruction ID: 71ef2a620b2b1500d4df7104cf852ad6e0c41a6c57e7f7d0658f36aabb8aacd4
          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
          • Instruction Fuzzy Hash: DB819031A002099FDF1ECF98D890ABEBBB6BF94714F19856DD9169B344EB34E901CB44
          Function 0113E284 Relevance: .2, Instructions: 212COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3f902ff745dfdd7dc117b70930520b264288d022edcbb697fb6969f2cebff559
          • Instruction ID: 592a234e654cc0e08836fbfe4bb2f25ff3dbe980c98703d731e476e6069bcd80
          • Opcode Fuzzy Hash: 3f902ff745dfdd7dc117b70930520b264288d022edcbb697fb6969f2cebff559
          • Instruction Fuzzy Hash: AD816071A05709AFDB2ACFA9C880BEEBBF9FF88354F104429E555A7254D730AC45CB60
          Function 0112B950 Relevance: .2, Instructions: 209COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8d8e10519d2bcf2680817ce1e5ab2f8e477cb0154a7b5cb0d108efee0f3a80b8
          • Instruction ID: 95346aebf5da29f6231c6f813e79edae241b06c4ee953c1aea04774a6eb81cd2
          • Opcode Fuzzy Hash: 8d8e10519d2bcf2680817ce1e5ab2f8e477cb0154a7b5cb0d108efee0f3a80b8
          • Instruction Fuzzy Hash: 957125343082208EEB2CCF2EC88077677E2AB84705F55865DE996CB1C5D736EC22CB65
          Function 0111C640 Relevance: .2, Instructions: 206COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 47d6270a8b9ec87e2f200308fe25c7898a1f99ecb65f317e703c719ff014aafd
          • Instruction ID: 6bd578eb8152a35d6837f2f241fc134be253ef32756ac230b80e4ea7395bee61
          • Opcode Fuzzy Hash: 47d6270a8b9ec87e2f200308fe25c7898a1f99ecb65f317e703c719ff014aafd
          • Instruction Fuzzy Hash: 4871DAB58046699FCB2D8F58D8907BEFBB4FF68710F15412AE952AB354E3719810CBA0
          Function 00D12251 Relevance: .2, Instructions: 203COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7919d6843eafe1096a16f3b239d0d87418c4d3046350957c78f39020300656bc
          • Instruction ID: 1aaaeb88ada1e55d377604905434bbe6c859537ddc788c8c3895cd2dfeb99f65
          • Opcode Fuzzy Hash: 7919d6843eafe1096a16f3b239d0d87418c4d3046350957c78f39020300656bc
          • Instruction Fuzzy Hash: 0F51C471B00105ABDB14CE5CECD02FD73A2EBA5315F684139D959CF381D936DEA287A4
          Function 011B47A0 Relevance: .2, Instructions: 202COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 01cbd3b6650bff6665442f8a10db62bafe0a28ca072e15927b4ae3ed08bcca02
          • Instruction ID: 22fe3c86a9c02827aa70d7f5443a46787a0c74a6a08390e6dfd53ae0e8fd037b
          • Opcode Fuzzy Hash: 01cbd3b6650bff6665442f8a10db62bafe0a28ca072e15927b4ae3ed08bcca02
          • Instruction Fuzzy Hash: A2719370900205EFDB2CDF69D680ADEBBF4FF84304B14C16EE652A7699D7319980CB54
          Function 0111260B Relevance: .2, Instructions: 201COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5f6c2b6e34bcce6d5c18ac1230d84a3cc7ad5d15df4d7f3a5fa1d854c7f55e9d
          • Instruction ID: bf10dd2c29c18acd83efbe71a84323e9a1d72aeade9f0b6e5c356a01c80d56e6
          • Opcode Fuzzy Hash: 5f6c2b6e34bcce6d5c18ac1230d84a3cc7ad5d15df4d7f3a5fa1d854c7f55e9d
          • Instruction Fuzzy Hash: E971B1356046428FD31ADF28C480B6AF7E5FF84314F1585B9E8998B39ADB34D846CB91
          Function 011C70E9 Relevance: .2, Instructions: 201COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 09d41c538d93786642a9a7d3fa077b0e209c9216a9aaf938b874ad76507bdfe5
          • Instruction ID: e7f35b9fc0297e194748e674f47b338ef50c1698aa54167fd1cea982d69c27ef
          • Opcode Fuzzy Hash: 09d41c538d93786642a9a7d3fa077b0e209c9216a9aaf938b874ad76507bdfe5
          • Instruction Fuzzy Hash: 2F61C571E002179BDB1DAEA9C8859BFB77BAFB4A04F10443DE911A7280DBB0D941CF91
          Function 011BF0CC Relevance: .2, Instructions: 199COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4b5ce2c4b1e581c76a9df5ed025ec5808fe6ebe670767842dacc73a180204166
          • Instruction ID: 5ecf6aaca7b85de0e22d796bb8543b7b56242187a27091ca333095c4629d0f31
          • Opcode Fuzzy Hash: 4b5ce2c4b1e581c76a9df5ed025ec5808fe6ebe670767842dacc73a180204166
          • Instruction Fuzzy Hash: 4C718D79A01623DBDB2CCF59C8C01BAB7F1FF45704B6548AED99297240E370E992CB90
          Function 0118035C Relevance: .2, Instructions: 198COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
          • Instruction ID: ea1113e6e235ee744b1fd4cc8daa7c77ec3f92dc45bb4915a3f92f7156307f8b
          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
          • Instruction Fuzzy Hash: FC718E71A00619EFCB14EFA9C984EDEBBB9FF48714F108569E505A7250DB30EA45CFA0
          Function 011962A0 Relevance: .2, Instructions: 198COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f61096ed63437951dc51e24402476e3f185a55553b51a7a18697c7b6cba4a4fb
          • Instruction ID: eb7f5542659601eb5e27acc99237c789c1eb02b40f717f8bc36c93e90774178b
          • Opcode Fuzzy Hash: f61096ed63437951dc51e24402476e3f185a55553b51a7a18697c7b6cba4a4fb
          • Instruction Fuzzy Hash: F071F432200B01EFEB3ADF58C854F5ABBE6FF40764F154428E669972A0D775E944CB60
          Function 011D8324 Relevance: .2, Instructions: 192COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4b79c782fdd58972a3e85fc2fd55dbcad8cd6d2fa9d3733b603c820d923d7798
          • Instruction ID: f48944c42a0f54daa0cea12c3515a6b0fdd642e93b6b2c18b2313240d61741ce
          • Opcode Fuzzy Hash: 4b79c782fdd58972a3e85fc2fd55dbcad8cd6d2fa9d3733b603c820d923d7798
          • Instruction Fuzzy Hash: 33711B71E00219BFDB19DF94C841FEEBBB9FB04754F104169E614A6290E774AA45CB90
          Function 011C132D Relevance: .2, Instructions: 188COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5618e4e5e8ae75c102abae8aeb28aa817616c0b10cfc82a4ff0afad57d9333dd
          • Instruction ID: 06a6ac13de6488af3b8643d1b0c6060736adbf609c334765697ebea53a61e979
          • Opcode Fuzzy Hash: 5618e4e5e8ae75c102abae8aeb28aa817616c0b10cfc82a4ff0afad57d9333dd
          • Instruction Fuzzy Hash: 4B815A75A00206DFCB09CFA8C490AAEBBF1FF98310F1581ADD859AB345D734EA41CB90
          Function 011BA250 Relevance: .2, Instructions: 184COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9a2f49f711dd489adda04e323e56ad614743483a71251099ebcd69e7303cab37
          • Instruction ID: 715e33dbde00a742be9f26d8b55c2ee570113161b77d58cefe4c0c63eee324e3
          • Opcode Fuzzy Hash: 9a2f49f711dd489adda04e323e56ad614743483a71251099ebcd69e7303cab37
          • Instruction Fuzzy Hash: C751CE72504712AFD329DA68D884F9BBBE8EFC4B14F054929FA80DB150D734ED05C7A2
          Function 011CCE93 Relevance: .2, Instructions: 172COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
          • Instruction ID: 198f33eea0419012dac449140a5b6bc55a35013f3e09acb8ac7a8bd1ca89ff9b
          • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
          • Instruction Fuzzy Hash: 9D5113326046038BDB1DDF2D885076BBBD6AFE1A50F19846DE999C7246DB30DC05CBE2
          Function 00D1FA63 Relevance: .2, Instructions: 165COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
          • Instruction ID: 4ef499ab20d6bdd0f5a4c23656038dddce5c15ef63880b36c6bb7331f5de7adb
          • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
          • Instruction Fuzzy Hash: 885181B3E14A214BD3188F09CC40631B792EFC8312B5F81BADD199B357CE74E9529A90
          Function 011A8350 Relevance: .2, Instructions: 161COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 70b41575769b86b3aa952505a8647828fe94f261745bf88a5a7aff46fe0f3f43
          • Instruction ID: 6e06e0e4b1b73116dc132742e8bb6d7a07b74b5bd3908f23383a3ada95d687d0
          • Opcode Fuzzy Hash: 70b41575769b86b3aa952505a8647828fe94f261745bf88a5a7aff46fe0f3f43
          • Instruction Fuzzy Hash: 0551BB749007059FD729CFAAC880BAAFFF8BF94714F50461EE292976A0C7B0A545CB90
          Function 0113E443 Relevance: .2, Instructions: 158COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 260eb5f1d2afbc8e1ca67e9bf73e6d6ea98da10f0154f19a87dc12895cfea5c1
          • Instruction ID: f7214d4b8e19376c2cc3a94ea4eef18c38ee0dc44ad4f142dbfbc7f226a78711
          • Opcode Fuzzy Hash: 260eb5f1d2afbc8e1ca67e9bf73e6d6ea98da10f0154f19a87dc12895cfea5c1
          • Instruction Fuzzy Hash: 5E51BB31200A05DFCB2AEF69C980FAAB3F9FF58768F41042AE55187264E730E945CB50
          Function 011A4180 Relevance: .2, Instructions: 156COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 74a36902e84994d6b068a6ce37b4dcb655e55bd78f9b28fae8d04852ecc129f8
          • Instruction ID: 87e2c2abffccd21a9c94ffe10d32be789041160b8db12e5f74da0c2f27ed1be1
          • Opcode Fuzzy Hash: 74a36902e84994d6b068a6ce37b4dcb655e55bd78f9b28fae8d04852ecc129f8
          • Instruction Fuzzy Hash: 8F51BC796083128FD348DF29C880A6BBBE5FFC8208F88492EF589C7650E770D905CB52
          Function 011245B1 Relevance: .2, Instructions: 156COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
          • Instruction ID: 02dbea90c4ee5d26d2ab9fca796d157720f30843953dfa760b22ddf3f5af61e3
          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
          • Instruction Fuzzy Hash: 0051CE71E0062AABDF19CF98C440BEEBBB9EF45354F04406AEA11EB240D774DD54CBA4
          Function 0117D800 Relevance: .2, Instructions: 155COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1a7609efc2cd6b46d153a2662ab021a7b59dbda5254503fbd22333a422b0b838
          • Instruction ID: b3cc939f6b76201b090771ffec85a6e458445a2641f83685db546cc7005e2b92
          • Opcode Fuzzy Hash: 1a7609efc2cd6b46d153a2662ab021a7b59dbda5254503fbd22333a422b0b838
          • Instruction Fuzzy Hash: 9851EF70A0021AEBDF18DFACD480ABEBBB5FF85704B454169E985DB780EB34D950CB91
          Function 0118E9E0 Relevance: .2, Instructions: 154COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
          • Instruction ID: f1edbfe70f1f7ed8b4401ba7f2d8702dc29499585724252b05a02f7535ef6b7e
          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
          • Instruction Fuzzy Hash: E751C731D0121AEFEF29BF94C890BAEBB75AF01728F158665E91267190D770DE40CFA1
          Function 011C7571 Relevance: .2, Instructions: 153COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1fb200924eb16dab4fa8cfc24106cf212f4dd8447d900aa9fab6592188b2b331
          • Instruction ID: 096de9831692230624ba4a2bc720701428b254aa4f78d43f66cb19b751e37067
          • Opcode Fuzzy Hash: 1fb200924eb16dab4fa8cfc24106cf212f4dd8447d900aa9fab6592188b2b331
          • Instruction Fuzzy Hash: 48510531A0012A9BDB1D9B68D844A7EFBB5FF68B54F04413DE911D7280EBB0AE51CF80
          Function 011C8B28 Relevance: .2, Instructions: 152COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f7731daa7053c58dc9e14ed2d0996d83989b7c035a3f13d0b3c988e2bc3b3c61
          • Instruction ID: e1e31a58ad587872d8da5210c1d7bdf23763ccd85b9ec0d11d1584401d6af527
          • Opcode Fuzzy Hash: f7731daa7053c58dc9e14ed2d0996d83989b7c035a3f13d0b3c988e2bc3b3c61
          • Instruction Fuzzy Hash: 6141C4707016119BD72DDB2DC8D5BBFBB9AEFA0A20F04822DE955872C1DB34D801C695
          Function 0118CBF0 Relevance: .1, Instructions: 148COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 353dd9475d9b09a756632ebf65629bdc82adb578a3b327ac7806c91042dc884d
          • Instruction ID: 359ed006cc34afd5d8420db3b20067323dca2e3b11e54d2f76a2a7a295bac191
          • Opcode Fuzzy Hash: 353dd9475d9b09a756632ebf65629bdc82adb578a3b327ac7806c91042dc884d
          • Instruction Fuzzy Hash: 9D519075900216DFCB28EFA9C980ADEBBBAFF48358B11852AD515A7704D730AD41CFE0
          Function 0113A430 Relevance: .1, Instructions: 139COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1fe42b5b75a8c92d085cdf860b817fa14285f01367d18a0728bfe66b8e71d417
          • Instruction ID: 500a7a4e8bd91f5df36d01de6b80cf2503056984e959d0d5bc40a8f383e43cb1
          • Opcode Fuzzy Hash: 1fe42b5b75a8c92d085cdf860b817fa14285f01367d18a0728bfe66b8e71d417
          • Instruction Fuzzy Hash: A141E475640205ABDB2DFF6DA881F6A7775AB9470CF01003DFE52EB24AE7719840CB91
