Edit tour

Windows Analysis Report
qWfJQYqN3A.exe

Overview

General Information

Sample name:	qWfJQYqN3A.exe renamed because original name is a hash value
Original sample name:	6af24339176b4c8fce1bc2993921f81e01940291fe6fe376a73d66001816c977.exe
Analysis ID:	1530784
MD5:	118bc45382ad2e22899c16c44627aeb5
SHA1:	8f65ceea44c16c2614735bf264060836ca020af9
SHA256:	6af24339176b4c8fce1bc2993921f81e01940291fe6fe376a73d66001816c977
Tags:	exeuser-adrian__luca
Infos:

Detection

FormBook

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected FormBook

AI detected suspicious sample

Machine Learning detection for sample

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Detected potential crypto function

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file does not import any functions

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

qWfJQYqN3A.exe (PID: 7552 cmdline: "C:\Users\user\Desktop\qWfJQYqN3A.exe" MD5: 118BC45382AD2E22899C16C44627AEB5)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e123:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x16232:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.2114857461.0000000001700000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2114857461.0000000001700000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2be30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13f3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.qWfJQYqN3A.exe.a60000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0.2.qWfJQYqN3A.exe.a60000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e323:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x16432:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: qWfJQYqN3A.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: qWfJQYqN3A.exe

ReversingLabs: Detection: 60%

Yara detected FormBook

Source: Yara match	File source: 0.2.qWfJQYqN3A.exe.a60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2114857461.0000000001700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: qWfJQYqN3A.exe

Joe Sandbox ML: detected

Source: qWfJQYqN3A.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: qWfJQYqN3A.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: qWfJQYqN3A.exe, 00000000.00000003.1779254805.000000000167E000.00000004.00000020.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000002.2114902781.00000000019CE000.00000040.00001000.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000003.1777276249.00000000014C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: qWfJQYqN3A.exe, qWfJQYqN3A.exe, 00000000.00000003.1779254805.000000000167E000.00000004.00000020.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000002.2114902781.00000000019CE000.00000040.00001000.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000003.1777276249.00000000014C5000.00000004.00000020.00020000.00000000.sdmp

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 0.2.qWfJQYqN3A.exe.a60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2114857461.0000000001700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.qWfJQYqN3A.exe.a60000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2114857461.0000000001700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A8C413 NtClose,	0_2_00A8C413
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2B60 NtClose,LdrInitializeThunk,	0_2_018A2B60
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2DF0 NtQuerySystemInformation,LdrInitializeThunk,	0_2_018A2DF0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2C70 NtFreeVirtualMemory,LdrInitializeThunk,	0_2_018A2C70
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A35C0 NtCreateMutant,LdrInitializeThunk,	0_2_018A35C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A4340 NtSetContextThread,	0_2_018A4340
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A4650 NtSuspendThread,	0_2_018A4650
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2B80 NtQueryInformationFile,	0_2_018A2B80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2BA0 NtEnumerateValueKey,	0_2_018A2BA0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2BE0 NtQueryValueKey,	0_2_018A2BE0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2BF0 NtAllocateVirtualMemory,	0_2_018A2BF0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2AB0 NtWaitForSingleObject,	0_2_018A2AB0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2AD0 NtReadFile,	0_2_018A2AD0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2AF0 NtWriteFile,	0_2_018A2AF0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2DB0 NtEnumerateKey,	0_2_018A2DB0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2DD0 NtDelayExecution,	0_2_018A2DD0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2D00 NtSetInformationFile,	0_2_018A2D00
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2D10 NtMapViewOfSection,	0_2_018A2D10
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2D30 NtUnmapViewOfSection,	0_2_018A2D30
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2CA0 NtQueryInformationToken,	0_2_018A2CA0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2CC0 NtQueryVirtualMemory,	0_2_018A2CC0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2CF0 NtOpenProcess,	0_2_018A2CF0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2C00 NtQueryInformationProcess,	0_2_018A2C00
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2C60 NtCreateKey,	0_2_018A2C60
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2F90 NtProtectVirtualMemory,	0_2_018A2F90
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2FA0 NtQuerySection,	0_2_018A2FA0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2FB0 NtResumeThread,	0_2_018A2FB0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2FE0 NtCreateFile,	0_2_018A2FE0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2F30 NtCreateSection,	0_2_018A2F30
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2F60 NtCreateProcessEx,	0_2_018A2F60
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2E80 NtReadVirtualMemory,	0_2_018A2E80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2EA0 NtAdjustPrivilegesToken,	0_2_018A2EA0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2EE0 NtQueueApcThread,	0_2_018A2EE0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2E30 NtWriteVirtualMemory,	0_2_018A2E30
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A3090 NtSetValueKey,	0_2_018A3090
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A3010 NtOpenDirectoryObject,	0_2_018A3010
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A39B0 NtGetContextThread,	0_2_018A39B0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A3D10 NtOpenProcessToken,	0_2_018A3D10
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A3D70 NtOpenThread,	0_2_018A3D70