          Function 011CA9D3 Relevance: .1, Instructions: 139COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
          • Instruction ID: 8e002a0edf30e03447d087e1636ea48494708e313884dd854daad6ad3c3dd0e8
          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
          • Instruction Fuzzy Hash: F541F83160171A9FC72ECF5CD980A6AF7A9FFA0614B05462EE91287244FB30FC14C790
          Function 011301F8 Relevance: .1, Instructions: 138COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a270da78f7671ca40d22c160885a67831db624735520a6f84eb5bd60ca843c94
          • Instruction ID: 7adc519bd550502b2ce69cd080484e7d2c039b4d1a8815f96a9bf6fe711e32d2
          • Opcode Fuzzy Hash: a270da78f7671ca40d22c160885a67831db624735520a6f84eb5bd60ca843c94
          • Instruction Fuzzy Hash: 3541CA36A00219DBDB18DF98C440AEEBBB4BF8C714F15816AF81AE7344E7359C41CBA5
          Function 0112EBFC Relevance: .1, Instructions: 138COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0e031572c8b4047dad1887f22ca384dd7c31d7e09540c9bc2b28f21229f046aa
          • Instruction ID: b785892a91b38fcd4dc5d25a61aa2bd903352489c1cb37a0ded2889b0f62b073
          • Opcode Fuzzy Hash: 0e031572c8b4047dad1887f22ca384dd7c31d7e09540c9bc2b28f21229f046aa
          • Instruction Fuzzy Hash: 6E41B1712053029FD72CDF68C880A5BB7EAFF98228F11483EE556C7615DB31E865CB51
          Function 01142750 Relevance: .1, Instructions: 137COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
          • Instruction ID: 70a03c14a1337ea8d92bbe37ec1d9a8ad9109f6a40654c3f69077fd075752ec3
          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
          • Instruction Fuzzy Hash: F4517C75E00215DFCB19CF58C480AAEF7B2FF84710F2881A9D916A7351D730AE82CB90
          Function 01106154 Relevance: .1, Instructions: 133COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: be677f2d92ec14ece1c775211e53261145d0f7b8aeb56a869734b1583f7b713d
          • Instruction ID: a39bf81026b61233070fc343a764a12096bd82cb65cd0106ea3acbd09f028353
          • Opcode Fuzzy Hash: be677f2d92ec14ece1c775211e53261145d0f7b8aeb56a869734b1583f7b713d
          • Instruction Fuzzy Hash: 8251D770D00217DBDB2E8B68CC00BE8BBB5EF15318F1482A9E529A76D5D7755991CF40
          Function 01100BCD Relevance: .1, Instructions: 130COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c0b9a0b6109c9ec6598e85ac53f7eedb946a7855e3fefd39b01f5544bbfd4b69
          • Instruction ID: 987f720168ef1bc2f05cfd4eaffc883c7a1951850165080302f86ddfaa8239ec
          • Opcode Fuzzy Hash: c0b9a0b6109c9ec6598e85ac53f7eedb946a7855e3fefd39b01f5544bbfd4b69
          • Instruction Fuzzy Hash: 4E419331E01228DFDB6ADF68C940BEEB7B4EF49750F0100A5E908AB281D7749E80CF91
          Function 011C866E Relevance: .1, Instructions: 129COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
          • Instruction ID: 5cccb5719598c8480ef1dd91e77d9c8929dae0bee553428a32c253557e7fd084
          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
          • Instruction Fuzzy Hash: 0841A475B00215ABDB19DF99CCC5ABFBBBAAFA8A14F14406DE904A7341D770DE01C7A0
          Function 011CF0E0 Relevance: .1, Instructions: 129COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6a431f6c7b84846911ac668aa882dde196593172537d5c534609a0c81a4517c4
          • Instruction ID: 1f4ef518f51ceb46eb826bc006833297efd1ec392f82f017080268041360b2b8
          • Opcode Fuzzy Hash: 6a431f6c7b84846911ac668aa882dde196593172537d5c534609a0c81a4517c4
          • Instruction Fuzzy Hash: 154194712083428BD708CF29D86597ABBE2FFD5615F05456DF8D58B392CB30D81ACB51
          Function 01100887 Relevance: .1, Instructions: 128COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d8651ba3dd8b264849c4076519cff74b9e9bca72e03dee511dfe488cd330f45e
          • Instruction ID: 0374210e919e503dcb313535b134d69bdd3f9be6d194d783570a7be9e853ffd1
          • Opcode Fuzzy Hash: d8651ba3dd8b264849c4076519cff74b9e9bca72e03dee511dfe488cd330f45e
          • Instruction Fuzzy Hash: 6941B070A007029FE72ECF28C480A26B7F5FF49354B104A7EE55B86A90E770E945CB91
          Function 011AD5B0 Relevance: .1, Instructions: 128COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e00165a9463b8667c4ea28a74c3d9b7fae11b6fe1814dbb0c8b29063bd08471f
          • Instruction ID: 4a0e7022731e1abaabc463e33f2bcdaa3597b29b1075f25241926588d0691c92
          • Opcode Fuzzy Hash: e00165a9463b8667c4ea28a74c3d9b7fae11b6fe1814dbb0c8b29063bd08471f
          • Instruction Fuzzy Hash: 23413238A086959FCF19CF68D4816BAFFF1FF48304F458489E1C98B646C734A446DB61
          Function 0112A470 Relevance: .1, Instructions: 127COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a555854442f8bbc1faa4f82bea41796c7d5ecb29d5a2e001e9d67d6f991325e2
          • Instruction ID: 964f002987920a45fa67aa9a9e1828dc710adc92cfb6b64322e76033d63b20b8
          • Opcode Fuzzy Hash: a555854442f8bbc1faa4f82bea41796c7d5ecb29d5a2e001e9d67d6f991325e2
          • Instruction Fuzzy Hash: CD41F131941224CFDB2DDF6CE8547AE7BB0FF18314F050169D421A7A95DB35D9A0CBA1
          Function 01108BF0 Relevance: .1, Instructions: 124COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9d3281f58d02fe6d1ffce932ba1937b0c7d5bfbcbbc35b9aba3ceaf6a2a9edec
          • Instruction ID: 60ad3ec9887ce52531b0ee47b8a9a5946851ba37c08c66a76201a1559b872767
          • Opcode Fuzzy Hash: 9d3281f58d02fe6d1ffce932ba1937b0c7d5bfbcbbc35b9aba3ceaf6a2a9edec
          • Instruction Fuzzy Hash: 4A411432D04202CBD72E9F4CC940AAFBBB5FB94704F15812DD9155B685C7B5D882CB91
          Function 010F8918 Relevance: .1, Instructions: 123COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 55069208154b274848dc8f2101738f256ae9afd5f94b55dc5046c3ecd07764ac
          • Instruction ID: 5a5ad10508aeafd0fed6f27fd2b285c312cc0503d8ce1cb95b4a9b2e6048e1fb
          • Opcode Fuzzy Hash: 55069208154b274848dc8f2101738f256ae9afd5f94b55dc5046c3ecd07764ac
          • Instruction Fuzzy Hash: FD419A3150C7069ED316DF28C881AABB6E9EF84B54F04092FFA90D7250E730CE048BA3
          Function 010FA020 Relevance: .1, Instructions: 122COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
          • Instruction ID: 0c486bdcc48f7f62a6730867d67851601106a9cc59a287028c8730b4c40dddf8
          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
          • Instruction Fuzzy Hash: 5F415B31B08211EBDB59DE5884417BEBB72EB50764F15806FFE988B640D7368D80CB92
          Function 011009AD Relevance: .1, Instructions: 122COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c0af30193422e9be4dfc6b856db31b034e227c483257e4b2cbb074df145fdf13
          • Instruction ID: 5d686c1755b64da1ac133113274882ff56c6a79e19cc3fab4edd9502f8627064
          • Opcode Fuzzy Hash: c0af30193422e9be4dfc6b856db31b034e227c483257e4b2cbb074df145fdf13
          • Instruction Fuzzy Hash: 7541A171A00701DFD72ADF18C840B26BBF5FF58354F21856AE459CB291E7B1E981CB91
          Function 01130710 Relevance: .1, Instructions: 121COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
          • Instruction ID: 57f63d0519a1ea98d8fd795317cd865d3594bd10b46090eecb75e298a76cdb1b
          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
          • Instruction Fuzzy Hash: 60415F71A00B05EFDB29CF98C990AAABBF4FF58704B11496DE596E7254D330EA44CF90
          Function 0110262C Relevance: .1, Instructions: 119COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 02d451eff69526eb1eaf6d4574c50f0900af19ee2a6ade4b51731a5e2d836662
          • Instruction ID: 1ced5374bbd070e17630b4a485022f8e72d1fe3238670a855865d5fa4b7a81a1
          • Opcode Fuzzy Hash: 02d451eff69526eb1eaf6d4574c50f0900af19ee2a6ade4b51731a5e2d836662
          • Instruction Fuzzy Hash: 3F41AEB0901705DFCB2EEF28C904B69B7B2FF54314F2581ADC9169B2E1DB70A981CB51
          Function 0113C8F9 Relevance: .1, Instructions: 116COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 32057c60002cec4beb3a4d0ebc7f57eef5e8709b709e5d943dd1581e384d8644
          • Instruction ID: 5b711465dedcaadce59de9892e8504f2abff938609c510ea3f8927b4ff352f0e
          • Opcode Fuzzy Hash: 32057c60002cec4beb3a4d0ebc7f57eef5e8709b709e5d943dd1581e384d8644
          • Instruction Fuzzy Hash: 64318BB2A00355DFDB59CF58C440799BBF0FB49728F2185AED119EB251E3769902CF90
          Function 011807C3 Relevance: .1, Instructions: 114COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c95c0fc71ac0cfec71e1a9e4e4824d0728da203058f4acb29f7d67ef5a569785
          • Instruction ID: 04e07e19b93e53fe34819320ba6ad5563aab2833de336f69253e78cff045ef99
          • Opcode Fuzzy Hash: c95c0fc71ac0cfec71e1a9e4e4824d0728da203058f4acb29f7d67ef5a569785
          • Instruction Fuzzy Hash: B64192719183059FD324EF29C845B9BBBE8FF88654F008A2EF5A8D7251D7709944CF92
          Function 011CEEDB Relevance: .1, Instructions: 113COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cfe662868759fce60d3ed14ecd8b8baeab9cd066aa33d91d27b431829e0a2dab
          • Instruction ID: 14e1c2efc80ae8fd46a82a828c609f01d2a08528d100442b717577797afc9001
          • Opcode Fuzzy Hash: cfe662868759fce60d3ed14ecd8b8baeab9cd066aa33d91d27b431829e0a2dab
          • Instruction Fuzzy Hash: 2941B333A0402B9BCB2CCF68C49157ABBF1FF48704B5642BDD915AB285DB34AD45CB90
          Function 010F80A0 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dc3c31a121378736610ba2a5af4cdbcd7505867dd2baf8da6c8ef7eb1f6e5835
          • Instruction ID: b55d9a63f2f20eab8bcde055f17c7938642fd2034aa92ddba8cc5849a6a17c24
          • Opcode Fuzzy Hash: dc3c31a121378736610ba2a5af4cdbcd7505867dd2baf8da6c8ef7eb1f6e5835
          • Instruction Fuzzy Hash: 4141F071E05616EFDB05DF18C8426ECB7B9BB44764F20C32EDA91A7A80DB34EC418B90
          Function 011805A7 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: af85284cd850cd3cd9b3313ce398a0dc4699f6fdb5b69bdab09f57890717b595
          • Instruction ID: a721aff7ad8003ce390b8b09b6800b58a86fdf4a6d08c41725258596adfb976c
          • Opcode Fuzzy Hash: af85284cd850cd3cd9b3313ce398a0dc4699f6fdb5b69bdab09f57890717b595
          • Instruction Fuzzy Hash: 6341B4725046459FD328EF68C840A7AB7E5FFC8704F24462DF99497680E730D909CBA6
          Function 01104859 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6f3a81fc19ed2aa33fdb485d237150e2b32a7b2e4bfb443c620a3408414dbb08
          • Instruction ID: 4d900118cd15febef85835a49e49745f70ed4d51020a98f306cb62c8e8a32c47
          • Opcode Fuzzy Hash: 6f3a81fc19ed2aa33fdb485d237150e2b32a7b2e4bfb443c620a3408414dbb08
          • Instruction Fuzzy Hash: BD41B270A043028BD72EDF18D894B26BBEAEF84364F14443DE6558B6E1EBB0D941CB91
          Function 010F8B50 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7fc5431aa828eecd4eee9bde5dfb6d31b69b8657d3425b6aa064a63e312df6c2
          • Instruction ID: ae8c8eb0754c9fcd70565b2df2d0db15a5ea5aca0d41d3dfba55d8ab134edf02
          • Opcode Fuzzy Hash: 7fc5431aa828eecd4eee9bde5dfb6d31b69b8657d3425b6aa064a63e312df6c2
          • Instruction Fuzzy Hash: 1A418E71A01609CFCB15CF69C981ADDB7F1FF88324B20C66FD6A6A7690D7349901CB40
          Function 011CFB76 Relevance: .1, Instructions: 109COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 53171038fb4803eefd2e71dec157c1959c775c255978cc9ab3b378129e1038fc
          • Instruction ID: 936b2e6dadf75315cc85e9f390b4e0724e445a9ed65963f91fd869eb5fb3a2a0
          • Opcode Fuzzy Hash: 53171038fb4803eefd2e71dec157c1959c775c255978cc9ab3b378129e1038fc
          • Instruction Fuzzy Hash: CA31E331714106ABD71C8F29CC44E9BBBE6EFA8B54F11842CF908CB244D730E902C794
          Function 00D1DD03 Relevance: .1, Instructions: 108COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
          • Instruction ID: 465839ca98baafdbc0b1f04f21717abeb6979788a07b3381af70399c44063d96
          • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
          • Instruction Fuzzy Hash: 533172516587F14ED31E836D08BD675AEC28E9720174EC2FEDADA6F2F3C4888408D3A5
          Function 011102E1 Relevance: .1, Instructions: 106COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
          • Instruction ID: ed41c41a25f527c0c21164cdb5d45dd08b485c51171c3db0459b5c1583f52d10
          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
          • Instruction Fuzzy Hash: 3E312831E04645AFDB1A8B68CC40B9BFFE9AF18350F044576F815D739AC7749984CBA1
          Function 011AE3DB Relevance: .1, Instructions: 105COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 638130e678c61d932fab04fba16bd2366ee9c62db4e2e02432189e00640d21b6
          • Instruction ID: 5cefd4e922adb08d81f9419a885f5fb5d2bb1f2cb63873351028b605d712c086
          • Opcode Fuzzy Hash: 638130e678c61d932fab04fba16bd2366ee9c62db4e2e02432189e00640d21b6
          • Instruction Fuzzy Hash: 4631D775751716ABDB2A9F658C41FAB7AB9EB58B54F400038F600EB285DBA4DC01C7E0
          Function 011B4B4B Relevance: .1, Instructions: 104COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9fa50ad4b557061dbdc45b6e894ba2c58c27e53585a42ea2829ad3d95c2c867d
          • Instruction ID: b3ca2cfb6884a930169836fa990fe7e8e8ff0f274d1867bedae962d5df5d0d32
          • Opcode Fuzzy Hash: 9fa50ad4b557061dbdc45b6e894ba2c58c27e53585a42ea2829ad3d95c2c867d
          • Instruction Fuzzy Hash: 4131D6322052018FC329DF1DD9C0EAAB7E5FB81764F19847DE9968BA56D730E840CF91
          Function 01104260 Relevance: .1, Instructions: 102COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 42087c7cd5dc227c2bd3f17fb84ae154c77f42a0da467e3eda69893a122b719a
          • Instruction ID: 0c01410d2cdfaee219cfcf5a0d99b8b87d9594e784b27ee02cfb47e8356c6e03
          • Opcode Fuzzy Hash: 42087c7cd5dc227c2bd3f17fb84ae154c77f42a0da467e3eda69893a122b719a
          • Instruction Fuzzy Hash: 6841D131600B45DFD72ACF68C480BD6BBE9BF48718F01882DF6998B690C7B1E854CB50
          Function 011B4BB0 Relevance: .1, Instructions: 101COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abb18230da5cd92b27f9653134b0875e1fbac3b7090ab23c6266bc11f07878a0
          • Instruction ID: 44d8137c13d8b0ce418a2c54fce87dd51930612fc323e3f4b5b6ca17c481183a
          • Opcode Fuzzy Hash: abb18230da5cd92b27f9653134b0875e1fbac3b7090ab23c6266bc11f07878a0
          • Instruction Fuzzy Hash: F031A1716042018FD328DF28C8D0AAAB7E5FB84B20F15856DF9969B692D730EC44CB91
          Function 0117EB1D Relevance: .1, Instructions: 100COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ae9ee75a6a80ef485ae50728ef07b4b47b6c35df29da0dfa56e045ba40f8e4fc
          • Instruction ID: 98d3ea19e153141b92219588725af375006493cfcd66fab7bd7123381e5c20f4
          • Opcode Fuzzy Hash: ae9ee75a6a80ef485ae50728ef07b4b47b6c35df29da0dfa56e045ba40f8e4fc
          • Instruction Fuzzy Hash: 6631C4313026869BF72E576CC948B25BFE9BB45B58F6D00F0AB459B7D1DB28D841C231
          Function 011C61C3 Relevance: .1, Instructions: 97COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 159cfcb524a42742942f6a6996be915012b583bc1f0d35010cddba7992fae932
          • Instruction ID: 04e2bb7beabce3918b1a500b2422c7eaeae21477559152b96fbaf4a6afb297c4
          • Opcode Fuzzy Hash: 159cfcb524a42742942f6a6996be915012b583bc1f0d35010cddba7992fae932
          • Instruction Fuzzy Hash: 5B31CF76A0025AABDB19DF98CC40FAEB7B6FB48B44F454169E900EB344D770ED41CBA4
          Function 011A483A Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 173a74faae52f84fcae061927b0ae0d873043d5ccc676616d408650c1f2e8fc4
          • Instruction ID: b51e31e28950d19ce33f54d4c8af7776807f475c572a17b4098c5fd89e008c93
          • Opcode Fuzzy Hash: 173a74faae52f84fcae061927b0ae0d873043d5ccc676616d408650c1f2e8fc4
          • Instruction Fuzzy Hash: B2316176A4112DABCF25DF54DC84BDEBBBAAB9C310F1400A5A508A7250DB70DE91CF90
          Function 0112EB20 Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 67b5f67e619f1e2f4dd8a9dbe07fff447a9b3fa90ab67f714a50b2cc73bd2f61
          • Instruction ID: 250ed16c64ba80bfa9ff1de77443445a9aa12b877c70c125c4377f810feaba96
          • Opcode Fuzzy Hash: 67b5f67e619f1e2f4dd8a9dbe07fff447a9b3fa90ab67f714a50b2cc73bd2f61
          • Instruction Fuzzy Hash: C931E732E01625AFDB39DFA9CC40BAEBBF9EF08750F014425E915D7250D3709E108BA1
          Function 011C6BD7 Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 24eafa5cc0fbbc55d653178b4564525f06b890ca04d77df63af57d2063b202d0
          • Instruction ID: e083162eafecc75dfb06fcbc8087e3faab80dc797a826ae5116b42cb02424c83
          • Opcode Fuzzy Hash: 24eafa5cc0fbbc55d653178b4564525f06b890ca04d77df63af57d2063b202d0
          • Instruction Fuzzy Hash: 99316C31A002049BCB28CF69D8C5A5B7BE4FF58754F4184A9EA18DF289D370E949CBA4
          Function 011C60B8 Relevance: .1, Instructions: 95COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0c0a83666a237ac6b95f926f72a265169d08e7148ed0df8af458bbd41ba459bd
          • Instruction ID: cc355575779df9de4da32cae77e25cccc9be7bec0de16d7be9d9b3ae9b063516
          • Opcode Fuzzy Hash: 0c0a83666a237ac6b95f926f72a265169d08e7148ed0df8af458bbd41ba459bd
          • Instruction Fuzzy Hash: 1C31C271A00616AFDB1E9B99C850B6EB7B9AFD4B54F11407DE515EB342DB30DC01CB90
          Function 011007AF Relevance: .1, Instructions: 95COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ec9b8ed4e6f9c937cc59594efa24e0b11c99201c0028485ee0f097d51de0c48b
          • Instruction ID: ae1a633613934e1072364b5024d9d63d07d1814cc9d4ee6079f5a50d45f8ccba
          • Opcode Fuzzy Hash: ec9b8ed4e6f9c937cc59594efa24e0b11c99201c0028485ee0f097d51de0c48b
          • Instruction Fuzzy Hash: 8E31D632E05612DBC71BDE248840BABBBA5BF98290F02452EFD5997290DB70DD1187D2
          Function 01108550 Relevance: .1, Instructions: 94COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 76882210aae8a2d29a571a33b71b4777e27b3591930ff5f039994cf16bca70e4
          • Instruction ID: 9cb23e00de29833326e0b3451f5b1750ad884a3967282692cf257f83e08c2084
          • Opcode Fuzzy Hash: 76882210aae8a2d29a571a33b71b4777e27b3591930ff5f039994cf16bca70e4
          • Instruction Fuzzy Hash: 5A318F71A093018FE729CF19C840B2BFBE9FB98700F05496DE98497391D7B6E844CB92
          Function 00D3E833 Relevance: .1, Instructions: 93COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8cf19473fd1906b8c85758dfcabfd442766ced83056fdb96f48e214fd9512fca
          • Instruction ID: 11a47076e711d61e520c04b7141d5082c628a8737a6354e8fab734f2acda37af
          • Opcode Fuzzy Hash: 8cf19473fd1906b8c85758dfcabfd442766ced83056fdb96f48e214fd9512fca
          • Instruction Fuzzy Hash: 9831AE72B106265BD354CE7AD880655B7E6FBC8350B588739D918C3B80E774F961CBE0
          Function 00D12E40 Relevance: .1, Instructions: 92COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D10000, based on PE: true
          • Associated: 00000000.00000002.2019369249.0000000000D10000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_d10000_tZz1Ogtr2C.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 869b427709bf8535c2283dc484b8f831a178cc37bb0f51b703dfd6bac7919904
          • Instruction ID: 40bb894d42d0b8760208bf58c6b2dbad3cda72283140af5328e1af2aeb6116f4
          • Opcode Fuzzy Hash: 869b427709bf8535c2283dc484b8f831a178cc37bb0f51b703dfd6bac7919904
          • Instruction Fuzzy Hash: 0C319173B10A145FD364CEAED841657B7E1EB88310B45862DE899C3B40DB75F911CBD4
          Function 0113A6C7 Relevance: .1, Instructions: 92COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
          • Instruction ID: ceeac5125d451ed2e4a479d68b49499895eef47c1f13f12f5c46e5fb8ecfd970
          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
          • Instruction Fuzzy Hash: 27312CB2B00B01AFE769CF69DD81B57BBF8AF48A50F04052DA59AC3750E731E900CB60
          Function 011AEBD0 Relevance: .1, Instructions: 91COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 53c20f538ce3879964f76c94f1485f2188dbc54c25dc02adfa1c66ae77129b70
          • Instruction ID: b62203cde464d1d85f7a7fc1a71e17f8ffeb0c2774c1ae28d43961c8b6eb774b
          • Opcode Fuzzy Hash: 53c20f538ce3879964f76c94f1485f2188dbc54c25dc02adfa1c66ae77129b70
          • Instruction Fuzzy Hash: F031CE75606342CFCB19DF19C54095ABFF1FF89218F4449AEE4889B259E330E945CF92
          Function 0112438F Relevance: .1, Instructions: 89COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b80820023ebd548fa8717e95f16032f08f02ed69c2dda9476bffa056dc9ef3e6
          • Instruction ID: 403fb1b8ca49f741bbf8420a710fc7150183418ee436530a9fcf1b76fe912d41
          • Opcode Fuzzy Hash: b80820023ebd548fa8717e95f16032f08f02ed69c2dda9476bffa056dc9ef3e6
          • Instruction Fuzzy Hash: 9C31F432B00665DFD72CDFA8C880A6EBBFAAF80308F008429D115D3A54E730DD51CB91
          Function 010FCB7E Relevance: .1, Instructions: 89COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
          • Instruction ID: 9b97f71ba3c2ed6e6b9fc2ddd18a102a200934a6d931795cda49bc0304a82efb
          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
          • Instruction Fuzzy Hash: 1E212236E4425EAAEB049BB9C812BEFBBB5AF00740F058139DE65E7240E370C90087E0
          Function 010FC156 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abafc62ef5619a453739e4573f401ee1bb40cf048439db85917dd89f300f87cf
          • Instruction ID: 6cb58cd4f444bdb3a6fd5db7bcd0da02bcea7ee9b85fab041abd16eb9007648e
          • Opcode Fuzzy Hash: abafc62ef5619a453739e4573f401ee1bb40cf048439db85917dd89f300f87cf
          • Instruction Fuzzy Hash: 2C3159B1500201CBDB79AF68DC41BA9B7B5AF40318F5481ADDD959B386EB34D982CBA0
          Function 011BC3CD Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
          • Instruction ID: 67a7d5202d9a0c91cf67503bb7ee5df333b006f6f490dd391bdd2557c0887b68
          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
          • Instruction Fuzzy Hash: 80212D3A600652B7CB1DAB95C840BFABBB4EF90714F40841AFA95C7551E738DA40C3E0
          Function 010FE420 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e4a93292022c7175b13f6aa9a48d2f8d1706be79430232b366ee321d6349f268
          • Instruction ID: ac29b3980854940b52929207d94d7e8b68a8cb305666da4d073bc516bdf7a857
          • Opcode Fuzzy Hash: e4a93292022c7175b13f6aa9a48d2f8d1706be79430232b366ee321d6349f268
          • Instruction Fuzzy Hash: DD31C731A0151C9BDB359F18CC42BEEB7B9AB15754F0200A9E795A75A0D774AE808F90
          Function 01134588 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
          • Instruction ID: 065f5866db5f5ab8d76649b3fec3c630fd8f782b8727a7c143753e059f7c222d
          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
          • Instruction Fuzzy Hash: 3E21A172A00609EFCB19CF58C980A8EBBB5FF88714F1080A9EE159F645D770EE05DB90
          Function 011344B0 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cbdbf8a1fa07e17149493d8967fe32626d5db9f03302a5e7689f5828ec401119
          • Instruction ID: ea436e5daea308c465f949bfaa6ce32792647f02a0b573910033553813a91547
          • Opcode Fuzzy Hash: cbdbf8a1fa07e17149493d8967fe32626d5db9f03302a5e7689f5828ec401119
          • Instruction Fuzzy Hash: 7521C372A047459BC72ADF18C840B6BBBE4FFC8760F014529FD559BA85D730E9018BA2
          Function 010FE388 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
          • Instruction ID: 4f8df180fae0c86c2476129e759d38c25d5c2fee49e4ac898d7ca235d7190e09
          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
          • Instruction Fuzzy Hash: BB318B31600605EFDB25CB68C885F6AB7F9EF85354F1145A9E652CB6A0E730EE02CB50
          Function 011D03E6 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 73068fa30f11dfedf5c34f54cd1c1e382ec8b2931e1c2a3df257ae3e0dc9f0b2
          • Instruction ID: 5de835f1533e6134b480129a3509973678d225ced870e9572b9a29e2b5b2f2ce
          • Opcode Fuzzy Hash: 73068fa30f11dfedf5c34f54cd1c1e382ec8b2931e1c2a3df257ae3e0dc9f0b2
          • Instruction Fuzzy Hash: 82313E71A04119AFCB1CDBA4D894E9FBBB9FB8C214F414129F915E7240DB70AE44CBA0
          Function 0117E609 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ceeb595b599ebfcef676fe5b04247f19973911d3a5ee14bdc09f677131d0de0b
          • Instruction ID: 622653c5d31829773a25ef9d80767806299095580782336dae76ae9e811e9646
          • Opcode Fuzzy Hash: ceeb595b599ebfcef676fe5b04247f19973911d3a5ee14bdc09f677131d0de0b
          • Instruction Fuzzy Hash: 32315A75A012059FCB1CDF18C8849AEB7F6FF88304F158499F80A9B391E771EA51CB91
          Function 011D0591 Relevance: .1, Instructions: 84COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cef60624758253166ecbecc5f575358f8aa2fcf0d9d6125a944c26bb1bcc6cf1
          • Instruction ID: d28d0ab2ebad4a5cd6fc5f9f9a0fc3989d2f7a2669d19df57ae0458c9ae3073c
          • Opcode Fuzzy Hash: cef60624758253166ecbecc5f575358f8aa2fcf0d9d6125a944c26bb1bcc6cf1
          • Instruction Fuzzy Hash: D321B1326142058FD72CCE2DD8806AAB7A2EFD8310FA58538ED15DB285D770F846CB50
          Function 011806F1 Relevance: .1, Instructions: 79COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9997bd9d4ee99edd8899ce6a0c1d4bcd7575df306bf2eecd64f59334b13f3a12
          • Instruction ID: 9bc712e9eab8f60f459273b67fab3361d675af24e32766430ce83716149925ba
          • Opcode Fuzzy Hash: 9997bd9d4ee99edd8899ce6a0c1d4bcd7575df306bf2eecd64f59334b13f3a12
          • Instruction Fuzzy Hash: C421B1719005299BCF18EF59C881ABEB7F4FF48744B554069F541EB240E738AD41CFA1
          Function 0118019F Relevance: .1, Instructions: 78COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 534d3c4c16cd0329de72dde8939f1ff1934a4c20a3954d5ab24e56381590c985
          • Instruction ID: 94ab5cc208cfef1505e83f707256f396c03a4b282f99f86a11d336546aee97dd
          • Opcode Fuzzy Hash: 534d3c4c16cd0329de72dde8939f1ff1934a4c20a3954d5ab24e56381590c985
          • Instruction Fuzzy Hash: 9121BC71600649AFDB19EBACC840F6AB7A8FF88754F144069F904D7690E734ED40CBA4
          Function 01180283 Relevance: .1, Instructions: 74COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 96d0ae92a5cc33e88c76ac4f05eb91692f3e88a6821c2ad9ffe2028edf201ae2
          • Instruction ID: f12de5157ed12e98ffffb201a3fd888f4ed6f6181eceb7e635e286c4dfed1011
          • Opcode Fuzzy Hash: 96d0ae92a5cc33e88c76ac4f05eb91692f3e88a6821c2ad9ffe2028edf201ae2
          • Instruction Fuzzy Hash: 7421227290834A9FD719FF5DC844B5BBBECAFA4254F08846ABD90C7251D730D908CAA2
          Function 01122835 Relevance: .1, Instructions: 73COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4be600691ba79d786159136aa2ff7db7e907ce872a572df62b3d462e5bbfa8c5
          • Instruction ID: 4d9b2cd00acf9da699aad9c5b0344bf22a45587301a14dc99dbdb25ef3d36f88
          • Opcode Fuzzy Hash: 4be600691ba79d786159136aa2ff7db7e907ce872a572df62b3d462e5bbfa8c5
          • Instruction Fuzzy Hash: A3213B327056919BE72E572C9C04B2C7BD9AF41B74F190364FA30AF6D6DBB8C821C211
          Function 011D01AA Relevance: .1, Instructions: 71COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a1f8a628e2825cd395a77781f78dd9cfab4c83b9e3ba07f66bc8da6bd6419b13
          • Instruction ID: a06d4e32bea24955d0590092b7c91f0e166c964a8502329da1d14c88ce99ba00
          • Opcode Fuzzy Hash: a1f8a628e2825cd395a77781f78dd9cfab4c83b9e3ba07f66bc8da6bd6419b13
          • Instruction Fuzzy Hash: 6C21B4612042544FD705CF5A98B44F6BFE5EFCB125B5A81FAE9C4CB793C924980AC7A0
          Function 0113A30B Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9cf5f58a5d53d6502ea71c9de68197d380737e08ffed75e2073c86f06f8577ca
          • Instruction ID: e2e9377c16a9b89db88316f076ef20c200e8762f984126bebcae50bb47dd105d
          • Opcode Fuzzy Hash: 9cf5f58a5d53d6502ea71c9de68197d380737e08ffed75e2073c86f06f8577ca
          • Instruction Fuzzy Hash: AD21A739200A019FCB29DF29C900B56B7F5BF48B48F24846CA559CBB69E371E842CF94
          Function 011BA49A Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 576492eb189c9864532611a0afa878af166daf62a407cad5826781f22edcb81f
          • Instruction ID: 7b7d3c38ccba49cd3b32ccd86a8a6e17691aed8580656325c3b7308d232bab70
          • Opcode Fuzzy Hash: 576492eb189c9864532611a0afa878af166daf62a407cad5826781f22edcb81f
          • Instruction Fuzzy Hash: 76113A32340A117FD32A5654AC80FABB6D9DFD4B60F510128FB09CB180EB74DD008795
          Function 01180946 Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d237e3d0989c4180d77fc383d0ad89d38df1c6fcfdf6bbb2798284d9b4aa65bc
          • Instruction ID: 37d3fa6f6469880e99578128d92e5e5829282f7c82eb7e27848f1ca3c6123e4d
          • Opcode Fuzzy Hash: d237e3d0989c4180d77fc383d0ad89d38df1c6fcfdf6bbb2798284d9b4aa65bc
          • Instruction Fuzzy Hash: D321E9B1E00209ABCB24DFAAD981AAEFBF9FF98710F10412EE515A7240D7709945CF54
          Function 011980A8 Relevance: .1, Instructions: 69COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
          • Instruction ID: e822cf8e114dd53d62814f25a4641659b0775cb10d96c48f9957b8fb8d62e6ec
          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
          • Instruction Fuzzy Hash: AF218EB2A00209EFDF169F98CC40BAEBBB9EF89350F21442AF920A7251D734D9518B50
          Function 011CEE26 Relevance: .1, Instructions: 69COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aa8c3979e65e35f68521d233c13962f52c885874c3a5a76df24ec27f0ab3239b
          • Instruction ID: 89cf92151d3f093e4261449a50b55002a7b62b400d6e7ecb4349c25c0fa69e95
          • Opcode Fuzzy Hash: aa8c3979e65e35f68521d233c13962f52c885874c3a5a76df24ec27f0ab3239b
          • Instruction Fuzzy Hash: 6021AF33A108219B9B1CCB3CC80446AF7E6EFCD35436A427ED912DB6A4D770BA11CA84
          Function 01130124 Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
          • Instruction ID: 431ad3726fc0a5b6a9b0dc1f6993693391567ad6c919703fc4d9e1c388a549a9
          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
          • Instruction Fuzzy Hash: 4F11EF73601605AFEB2ADB48CC81F9ABBB8EBD8B58F100029F6019F190D771ED44DB60
          Function 01108770 Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 47fd59f6c9c8341e76a373517899a7aba59e7e0abcf6da99b2a3252d51be855c
          • Instruction ID: 592f99660af731bef47f5903a3146d97d076b56a82b19a5a8ef0fbff576540e1
          • Opcode Fuzzy Hash: 47fd59f6c9c8341e76a373517899a7aba59e7e0abcf6da99b2a3252d51be855c
          • Instruction Fuzzy Hash: 1811B231F04A119BDB1ACF4DC480A56BBE9AF9A714B19407DEE089F289D7F2D901CB91
          Function 011080E9 Relevance: .1, Instructions: 66COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 15e44d5dedcf79320ede84c52d31e8bb20e65b12dc202a495e8513a9a0a23658
          • Instruction ID: 665ed3effeebec54d520a117ff0bc4ef67b47bde4fa7166a31293061424d04c8
          • Opcode Fuzzy Hash: 15e44d5dedcf79320ede84c52d31e8bb20e65b12dc202a495e8513a9a0a23658
          • Instruction Fuzzy Hash: B3214975E04206DFCB19CF98C581AAABBB6FF89318F24416DD105AB355CBB1AD06CBD0
          Function 0113674D Relevance: .1, Instructions: 65COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 540f7a7170456757debe46b30d43d9a76fedd4ea4bca894fdbe5571b07a7c9b5
          • Instruction ID: 9ca437a181bcb645bb37f8e08ca33940e290bccfccae5503388a2b77b6e46e9b
          • Opcode Fuzzy Hash: 540f7a7170456757debe46b30d43d9a76fedd4ea4bca894fdbe5571b07a7c9b5
          • Instruction Fuzzy Hash: 97219075500B00EFD7298FA8C841F66B7F8FF84250F40882DE5AAC7650EB30A940CBA1
          Function 01196870 Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: efe2d848b59df90b0f77f326a24fe67def5dc910435b89d8d97facf283c0ea52
          • Instruction ID: 2ee300aae13b0e2bb5a70118bdde7d33dd744ae711929a6c5905ce0fdc860083
          • Opcode Fuzzy Hash: efe2d848b59df90b0f77f326a24fe67def5dc910435b89d8d97facf283c0ea52
          • Instruction Fuzzy Hash: 7411A332240614EFCB2ADB5DCD40F9ABBA8EF95764F114025F625DF251EB70E901C7A0
          Function 0112E8C0 Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dac9d68b32fe29b184e178e5728b9efb2d21f321b75e604d6cc4985e6c403999
          • Instruction ID: a8105182e37c933c8c5b95c7f5ed3d67233303d65610d54bb57b451db060f118
          • Opcode Fuzzy Hash: dac9d68b32fe29b184e178e5728b9efb2d21f321b75e604d6cc4985e6c403999
          • Instruction Fuzzy Hash: 291148333011219FCF1DCB29CD90A2BB65AEFD1374B258539D9228B284EB319812C390
          Function 011366B0 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c59114284174a830c385555e351cb6099e58875677320fbf71012a8e3b0b0549
          • Instruction ID: d8686ff38ef485a88ec31e7ebf994b55ac601752c94b0735e99ae70360257571
          • Opcode Fuzzy Hash: c59114284174a830c385555e351cb6099e58875677320fbf71012a8e3b0b0549
          • Instruction Fuzzy Hash: 7411C176A01A05EFCB2ECF59C581A5ABBF5AFC4650B52407DD9059B319E730DE00CBA0
          Function 011CA8E4 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
          • Instruction ID: c91e801cc02549698e6f68be6dc4fb4844a114417ad9f4f6a199178fce501054
          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
          • Instruction Fuzzy Hash: 70110436A00919AFDB1DCB58C841B9DFBB5EF94714F058269E85597340E731FD01CB80
          Function 0118E7E1 Relevance: .1, Instructions: 59COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
          • Instruction ID: 050f12ffb3103b3f18bd922dc288d924e8757145f9eefec9f7a18b604d1801b2
          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
          • Instruction Fuzzy Hash: D111C632A12605EFE729AF49C844B5EBBE6EF46754F05C428F9099B160D771DC40DF90
          Function 011227ED Relevance: .1, Instructions: 58COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 264be1864523086eb7bac151e610d9083c25544bb50b41abd05b0cee1755e239
          • Instruction ID: 5733d6247023f7006cfc41fa713ef08d0b32d7e2dd7224b1009f5d0511a09ea7
          • Opcode Fuzzy Hash: 264be1864523086eb7bac151e610d9083c25544bb50b41abd05b0cee1755e239
          • Instruction Fuzzy Hash: D6010431605685ABE31EA66EA844F2B7ACCEF912A4F060075FA009B250DB65DC10C2B1
          Function 01104690 Relevance: .1, Instructions: 57COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6113eba78ecdd808f295bb4789d7115ac6e0cb30d15d43659734bd7c919a348d
          • Instruction ID: 0da64d76134afc7dc96ab2d81124e9b85245add8ed57d3a905c0f6f2f72b1c38
          • Opcode Fuzzy Hash: 6113eba78ecdd808f295bb4789d7115ac6e0cb30d15d43659734bd7c919a348d
          • Instruction Fuzzy Hash: DE11A335A00A45AFD72BCF5DD980B567BA5EB85764F014129FA048BA90C7B0E840CF60
          Function 011D4B00 Relevance: .1, Instructions: 57COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c27770d7522e673d32b9a8e1c69de98154604241f93f3a1b2388ca222b8c7450
          • Instruction ID: d1c9eab64e5c102444d5fe24e7bbde338cf4996b013fb34260e307767ef214f6
          • Opcode Fuzzy Hash: c27770d7522e673d32b9a8e1c69de98154604241f93f3a1b2388ca222b8c7450
          • Instruction Fuzzy Hash: EF1129322006119FDB29DB2DD880F27B7A6FFD4724F194429E686C7E54DB30E802CB90
          Function 01136620 Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 53601287aa31f6cadf2c72abd18947f81feec97f78f192a36295c33760523ced
          • Instruction ID: 411c6d2cf12614bb69b2682488dc3f6883c0f7a01c05b7ccb4b4120e1c78fd20
          • Opcode Fuzzy Hash: 53601287aa31f6cadf2c72abd18947f81feec97f78f192a36295c33760523ced
          • Instruction Fuzzy Hash: 6E11E5B2A00715BBDB2ADF59C980B5EFBB9FF84790F510069DA01A7248D770AE01DB60
          Function 0112EA2E Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c7934034fecc409a9ce1ff1a8c0f38406309d5e50fc5e6ddca89452ac656144c
          • Instruction ID: ef5d2348c6318cef7a7b60af0e1367a54a9c71c5c11f843bf334e8174d41d6c9
          • Opcode Fuzzy Hash: c7934034fecc409a9ce1ff1a8c0f38406309d5e50fc5e6ddca89452ac656144c
          • Instruction Fuzzy Hash: 220192715021099FC72DDB19D544F16BBFAEB85318F21817EE1098B2A4C7B0AC82CB90
          Function 0112E53E Relevance: .1, Instructions: 55COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
          • Instruction ID: d5ab725da7dab1cf7cc78c7f30ba2b3b9109c09ad5228379212e0e7db6aec6b0
          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
          • Instruction Fuzzy Hash: CD11E9762126D39BEB2F971CE564B297798EF00768F1A00A0ED4187642F329C863C251
          Function 0118E75D Relevance: .1, Instructions: 54COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
          • Instruction ID: 459fba62cc06af3f4ce387f5a8a50199e93bce8e9da05de372f38e13db8122fa
          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
          • Instruction Fuzzy Hash: 79019236602905AFE72DBF58CC00F5ABAAAEB95754F05C424EA059B260E772DD50CFD0
          Function 010FA250 Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
          • Instruction ID: 73eb113edc5d4c4d6140a0732255f4312f867d1bbaeeca3beafa81f03425b054
          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
          • Instruction Fuzzy Hash: E5010435705B21DBCBA18F1DE841A2ABBE5EB95B70700856DFAD98BA81D731D400CBA0
          Function 011D4940 Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8c4ebbae1cd95758332579139cc55e62e4d6f40b2d4478058655e7e65b4381f7
          • Instruction ID: 041fd7457cb0df41f82561233ba0058a86f659d88e99b91870a4262e6a86f7eb
          • Opcode Fuzzy Hash: 8c4ebbae1cd95758332579139cc55e62e4d6f40b2d4478058655e7e65b4381f7
          • Instruction Fuzzy Hash: 930149325412019FC73EDF1DC840E12B7A8EB89374B254225E9689B99AF730EC01CBC0
          Function 0117E1D0 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6a9380685c3edd76cbc8841bfd2c058c8d3590854a82793dfa6da6a4680a1601
          • Instruction ID: 7df8406b10fb55a0e1f137996cc196cd123846a0d0ad928e79df9f1e915579d1
          • Opcode Fuzzy Hash: 6a9380685c3edd76cbc8841bfd2c058c8d3590854a82793dfa6da6a4680a1601
          • Instruction Fuzzy Hash: F311A132642241EFDB1AEF19CD80F16BBB8FF54B58F1000A9E9059B691C735ED01CA90
          Function 01106259 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f6a7e66ab719829107ed340a9ddfe7760eb113ed93a083942ebabe9502fad265
          • Instruction ID: 0e0d12cb4f96dc609e78c44b6ef9919cfb8e6d15571579efa62035260623c66f
          • Opcode Fuzzy Hash: f6a7e66ab719829107ed340a9ddfe7760eb113ed93a083942ebabe9502fad265
          • Instruction Fuzzy Hash: EE115E70941229ABDB29EB64CC41FE9B374AF48714F5041A5B318A60E1D7709E91CF85
          Function 01186050 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 13d0ccf0388d2de446997a75bc7f2e616c7956b16f9821f3d9ead8b7be4a7f5c
          • Instruction ID: bf417220dbd4ca1ae1b41a75de88586a8963a1e561dfcec4855f769787637253
          • Opcode Fuzzy Hash: 13d0ccf0388d2de446997a75bc7f2e616c7956b16f9821f3d9ead8b7be4a7f5c
          • Instruction Fuzzy Hash: 39111776900119ABCB1AEB94CC80DDFBB7DEF48258F054166A906E7211EB34AA55CBE0
          Function 0110208A Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
          • Instruction ID: 694b6d7b93b0c7298ef0e19f05808d1ed27ac072181630df5978a0ef1a0225f6
          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
          • Instruction Fuzzy Hash: 9901F532A002118BDF1EDA2DD884E56776BBFC4614F5645A5ED158F28ADBB18881C390
          Function 01196500 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fc93bd7829526dc65bec9f85b65d6b9b3951213e6153f8ffa792d0c913b1d101
          • Instruction ID: 6234d828c764ee8f080d2694610439e940658d211d97ad922401f702a5292e8f
          • Opcode Fuzzy Hash: fc93bd7829526dc65bec9f85b65d6b9b3951213e6153f8ffa792d0c913b1d101
          • Instruction Fuzzy Hash: 741108326001459FD709CF18D400BA5FBB6FB56344F098159E854CB315D731EC80CBB1
          Function 0118C810 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d2df7677358efcef2398f949049dc3a50d6405a7839c135164f4d17804a57c79
          • Instruction ID: becf48a098095c98715d456fce4d62ba894b4bc38fed107dbc2fc47bba7e168f
          • Opcode Fuzzy Hash: d2df7677358efcef2398f949049dc3a50d6405a7839c135164f4d17804a57c79
          • Instruction Fuzzy Hash: 5B1118B1A102099FCB04DFA9D541AAEBBF8FF58250F10806AA915E7351D774EA018BA4
          Function 011AEA60 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2cad83f29e3cf93a7afa607e6571586594f7a88c0bf94c0238eea7402cd9f030
          • Instruction ID: bb887a76fabe7b3bcbbe49b3dcbb299d1ae4c3fddacd46911b0e39c60be40ff1
          • Opcode Fuzzy Hash: 2cad83f29e3cf93a7afa607e6571586594f7a88c0bf94c0238eea7402cd9f030
          • Instruction Fuzzy Hash: 690128391421119BCB3EAB158450D76BFBAFF51654B95443EE2515B210C730EC41CB91
          Function 010FC020 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
          • Instruction ID: 17aef1f6946bbcd594005a1a6fcb870b032898dff753e4691b5d7dd2df0bc567
          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
          • Instruction Fuzzy Hash: FD01F532100709DFEF6A96A9D901EA777E9FFC5218F04885DEA968B940DB70E402CB50
          Function 011420F0 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f9f28682dcd390a579cd19914b52488f021f347b355b4c3dc1f5a4ed72767cb1
          • Instruction ID: 3341551dd63914227b740fef4e08b82fb4c7678aacd9ba42fce1d583b6e40dbd
          • Opcode Fuzzy Hash: f9f28682dcd390a579cd19914b52488f021f347b355b4c3dc1f5a4ed72767cb1
          • Instruction Fuzzy Hash: 08116935A0120DABDB09EFA4D850BAE7BB5EF44A54F0040A9F9119B290EB35AE51CB90
          Function 0113E5CF Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e102634b5a313309b85ea6264d44d28658d5ca3a16aef1e3de94bf42f684f1c4
          • Instruction ID: ba7ba9655f00b7f218042abee2f5cbc43d218ae344d47c5bfd8c61ad3eb04aee
          • Opcode Fuzzy Hash: e102634b5a313309b85ea6264d44d28658d5ca3a16aef1e3de94bf42f684f1c4
          • Instruction Fuzzy Hash: 9B01D471301A057BC319BB69CD80E57F7BCFB94668B000539B20983654DB34EC11C6A0
          Function 011969C0 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: adcd708289ff6f9f5e4152d15f213cb77e0d990f0dcd6ec98abb86ea78e76a2e
          • Instruction ID: be10fc70d1ea74f1f60f0eae9623fab49015545bf3ac0b78f5f5bab5b1db26a3
          • Opcode Fuzzy Hash: adcd708289ff6f9f5e4152d15f213cb77e0d990f0dcd6ec98abb86ea78e76a2e
          • Instruction Fuzzy Hash: 0201FC32224212DBC728DF6AC848967FBA8FF54664F514129E97987180E7349901C7E1
          Function 0118C460 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b1d1aef883266a1ff20cb8b1538bc88dcb1147c3f3cfc78af9241b15b9e787af
          • Instruction ID: 7ad55ea74ea4bca363457190412ac3bd2b967a07041c17d35cf74b76364bd1f3
          • Opcode Fuzzy Hash: b1d1aef883266a1ff20cb8b1538bc88dcb1147c3f3cfc78af9241b15b9e787af
          • Instruction Fuzzy Hash: A1115B71A01209ABDB19EFA8C840FEE7BB5EB48654F008059B90197340DB34EA51CBA0
          Function 0118C97C Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 76522e9d91c02817ded2456bf11f5f5537d7eca344624a4365788957ba95841f
          • Instruction ID: e7a4d817562657be00dcfc13cd85d6be32f7aa344e1bbfb444631d0bfc9e309c
          • Opcode Fuzzy Hash: 76522e9d91c02817ded2456bf11f5f5537d7eca344624a4365788957ba95841f
          • Instruction Fuzzy Hash: 261179B1A183089FC704DF69C441A9BBBE4EF98710F00856EB998D7390E730E900CBA6
          Function 0118CA11 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c443465ffdc905165512654d096b15c8e454f66f68ee3990e1d9d9703a571f1f
          • Instruction ID: 86abf90dc93e1efd5927895daf371c68a3a7e2a0f6f71aa844741d5e4ffeddbf
          • Opcode Fuzzy Hash: c443465ffdc905165512654d096b15c8e454f66f68ee3990e1d9d9703a571f1f
          • Instruction Fuzzy Hash: F01179B16183089FC704DF69C441A9BBBE4FF99750F00852EB998D73A4E730E900CBA6
          Function 011D4A80 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
          • Instruction ID: ad5c669a88f65b77a7396ce2ed012240cb0f42ce3feaa6f22aa9ae49ac717907
          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
          • Instruction Fuzzy Hash: 9701D8372006019FDB299A6DD844F56B7E6FBC5210F444859F6438BE94DB70F850C755
          Function 0111E016 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
          • Instruction ID: 3532e888bbcca4aad42cbacf44717719c59fc418074c092b7165a0c9fd737057
          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
          • Instruction Fuzzy Hash: F7015A32305684DFE36B966DC948F2ABBD8EB44B54F0904B1ED15CB692D768DC40C622
          Function 010F826B Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a2ecdbd5c7ae0b8d0cd5f095e9e943bd54a630fcd67b7b2d0c9de012b1f0af32
          • Instruction ID: 1535c07ca9aeb1715502a58d6abd0cba90a0182316d206e3f2f2313910d838ac
          • Opcode Fuzzy Hash: a2ecdbd5c7ae0b8d0cd5f095e9e943bd54a630fcd67b7b2d0c9de012b1f0af32
          • Instruction Fuzzy Hash: E6018436614505EFD75CEB69DC059EE77F9EF81624B15806E9E01A7A80DF30E902C690
          Function 011AEB50 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 6cb65b9a0676c49fa8d81bd6c45e887ca03c30cdc8dd0110de4dceb62dcb6569
          • Instruction ID: cd9a438b14513f7dc748e5abe761dfdca043e70ded4dc07a6afc855747b1faeb
          • Opcode Fuzzy Hash: 6cb65b9a0676c49fa8d81bd6c45e887ca03c30cdc8dd0110de4dceb62dcb6569
          • Instruction Fuzzy Hash: B301F271281B01AFD3395B5AD940F16BEA8EF95B50F11443EF3169F3A0C7B0A881CB94
          Function 01102582 Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2c8fa82eb5cfa61e3497de1646ead7f90c17ec5ecfa6c7aa4d5f297a79712055
          • Instruction ID: 3d18f07d0a3a33552744b014895da7f4a2af049ad6cc9976b18f74644c46755a
          • Opcode Fuzzy Hash: 2c8fa82eb5cfa61e3497de1646ead7f90c17ec5ecfa6c7aa4d5f297a79712055
          • Instruction Fuzzy Hash: 45F0F932A41A21BBC73A9B568C44F47BEA9EB84B94F114029A60597640D770ED02C7A0
          Function 0112C073 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
          • Instruction ID: bfce23c135774286f29ba6ac3303566db16581635852241df007193ad66b30c9
          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
          • Instruction Fuzzy Hash: 38F0C2B6A00A25ABD328CF4DDC40F57FBEEDBD5A84F048128E605C7220EA31DD04CB90
          Function 010FC310 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
          • Instruction ID: dc526e69e517517f92f226b99f81a27288708d82cbbb0f7b5221ede3d7e2b7e9
          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
          • Instruction Fuzzy Hash: 88F04C332046279BF73656594943F6BA595CFD1AE4F1E403DE3459BA04CA608D0253D1
          Function 011D634F Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 54fceb03362a187fecd20a0046d9a031e4e3e965090e7d8e747c7f20e94c1baa
          • Instruction ID: 20fca67484e34fe45830d4f5b899ba14036a2e6214cccd77b9167c0a8a4d5104
          • Opcode Fuzzy Hash: 54fceb03362a187fecd20a0046d9a031e4e3e965090e7d8e747c7f20e94c1baa
          • Instruction Fuzzy Hash: 0B017C71E14209ABCB08DFA9D440AAEB7F8FF58704F10402AE914E7350DB34DA00CBA4
          Function 011D625D Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9bee99064abcb7a00b189b897bbcb63ef3cbb0e169f08c40859acf05e628bd87
          • Instruction ID: 6300649bec685c7ac4d322314a31aa0a9d4f7e5310e469d30c17d59f3f9561e7
          • Opcode Fuzzy Hash: 9bee99064abcb7a00b189b897bbcb63ef3cbb0e169f08c40859acf05e628bd87
          • Instruction Fuzzy Hash: FF018F71A1020AEFCB08DFA9D441AAEB7F8FF58704F10402AF910E7350D774AA00CBA4
          Function 011D62D6 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5462f7f67c6e1621180bf95764b3f7e9f05faad629f2f113d6f35d824380425a
          • Instruction ID: 01329a20e1a08610df7462cec5a91e91785be1bb7da96c21df834de7332bc4fd
          • Opcode Fuzzy Hash: 5462f7f67c6e1621180bf95764b3f7e9f05faad629f2f113d6f35d824380425a
          • Instruction Fuzzy Hash: D6012C71A14209ABDB08DFA9D441AAEBBF8EF58714F50406AE914E7390DB749A01CBA4
          Function 0113CA6F Relevance: .0, Instructions: 42COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
          • Instruction ID: f238daf7cfa96991e9a28fac838456ff3e8b51b4c0c75b038836a589dac8a4c6
          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
          • Instruction Fuzzy Hash: E601F9312006899BD72E971DC809F99BFE9EF81764F094066FA059B795E7B4C801C261
          Function 011D61E5 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 02399429659b473aa1aeb8590e0bb398c757ce27c0eabf5df1592411acb84d4e
          • Instruction ID: 649f8cbe80c25cd4ee8c0abb0431da091e2ab538ffd4c24eecdbcb7ac9ad4c4c
          • Opcode Fuzzy Hash: 02399429659b473aa1aeb8590e0bb398c757ce27c0eabf5df1592411acb84d4e
          • Instruction Fuzzy Hash: 27018F71A102499BCB08DFA9D441AEEBBF8FF58714F14006AE500E7280D734EA01CB98
          Function 011863C0 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
          • Instruction ID: 5064c0a0a9daf54163c6c2b7e618ed1da430606be0742b65e829b2ae199fc909
          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
          • Instruction Fuzzy Hash: A6F01D7220001DBFEF06AF94DD80DEF7B7EEB592A8B104125FA1192160D731DD21EBA0
          Function 0118A4B0 Relevance: .0, Instructions: 40COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f5667ffd1a6f21d87168ee2afcdd050fd79dad9b94215ad5e574986e883ccb24
          • Instruction ID: 1825d21746cc2375ee86683e6606664e65392bea4c5852f9cce89024ac940ce9
          • Opcode Fuzzy Hash: f5667ffd1a6f21d87168ee2afcdd050fd79dad9b94215ad5e574986e883ccb24
          • Instruction Fuzzy Hash: 81018936100149ABCF16AE84D840EDA3F66FF4C664F068116FE2866220C332D9B0EF91
          Function 010FC0F0 Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6c8447a537dee903bef6f49a1038fc340a7cbcea4b28956e03a0bd9581b38798
          • Instruction ID: a124cb76d15e73deb8717ca5e33d7cb5405723743b211ea17a3f4c0e2bf6e160
          • Opcode Fuzzy Hash: 6c8447a537dee903bef6f49a1038fc340a7cbcea4b28956e03a0bd9581b38798
          • Instruction Fuzzy Hash: 0FF08B312003495BF3549108CE03F2232D9F7C1254FA880ADEB448BAC0EAB0DC018391
          Function 0113656A Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c8c9272fa9f7478dd81418d34a775c32337a3ac0e25b8ff4fc1fca660de753e3
          • Instruction ID: e5b1d8d64b0c935a82b5f49ce7d0dcc2d3a04bee0aebcc5ab9e0225a55bf26cf
          • Opcode Fuzzy Hash: c8c9272fa9f7478dd81418d34a775c32337a3ac0e25b8ff4fc1fca660de753e3
          • Instruction Fuzzy Hash: 0501A470305681ABE72E9B2CCD48B293BA5BB80B58F4901B4BA118BBDAD728D541C621
          Function 011A437C Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
          • Instruction ID: 052c8ca42660c95889bc7407e5be0066c609946cf06b0921a24515e81db3d9dd
          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
          • Instruction Fuzzy Hash: 3BF0B439749D3347E77DAA2F8420B3EAE569F90A01B4D453C9641CBA80DFA0D8048794
          Function 0118E872 Relevance: .0, Instructions: 36COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
          • Instruction ID: c4ddd647331cfe185e45b2f140688f8f305e43119f4fd36e2083105b0fd42d0b
          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
          • Instruction Fuzzy Hash: 8DF089337665119BD739AA4DDC80F1AB768EFD6A60F1A4075A6149B264C760EC02CFD0
          Function 0118C89D Relevance: .0, Instructions: 36COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9a182fbea1c4e4fa58da9e8c7023d019edf111424058facf0d7aaca5ebdf7005
          • Instruction ID: 6b070d615194811f0d69536be1838df9b9b60255f7f30ceb1a085aa8b3dd6b69
          • Opcode Fuzzy Hash: 9a182fbea1c4e4fa58da9e8c7023d019edf111424058facf0d7aaca5ebdf7005
          • Instruction Fuzzy Hash: 73F0AF706193049FC318EF68C441A1AB7E4FF98714F80865AB8A8DB394E734EA00CB96
          Function 01130854 Relevance: .0, Instructions: 35COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
          • Instruction ID: 132e59e8c48b3c49f161eaa56ffcb4560c653ac8512720b8192913c8e7a45c0f
          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
          • Instruction Fuzzy Hash: 79F09072A10204AEE718DF25CC01F96B6E9EFAC344F1580B8A545D7164EBB0ED41C794
          Function 0118C912 Relevance: .0, Instructions: 34COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e26e6ac5897c35a3d27512f80b607d7285a4e7c251640155af170e8e8be0f7a0
          • Instruction ID: 8b66aa3d5acdad7c9e1605946a092e9435f2219bed3dbc273903ee075b314df2
          • Opcode Fuzzy Hash: e26e6ac5897c35a3d27512f80b607d7285a4e7c251640155af170e8e8be0f7a0
          • Instruction Fuzzy Hash: D1F06270A11249DFCB08EFA9C515B9EB7B4FF18704F508069B955EB385EB34EA01CBA4
          Function 011047FB Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1e3b4a8bdf1f57a5280b562bc1e8859d175e8f2542c03b98a4368dfaadec001d
          • Instruction ID: a2955d39393f72a2f0ea6ae847295b38e95ec7a6c267f7b276964e7ae32b8f07
          • Opcode Fuzzy Hash: 1e3b4a8bdf1f57a5280b562bc1e8859d175e8f2542c03b98a4368dfaadec001d
          • Instruction Fuzzy Hash: 43F0F071D022E09EE73B8BACC084B21BBC49B00625F098C6BD78983DA2C7E4DA80C641
          Function 011C0115 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f41463327741c504791c3d74ed39bcdd32190c2a5fcbb7d2a782dcbaa35b7530
          • Instruction ID: 686dd14cda7ed91098fa06d72a511672d758b7a813d7ef60675689db5db63749
          • Opcode Fuzzy Hash: f41463327741c504791c3d74ed39bcdd32190c2a5fcbb7d2a782dcbaa35b7530
          • Instruction Fuzzy Hash: FFF0276A4166818ACF3E6B2C78903D5AB54F7A9914F09105DD4B167205C774C8C3C320
          Function 0113C5ED Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3dac96cefdffa0e6e21c0d6e1dcbc61d8111b9bccc8a1eed3c5787cda3553c58
          • Instruction ID: 25729297b9ccf93931d095f7a2d9ce575ccc03bc3903f4bc8d028361db5d6a5b
          • Opcode Fuzzy Hash: 3dac96cefdffa0e6e21c0d6e1dcbc61d8111b9bccc8a1eed3c5787cda3553c58
          • Instruction Fuzzy Hash: E4F0E2F15116919FE33E972CC548B11BBD89BC07A4F099427D5069772AC774E880DAD1
          Function 01142619 Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
          • Instruction ID: 91a612c58071cfc5658128a6653e4949f7f1032bedbe5204c06d883881f57a15
          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
          • Instruction Fuzzy Hash: 81E0D832301A016BE7259F599CC0F47BB6EDFD6F14F040079B9045F251CBE2DC4986A4
          Function 01196030 Relevance: .0, Instructions: 29COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
          • Instruction ID: d1865e78854168e11010e08bfab5f37678d20d6bd8c850df310d23c4895cb11b
          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
          • Instruction Fuzzy Hash: 30F0E572100204DFE7288F09DD80F52BBF8EB05368F0AC026E6188B160D339EC40CBB0
          Function 01100710 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
          • Instruction ID: d26dabefbbfd7dc4a6b624f3b2f062b11d7b24997a99525e1d0be2abd7ff48a4
          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
          • Instruction Fuzzy Hash: D2F0E539A04B41DBDB1FCF19C040AD9BBA4FB453A0B014054FCA28B341D775E981CB51
          Function 011349D0 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
          • Instruction ID: a952add42ae5de7c6520d8342a1093bc665cd7521f8ad059d175bd0a242d8c0d
          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
          • Instruction Fuzzy Hash: 2DE0D832244545ABD3295A598800B66BBA6EBD17A0F160439E2028B958DB70DC42C7D8
          Function 011D4164 Relevance: .0, Instructions: 27COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 16cedaadf2cc225c706edbd277ec3cf50d3d1c6543df34916ab9a35a8956e784
          • Instruction ID: 61796b342f2361303cc3b71b48371ae095ee15af54b74e9d3855baa72352e758
          • Opcode Fuzzy Hash: 16cedaadf2cc225c706edbd277ec3cf50d3d1c6543df34916ab9a35a8956e784
          • Instruction Fuzzy Hash: 9BF0ED36A26AA18FE77AD73CE280B56B7E0AB10634F0E05A4D41087D12C734FC80C650
          Function 011A678E Relevance: .0, Instructions: 27COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
          • Instruction ID: b351bd29d6caabb8543f537d2b3a96fe117f8451ee1fbe221c8e3ddaf6535fcc
          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
          • Instruction Fuzzy Hash: 2BE02632A00520FBDB2597998D05FABBEBCDFA0FA4F090064B600E70E8E630DE00C6D0
          Function 011D08C0 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
          • Instruction ID: f69a4265c35358688348e74b77187c38b10ef808354f32c1953f421c1d1e061d
          • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
          • Instruction Fuzzy Hash: 27E09B33A403509BCB299A1DC141A53BFE8DF99664F15806DEA0547612C331F842C6D0
          Function 011025E0 Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: d889b5ca7816c58fd48901e365f0631c6e31a8fdab11cb55ac42f4f4c2619591
          • Instruction ID: c09aa8dc24a094237a74ccd846973840086cbe2e22f14cb218725fdb6c16924b
          • Opcode Fuzzy Hash: d889b5ca7816c58fd48901e365f0631c6e31a8fdab11cb55ac42f4f4c2619591
          • Instruction Fuzzy Hash: DCE092321009549BC32ABB29DD01F8A779AEB64778F014529B12557194CB70A850C784
          Function 011BA456 Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
          • Instruction ID: 442769c554ee310c53e3944043ca9fe8fab3ebdd71109a369efeb27bbd7c7e1c
          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
          • Instruction Fuzzy Hash: 2DE01231011A51DFE73A6F2AE948B96BAE1BF50715F188C2DE19A124B4C7B998D1CA40
          Function 01184000 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
          • Instruction ID: 9e71b1644ed1f5585f835cbf7ec57b06e40ff3150649b4079299a5fa94449514
          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
          • Instruction Fuzzy Hash: 9EE0AE343003068BE719DF19C040BA37BA6BFD5A10F28C068A9488F605EB32A8438A40
          Function 0113CA38 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ac544f8c319a9fdc44a70954539d570849d37e102ce51bc2fb3edae14cdcc075
          • Instruction ID: b18d8fa216502bb5a88f1c6062e933d45c825aa74de161b7a0b8070ac038398a
          • Opcode Fuzzy Hash: ac544f8c319a9fdc44a70954539d570849d37e102ce51bc2fb3edae14cdcc075
          • Instruction Fuzzy Hash: E5D02B36481030AACB7DF1187C04F937A999BD5220F024872F108B2019E714CCD282C4
          Function 010F823B Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
          • Instruction ID: 412c426590a530ba228f804041b94e404f80444bd33a2bdea6dfdf39145a73a1
          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
          • Instruction Fuzzy Hash: F4E08C35014A10EFDB7A6E15EC01B9576A1FB54B64F20882EF186068A98770A8C2CA44
          Function 01102050 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1cfa7c0ed765f31cb83e5b0d60808edd6ceb090cc0b67e13f7e5c31ff93cbece
          • Instruction ID: 4ebc8eae4add9fd3e064d11cf59ae361931dc474b56fc627ff93572de215bc73
          • Opcode Fuzzy Hash: 1cfa7c0ed765f31cb83e5b0d60808edd6ceb090cc0b67e13f7e5c31ff93cbece
          • Instruction Fuzzy Hash: 44E08C321004506BC21AFA5DDD40F4A739AEBA5274F000126B160876D8CB60AC41C794
          Function 01138A90 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
          • Instruction ID: 9e6a002015539ed0a6444b0ecb941ce770cdf75fb537ce2490cc42b9a349b2a1
          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
          • Instruction Fuzzy Hash: 27E08633111A1487C72DDF18D511B7277A4EF85720F09473EA61387784C634E544C795
          Function 0113E59C Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
          • Instruction ID: b8c77534f691f704718f73b0b40248a76e0892b13b6551df7b4c179d115fee3c
          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
          • Instruction Fuzzy Hash: 92D0A932214620ABD736AA1CFC00FC373E8BB88734F06046AB018C7164C360AC82CA84
          Function 0117E908 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
          • Instruction ID: 487e329d1ee55e066f46bc4a21ed80be08921ad8ed5a5c18cd0e56533e16099a
          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
          • Instruction Fuzzy Hash: 1DE0EC369516849BDF1ADF59C640F5ABBF9BB94B40F150458A1085B664D724A901CB40
          Function 010FA0E3 Relevance: .0, Instructions: 15COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
          • Instruction ID: a3ea9d70552908c0cc7cd502ad26b708d7916b505a647f14b92d4729f16307f9
          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
          • Instruction Fuzzy Hash: E1D01232326071D7DB2956556914F67B955EF81AA4F1A006D760E93D04C5158C83D6E0
          Function 0113A830 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
          • Instruction ID: c6702673c9b8747fcd2056d0fa9b03720185c703fe4fdee041b8a05d0aca4950
          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
          • Instruction Fuzzy Hash: F4D022370E010CBBCB119F62CC01F907BA8E760BA0F004020B504870A0C63AE850C580
          Function 0113CA24 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 74b3e8dd7f0932fe7cbf5bb39369802fb621b9e62408ed33295d4bd680aa589e
          • Instruction ID: aacec20b3605d17df2e79441bec060d6e075e180fbe0c18667ccf26457321feb
          • Opcode Fuzzy Hash: 74b3e8dd7f0932fe7cbf5bb39369802fb621b9e62408ed33295d4bd680aa589e
          • Instruction Fuzzy Hash: 52D0C934A55502DBDF2FEF59CA14F6E7AB5FB54650B40007DE712A2628F3A9DC02CB90
          Function 011102A0 Relevance: .0, Instructions: 13COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
          • Instruction ID: 4bc4b789bb07799f6d2188fa93113d42c94ba884bed6a95a869cfe83005af758
          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
          • Instruction Fuzzy Hash: 7CD0C935612E80CFD71FCB0CC5A4B5573A8BB48B44F8144A0F401CBF26D72CE980CA00
          Function 0113C700 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
          • Instruction ID: ae3efec6caf60447e9f044dedf383aa39dcd9d3ddc07d01b1b4b30598175a204
          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
          • Instruction Fuzzy Hash: 63C01232150644AFC7159A95CD01F0177A9E798B50F000021F20447570D631E811D644
          Function 01120310 Relevance: .0, Instructions: 11COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
          • Instruction ID: e47745466a3957f027722f6d4b17a10b9972f6cdad2c5bc6e1882f8a5e759cbe
          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
          • Instruction Fuzzy Hash: 44D01236100248EFCB05DF41C890D9A772AFBD8710F108019FD19077108A31ED62DA90
          Function 01100750 Relevance: .0, Instructions: 9COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
          • Instruction ID: 18c96cc51dcc4a29469a63facee11ee8b5066af704e8d2d81c1e5ad9cae23eff
          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
          • Instruction Fuzzy Hash: A5C04C75B11541CFCF19DB19D294F49B7E4F744754F550890E855CB725E724E901CA10
          Function 01144340 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5a972c89839651a7137294d13c913189303a07e0e7ca42c4a185e4090757dd0b
          • Instruction ID: dd1a8ca09af5686b32deebb1b885fd22293e7e3298d446e00bb190457bfa248b
          • Opcode Fuzzy Hash: 5a972c89839651a7137294d13c913189303a07e0e7ca42c4a185e4090757dd0b
          • Instruction Fuzzy Hash: 95900231605800529284715989845464005A7E0301B55C011F4525554CCB148A565761
          Function 01144650 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 606cf66af8aa76c18e1649a9d97c8aefd37a862a27718cdef06729794d041431
          • Instruction ID: 56a2d393ab9c934cc25846fd775d6ef1fb9cd57e76f07cca9474adaaac2ab1ec
          • Opcode Fuzzy Hash: 606cf66af8aa76c18e1649a9d97c8aefd37a862a27718cdef06729794d041431
          • Instruction Fuzzy Hash: 56900261601500824284715989044066005A7E1301395C115B4655560CC71889559769
          Function 01142B80 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d5a39e4a5f929212bb85e1e6fc378f053cd6acc59f6fcbd12d3b706a2019b3b2
          • Instruction ID: c8991ed10757231d568d974fd435e27f7c576755f7537a8fe17a1b7cd6aa3ca6
          • Opcode Fuzzy Hash: d5a39e4a5f929212bb85e1e6fc378f053cd6acc59f6fcbd12d3b706a2019b3b2
          • Instruction Fuzzy Hash: 5A90023120140842D24871598904686000597D0301F55C011BA125655ED76589917631
          Function 01142BA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 525bca31cfdb2be49f25fe4e89bc4bf585c7be79c31d96d7c4c8b410e45ca830
          • Instruction ID: d13f49f930911f9be4aa7813a2ef6cc9e19566e37f62eb302b9d270d254b5d2f
          • Opcode Fuzzy Hash: 525bca31cfdb2be49f25fe4e89bc4bf585c7be79c31d96d7c4c8b410e45ca830
          • Instruction Fuzzy Hash: 2090023160540842D29471598514746000597D0301F55C011B4125654DC7558B557BA1
          Function 01142BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7b02c75a4040c4524f1a2d0fe1e692690b05c1be279845e24bd38f9adf66a1f0
          • Instruction ID: 19e0a5e4c103cdd1bf491cafbe108d2ecde507841e7f36ec1b5082ddf955d0b4
          • Opcode Fuzzy Hash: 7b02c75a4040c4524f1a2d0fe1e692690b05c1be279845e24bd38f9adf66a1f0
          • Instruction Fuzzy Hash: D590023120140842D2C47159850464A000597D1301F95C015B4126654DCB158B597BA1
          Function 01142BE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6b181da82cece71b6175d24ba86b8ac274e6ae0b61dfe0cafdb9820a7083b9c7
          • Instruction ID: 1d28bb7694b7f5605ac896ab9eb616b7bb188f8aaced4e48ccae7e16c1a4b1c4
          • Opcode Fuzzy Hash: 6b181da82cece71b6175d24ba86b8ac274e6ae0b61dfe0cafdb9820a7083b9c7
          • Instruction Fuzzy Hash: F290023120544882D28471598504A46001597D0305F55C011B4165694DD7258E55BB61
          Function 01142AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9e61b1f854905efb18a1518748402e86acb80350bae891fcbcf115278571b97a
          • Instruction ID: bdab0e2ad91629e75a6f25d365129298159e6363ed3d355611bde337074782dd
          • Opcode Fuzzy Hash: 9e61b1f854905efb18a1518748402e86acb80350bae891fcbcf115278571b97a
          • Instruction Fuzzy Hash: E09002A1201540D24644B259C504B0A450597E0201B55C016F5155560CC62589519635
          Function 01142AD0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 625676495d9c30f2490b08deb6362c66b9110839ce9a4372c5072946f2b7ea45
          • Instruction ID: 90088e61a7f81a258cf0089c22f627727ddcac1952e9718ef0d1508beb901324
          • Opcode Fuzzy Hash: 625676495d9c30f2490b08deb6362c66b9110839ce9a4372c5072946f2b7ea45
          • Instruction Fuzzy Hash: 1190043531140043034DF55D47045070047D7D5351355C031F5117550CD731CD715731
          Function 01142AF0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 46a72cabb927d9e002215a2c375cda0dea3a37bd3a081cea5c1b09e091db1b90
          • Instruction ID: 495315903ff5226c47ac7380e96e7ff115bfaae1b2acaea0840e52888278e507
          • Opcode Fuzzy Hash: 46a72cabb927d9e002215a2c375cda0dea3a37bd3a081cea5c1b09e091db1b90
          • Instruction Fuzzy Hash: 01900225221400420289B559470450B0445A7D6351395C015F5517590CC72189655721
          Function 01142D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 29bed35ff5857e71ae1d64a3446f8766ffae59ecb02cec37b012b31ed8c29afd
          • Instruction ID: 584fd872d516efbba17e4d8d1e7c8da3806ccafe10ac59ae3101f458b43a0752
          • Opcode Fuzzy Hash: 29bed35ff5857e71ae1d64a3446f8766ffae59ecb02cec37b012b31ed8c29afd
          • Instruction Fuzzy Hash: 2D90022921340042D2C47159950860A000597D1202F95D415B4116558CCA1589695721
          Function 01142D00 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5f037fbd25aa585f47ade388c2da2af24503cf6d3803fbb71f4c9accdbf33aab
          • Instruction ID: 96fcef88b9b4c1ff9089a05c889ebe0645556a0ca75eb5c594d19c9545cf87fc
          • Opcode Fuzzy Hash: 5f037fbd25aa585f47ade388c2da2af24503cf6d3803fbb71f4c9accdbf33aab
          • Instruction Fuzzy Hash: B790022120544482D24475599508A06000597D0205F55D011B5165595DC7358951A631
          Function 01142D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c5026e6de9e9499bbf4bc83eb3a31c5c54a8bb605dfd14026035048b39a18a4e
          • Instruction ID: 68273f455a29c3f3da529ea62a69c31155f5749fa79073da48445662c1a2ae31
          • Opcode Fuzzy Hash: c5026e6de9e9499bbf4bc83eb3a31c5c54a8bb605dfd14026035048b39a18a4e
          • Instruction Fuzzy Hash: C190022130140043D284715995186064005E7E1301F55D011F4515554CDA1589565722
          Function 01142DB0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 50908b6510957c86559a2f1a22eb0ddd6db7c2d2d37e2f78480681b20484631a
          • Instruction ID: d7dcf821e8a2139c21a390554acf1f53d66f6c69f7a856ce586469429bbaf126
          • Opcode Fuzzy Hash: 50908b6510957c86559a2f1a22eb0ddd6db7c2d2d37e2f78480681b20484631a
          • Instruction Fuzzy Hash: 7290023124140442D285715985046060009A7D0241F95C012B4525554EC7558B56AF61
          Function 01142DD0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 663c670d4e22cee0654bc042084f92427df091bf726025c3b66d0f85e5b8a3b8
          • Instruction ID: 442c96b9c3fcd4c75a9d3bcf323c7e78122cc99672fffa7eb620ca3a59a070d3
          • Opcode Fuzzy Hash: 663c670d4e22cee0654bc042084f92427df091bf726025c3b66d0f85e5b8a3b8
          • Instruction Fuzzy Hash: 02900221242441925689B15985045074006A7E0241795C012B5515950CC6269956DB21
          Function 01142C60 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 68c7f10c9127144e011a57260534c9446aad7c622166e4dcb22dedfe4f887bac
          • Instruction ID: 85caf7b2095434fcb83ed4f08c06ff31cd938de10b0636c6e10d3a07435a8ca0
          • Opcode Fuzzy Hash: 68c7f10c9127144e011a57260534c9446aad7c622166e4dcb22dedfe4f887bac
          • Instruction Fuzzy Hash: E090023120140882D24471598504B46000597E0301F55C016B4225654DC715C9517A21
          Function 01142CA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 489519f27e141c66b9631a70fe70e796b30935e391434cc40866fef289846524
          • Instruction ID: c9a868ab5721901ce2e2ea7d655d90d899395e73d7e8e2c220d9296d62d9510c
          • Opcode Fuzzy Hash: 489519f27e141c66b9631a70fe70e796b30935e391434cc40866fef289846524
          • Instruction Fuzzy Hash: 4590023120140442D24475999508646000597E0301F55D011B9125555EC76589916631
          Function 01142CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 67c356b0c2bc7695946ec3a5912ffdb8bf77cfd5c6ac80182188c1b325a34fbf
          • Instruction ID: b198bc6b1ac81a76394f101acb99e007b8ac0e2f0d9492ff00a07eb8cab39e1f
          • Opcode Fuzzy Hash: 67c356b0c2bc7695946ec3a5912ffdb8bf77cfd5c6ac80182188c1b325a34fbf
          • Instruction Fuzzy Hash: 6A90022160540442D28471599518706001597D0201F55D011B4125554DC7598B556BA1
          Function 01142CF0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7b201ab524538c255e6f7a8d089c72bb3ae6711c2dcf41a0d9399cd5a25b4dab
          • Instruction ID: c6aadf802e734d4e6b363f2d8557056abfacb722bb0c4de7eb94575a65eadb99
          • Opcode Fuzzy Hash: 7b201ab524538c255e6f7a8d089c72bb3ae6711c2dcf41a0d9399cd5a25b4dab
          • Instruction Fuzzy Hash: DA90043130140443D344715DD70C7070005D7D0301F55D411F453555CDD757CD517731
          Function 01142F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2dd4812b0c3f56a2b9764ba945ec0018ad7ab40b65dda838f94125308db2378e
          • Instruction ID: 396767f888f28cb084607045fafc111d3011d524e5a59084607ac4cf72f0d03a
          • Opcode Fuzzy Hash: 2dd4812b0c3f56a2b9764ba945ec0018ad7ab40b65dda838f94125308db2378e
          • Instruction Fuzzy Hash: BC90026134140482D24471598514B060005D7E1301F55C015F5165554DC719CD526626
          Function 01142F60 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d33d6a5f24b2ef8da807b10e0b6de3e225cb3b1077258bceecef2bfabe55cd5e
          • Instruction ID: d73440d6a9ffb69fa44b0b41dc483e71118b1703360ffdf9d40cad9166a71dfe
          • Opcode Fuzzy Hash: d33d6a5f24b2ef8da807b10e0b6de3e225cb3b1077258bceecef2bfabe55cd5e
          • Instruction Fuzzy Hash: 0490026121140082D24871598504706004597E1201F55C012B6255554CC6298D615625
          Function 01142F90 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cb715fddcfbf12e476b20924c77611eda25f205acb606e383349a719ab007df4
          • Instruction ID: a8aeeea20942779b2cb745e65a4fdb90ddaccdf7f76e933ff9271b1eeffb0ea0
          • Opcode Fuzzy Hash: cb715fddcfbf12e476b20924c77611eda25f205acb606e383349a719ab007df4
          • Instruction Fuzzy Hash: BE90023120180442D2447159891470B000597D0302F55C011B5265555DC72589516A71
          Function 01142FB0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 63afd81fba74639d0492a0bcd7aad9af491cd6e0eb159b84ee76f0435b5b9f8d
          • Instruction ID: 1939bd4150b2e081c762025b04a3b126015e8ee568b5ee5ebd2388de3e673889
          • Opcode Fuzzy Hash: 63afd81fba74639d0492a0bcd7aad9af491cd6e0eb159b84ee76f0435b5b9f8d
          • Instruction Fuzzy Hash: 179002216014008242847169C9449064005BBE1211755C121B4A99550DC65989655B65
          Function 01142FA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aca86ade46025868f38c0b2b24e5ddb7e083c8f44a69dec4e10a663ffd00d9da
          • Instruction ID: 08ab93ad939f61df3eb0ec46a2b34f87a3274d1666c47ff3827253742582ec8c
          • Opcode Fuzzy Hash: aca86ade46025868f38c0b2b24e5ddb7e083c8f44a69dec4e10a663ffd00d9da
          • Instruction Fuzzy Hash: B190023120180442D24471598908747000597D0302F55C011B9265555EC765C9916A31
          Function 01142FE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b9ff61395e40d4dc17401cefda55e5874e4eae20893b1269503b8b5cebde49f4
          • Instruction ID: ab8329759e9f44ecd44d17e9f9b5f9427167d7a9ced3ee1a24774c220a54971f
          • Opcode Fuzzy Hash: b9ff61395e40d4dc17401cefda55e5874e4eae20893b1269503b8b5cebde49f4
          • Instruction Fuzzy Hash: 2B900221211C0082D34475698D14B07000597D0303F55C115B4255554CCA1589615A21
          Function 01142E30 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d83b8e971b92eb5f0d2f41e0c12a50b5d2d0937a258a7005b25d3dd2a3269d8d
          • Instruction ID: c06cb44186a60812643bab7c3a28737653455fea1331d9402d5bbd67882a5681
          • Opcode Fuzzy Hash: d83b8e971b92eb5f0d2f41e0c12a50b5d2d0937a258a7005b25d3dd2a3269d8d
          • Instruction Fuzzy Hash: 7790022130140442D246715985146060009D7D1345F95C012F5525555DC7258A53A632
          Function 01142E80 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4aff97bb948975ee2324d2a0bd59e512b60a532fdcde1a937303d4481e0026cf
          • Instruction ID: b6de10238d41a75304dc2ec1a46b0de736a15c415c709fff7b455941c66ebb63
          • Opcode Fuzzy Hash: 4aff97bb948975ee2324d2a0bd59e512b60a532fdcde1a937303d4481e0026cf
          • Instruction Fuzzy Hash: 6190022160140542D24571598504616000A97D0241F95C022B5125555ECB258A92A631
          Function 01142EA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4711f94f9984e5a9b5a4246d9b0e20cb0b219764990ada7f50918ec06d5f4658
          • Instruction ID: 5d6a3441e414a4e4c55f0dc8982af58f86585b23ef9ef5742d25eba54bc4c03b
          • Opcode Fuzzy Hash: 4711f94f9984e5a9b5a4246d9b0e20cb0b219764990ada7f50918ec06d5f4658
          • Instruction Fuzzy Hash: D790027120140442D28471598504746000597D0301F55C011B9165554EC7598ED56B65
          Function 01142EE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 557806072297851b67b7f1381cf75eb5d412c4b5f437e83f03b49c2a8d07fa95
          • Instruction ID: 95d9a0a0faa6a1761466a5f18414c51a6c9ea1fc1c0059d14f6a14b1de26f43a
          • Opcode Fuzzy Hash: 557806072297851b67b7f1381cf75eb5d412c4b5f437e83f03b49c2a8d07fa95
          • Instruction Fuzzy Hash: 6590026120180443D28475598904607000597D0302F55C011B6165555ECB298D516635
          Function 01143010 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 31d8127e07027725c1e2f86fa58cd4fa1bd2a9bcd1b1e5e9d39aa6b888c1a090
          • Instruction ID: 8919e6f4564739e942c6d6d8480cb097cad5d9f1e9d392ba7baf544942104474
          • Opcode Fuzzy Hash: 31d8127e07027725c1e2f86fa58cd4fa1bd2a9bcd1b1e5e9d39aa6b888c1a090
          • Instruction Fuzzy Hash: F190022120184482D28472598904B0F410597E1202F95C019B8257554CCA1589555B21
          Function 01143090 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 67548db5667262d7340767dabd670e694bb79a3144ea05f0c2232806d38927da
          • Instruction ID: 03ca3d4526d432cda6b6fbf3b1bef21d2c7992b8c7367f9471388c3da6188b40
          • Opcode Fuzzy Hash: 67548db5667262d7340767dabd670e694bb79a3144ea05f0c2232806d38927da
          • Instruction Fuzzy Hash: 6090022124140842D2847159C5147070006D7D0601F55C011B4125554DC7168A656BB1
          Function 011439B0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6bfae05ecb8c1e4b20c7ef55aa4cc8b43e9b5e73a9bdba8eb60570299538d918
          • Instruction ID: b1d7b93b38f68974beded4e29cc287269dce8b692827e329286a1bc17c121b78
          • Opcode Fuzzy Hash: 6bfae05ecb8c1e4b20c7ef55aa4cc8b43e9b5e73a9bdba8eb60570299538d918
          • Instruction Fuzzy Hash: DD90022124545142D294715D85046164005B7E0201F55C021B4915594DC65589556721
          Function 01142C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
          • Instruction ID: 95d71ea93b97971d4c628585624557967cba44245bbc6b0d2c6a21d630ac6304
          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
          • Instruction Fuzzy Hash:
          Function 01142890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
          • API String ID: 48624451-2108815105
          • Opcode ID: 99bc65fdfc22ca79064101d4aed4d68c25249ad50e6686c22a62a148fbe51be2
          • Instruction ID: c4091470a68c1f0be83a02b88911ea8224b695ea767a7f823b6cc0dc5904f190
          • Opcode Fuzzy Hash: 99bc65fdfc22ca79064101d4aed4d68c25249ad50e6686c22a62a148fbe51be2
          • Instruction Fuzzy Hash: 1451D7B5A00217BFDB29DB9CD89097EFBB8BF086407148229F5A5D7641E374DE408BA0
          Function 011B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
          • API String ID: 48624451-2108815105
          • Opcode ID: a1ed070df7852c554aed02d8740047bb5df098bd0810747054a3ccbf36ae01ff
          • Instruction ID: d953620f9b262c5c7ce61a39c2bd056c33141156cea1656f0471195d9b99b99d
          • Opcode Fuzzy Hash: a1ed070df7852c554aed02d8740047bb5df098bd0810747054a3ccbf36ae01ff
          • Instruction Fuzzy Hash: 4E51E571A04645AECB38DE9DC8D09FFBBF8EB48204B048459E5D6D7A41E7B8FA44C760
          Function 01137630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
          Download Yara Rule
          Strings
          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01174725
          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011746FC
          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01174655
          • ExecuteOptions, xrefs: 011746A0
          • Execute=1, xrefs: 01174713
          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01174742
          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01174787
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
          • API String ID: 0-484625025
          • Opcode ID: 8899e16a9543817fac7cb45126fd2ee974e0bf1696d54c63cb7e4d764bb20966
          • Instruction ID: 067e17d7990df78b5d3d03ae5473de7a4c6148cd307b3a15995640c56eaa52a8
          • Opcode Fuzzy Hash: 8899e16a9543817fac7cb45126fd2ee974e0bf1696d54c63cb7e4d764bb20966
          • Instruction Fuzzy Hash: 395139B1A0021A7BEF1DABA9DC99FA977B8EF54704F0400ADE605AB1C0D7709A41CF51
          Function 011D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
          • Instruction ID: b11eb4ca5fd093620b883afa2a7339f26b08b246bca2c2ffa682382d94513044
          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
          • Instruction Fuzzy Hash: D3021671508342AFD709DF18C890A6FBBE5EFC8718F44892DFA894B264DB31E945CB52
          Function 0114B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: __aulldvrm
          • String ID: +$-$0$0
          • API String ID: 1302938615-699404926
          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
          • Instruction ID: fe0ebba4acb43aaa116725e86e7d04ba91347b08e6552120f6dc7bc0496cecd2
          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
          • Instruction Fuzzy Hash: 0B818D70A0924A9FEF2DCF6CC8917FEBBA2AF45B20F184159D861A72D1C734D8418B59
          Function 011B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: %%%u$[$]:%u
          • API String ID: 48624451-2819853543
          • Opcode ID: 8a12ddf2b3566c786fc39c333225da38f5ed62bb37022ca87c7a2f6572a4fffb
          • Instruction ID: 7d8f5adf95a430735085d387e45cc4d502377805fb007f00a4216e1b3bfe311c
          • Opcode Fuzzy Hash: 8a12ddf2b3566c786fc39c333225da38f5ed62bb37022ca87c7a2f6572a4fffb
          • Instruction Fuzzy Hash: 8121777AA00119ABDB14DF79DC80AFEBBF8EF54654F04011AEE15D7200E730E9068BA1
          Function 0112F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
          Download Yara Rule
          Strings
          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011702E7
          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011702BD
          • RTL: Re-Waiting, xrefs: 0117031E
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
          • API String ID: 0-2474120054
          • Opcode ID: 6280860ce52b0dfdd55c097c1a234916f2a3d63614bd2e364b6610dbdcc446d2
          • Instruction ID: 5078296f426f8f9de4108b5daaaebbaa6c981b4cfffad1c03e9237fe069ea531
          • Opcode Fuzzy Hash: 6280860ce52b0dfdd55c097c1a234916f2a3d63614bd2e364b6610dbdcc446d2
          • Instruction Fuzzy Hash: CBE1AB316087529FD72DCF28C884B2ABBF0AB89724F144A2DF5A58B3D1D774D856CB42
          Function 0113B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          APIs
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0117728C
          Strings
          • RTL: Resource at %p, xrefs: 011772A3
          • RTL: Re-Waiting, xrefs: 011772C1
          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01177294
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
          • API String ID: 885266447-605551621
          • Opcode ID: 9c8d92e1b50014c07a0d764fb28de8232d94e80cc55f1fd1f98a5c56c617412a
          • Instruction ID: 46443e4620bb60436479b58316b1e60364533200a68318e7f7b8bf6863cc1bd3
          • Opcode Fuzzy Hash: 9c8d92e1b50014c07a0d764fb28de8232d94e80cc55f1fd1f98a5c56c617412a
          • Instruction Fuzzy Hash: 2E410331704202ABC728DE29CC45F6AB7B5FF94714F104A19F965EB380EB30E8468BD5
          Function 011B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: %%%u$]:%u
          • API String ID: 48624451-3050659472
          • Opcode ID: a16c7648dd5ca1b698310a72adbdff18226f3966242d7880bb1b45433d917c34
          • Instruction ID: 354de0d5d23ad8e2bbf8bbee5371fca43cad0a6f35bbb6ffd83fa1f6c1685a65
          • Opcode Fuzzy Hash: a16c7648dd5ca1b698310a72adbdff18226f3966242d7880bb1b45433d917c34
          • Instruction Fuzzy Hash: 62319A726012199FDB24DF2DCC80BEE77F8EF48614F440559E949D3100EB30AA498B60
          Function 01109126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID:
          • String ID: $$@
          • API String ID: 0-1194432280
          • Opcode ID: 0cca8a5570251be606454a49dea01871ecfe36d1512397686da4a4cf5ed64797
          • Instruction ID: c9399d2679ce112a74a29f8e0e64d0fc4f759bd6c6f3e3b400b29f60060ddb17
          • Opcode Fuzzy Hash: 0cca8a5570251be606454a49dea01871ecfe36d1512397686da4a4cf5ed64797
          • Instruction Fuzzy Hash: 65811B71D012699BDB399B54CC54BEAB6B8AF08754F0041EAEA1DB7280D7715E84CFA0
          Function 0118CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
          Download Yara Rule
          APIs
          • @_EH4_CallFilterFunc@8.LIBCMT ref: 0118CFBD
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_10d0000_tZz1Ogtr2C.jbxd
          Similarity
          • API ID: CallFilterFunc@8
          • String ID: @$@4Qw@4Qw
          • API String ID: 4062629308-2383119779
          • Opcode ID: a738f54e5824562e00a8d5a9045f56887ff0b6822799abf8621c58159d7f742a
          • Instruction ID: bde9166e94ce92d89b954fd46cb52400de73dfb2cd5314d9a2e15255a1034774
          • Opcode Fuzzy Hash: a738f54e5824562e00a8d5a9045f56887ff0b6822799abf8621c58159d7f742a
          • Instruction Fuzzy Hash: 2841A371900215DFDB29AF99D840AADFBB4FF55B14F10812EE915EB254D730D841CF61