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A63050	0_2_00A63050
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A8EA13	0_2_00A8EA13
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A6FC33	0_2_00A6FC33
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A62430	0_2_00A62430
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A765A3	0_2_00A765A3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A7659E	0_2_00A7659E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A6DED3	0_2_00A6DED3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A6FE53	0_2_00A6FE53
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019301AA	0_2_019301AA
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019281CC	0_2_019281CC
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01860100	0_2_01860100
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190A118	0_2_0190A118
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F8158	0_2_018F8158
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01902000	0_2_01902000
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019303E6	0_2_019303E6
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187E3F0	0_2_0187E3F0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192A352	0_2_0192A352
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F02C0	0_2_018F02C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01930591	0_2_01930591
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870535	0_2_01870535
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0191E4F6	0_2_0191E4F6
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01914420	0_2_01914420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01922446	0_2_01922446
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186C7C0	0_2_0186C7C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01894750	0_2_01894750
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188C6E0	0_2_0188C6E0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0193A9A6	0_2_0193A9A6
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01886962	0_2_01886962
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018568B8	0_2_018568B8
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E8F0	0_2_0189E8F0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01872840	0_2_01872840
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187A840	0_2_0187A840
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01926BD7	0_2_01926BD7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192AB40	0_2_0192AB40
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186EA80	0_2_0186EA80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01888DBF	0_2_01888DBF
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186ADE0	0_2_0186ADE0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187AD00	0_2_0187AD00
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190CD1F	0_2_0190CD1F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910CB5	0_2_01910CB5
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01860CF2	0_2_01860CF2
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870C00	0_2_01870C00
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EEFA0	0_2_018EEFA0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01862FC8	0_2_01862FC8
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187CFE0	0_2_0187CFE0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01912F30	0_2_01912F30
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018B2F28	0_2_018B2F28
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01890F30	0_2_01890F30
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E4F40	0_2_018E4F40
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192CE93	0_2_0192CE93
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01882E90	0_2_01882E90
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192EEDB	0_2_0192EEDB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192EE26	0_2_0192EE26
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870E59	0_2_01870E59
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187B1B0	0_2_0187B1B0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A516C	0_2_018A516C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185F172	0_2_0185F172
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0193B16B	0_2_0193B16B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018770C0	0_2_018770C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0191F0CC	0_2_0191F0CC
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192F0E0	0_2_0192F0E0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019270E9	0_2_019270E9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018B739A	0_2_018B739A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192132D	0_2_0192132D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185D34C	0_2_0185D34C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018752A0	0_2_018752A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188B2C0	0_2_0188B2C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019112ED	0_2_019112ED
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190D5B0	0_2_0190D5B0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01927571	0_2_01927571
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192F43F	0_2_0192F43F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01861460	0_2_01861460
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192F7B0	0_2_0192F7B0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019216CC	0_2_019216CC
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01905910	0_2_01905910
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01879950	0_2_01879950
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188B950	0_2_0188B950
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018738E0	0_2_018738E0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DD800	0_2_018DD800
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188FB80	0_2_0188FB80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018ADBF9	0_2_018ADBF9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E5BF0	0_2_018E5BF0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192FB76	0_2_0192FB76
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018B5AA0	0_2_018B5AA0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01911AA3	0_2_01911AA3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190DAAC	0_2_0190DAAC
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0191DAC6	0_2_0191DAC6
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01927A46	0_2_01927A46
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192FA49	0_2_0192FA49
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E3A6C	0_2_018E3A6C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188FDC0	0_2_0188FDC0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01873D40	0_2_01873D40
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01921D5A	0_2_01921D5A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01927D73	0_2_01927D73
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192FCF2	0_2_0192FCF2
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E9C32	0_2_018E9C32
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01871F92	0_2_01871F92
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192FFB1	0_2_0192FFB1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192FF09	0_2_0192FF09
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01879EB0	0_2_01879EB0

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: String function: 018A5130 appears 58 times
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: String function: 018EF290 appears 105 times
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: String function: 018DEA12 appears 86 times
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: String function: 018B7E54 appears 102 times
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: String function: 0185B970 appears 277 times

Source: qWfJQYqN3A.exe

Static PE information: No import functions for PE file found

Source: qWfJQYqN3A.exe, 00000000.00000002.2114902781.0000000001B01000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs qWfJQYqN3A.exe
Source: qWfJQYqN3A.exe, 00000000.00000003.1777276249.00000000015E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs qWfJQYqN3A.exe
Source: qWfJQYqN3A.exe, 00000000.00000003.1779254805.00000000017AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs qWfJQYqN3A.exe

Source: qWfJQYqN3A.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.qWfJQYqN3A.exe.a60000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2114857461.0000000001700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: qWfJQYqN3A.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: qWfJQYqN3A.exe

Static PE information: Section .text

Source: classification engine

Classification label: mal80.troj.winEXE@1/0@0/0

Source: qWfJQYqN3A.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: qWfJQYqN3A.exe

ReversingLabs: Detection: 60%

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe

Section loaded: apphelp.dll

Jump to behavior

Source: qWfJQYqN3A.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: qWfJQYqN3A.exe, 00000000.00000003.1779254805.000000000167E000.00000004.00000020.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000002.2114902781.00000000019CE000.00000040.00001000.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000003.1777276249.00000000014C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: qWfJQYqN3A.exe, qWfJQYqN3A.exe, 00000000.00000003.1779254805.000000000167E000.00000004.00000020.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000002.2114902781.00000000019CE000.00000040.00001000.00020000.00000000.sdmp, qWfJQYqN3A.exe, 00000000.00000003.1777276249.00000000014C5000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A72090 push ebp; retf	0_2_00A72091
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A6B050 push ds; iretd	0_2_00A6B051
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A632F0 push eax; ret	0_2_00A632F2
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A763DE push ebp; iretd	0_2_00A763DF
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A76313 push esp; iretd	0_2_00A7631F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A6AB52 push eax; ret	0_2_00A6AB53
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A6CDE6 push edx; iretd	0_2_00A6CDE7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_00A7567D push es; iretd	0_2_00A7569D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018609AD push ecx; mov dword ptr [esp], ecx	0_2_018609B6

Source: qWfJQYqN3A.exe

Static PE information: section name: .text entropy: 7.995044797616875

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe

Code function: 0_2_018A096E rdtsc

0_2_018A096E

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe

API coverage: 0.7 %

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe TID: 7556

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe

Code function: 0_2_018A096E rdtsc

0_2_018A096E

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe

Code function: 0_2_00A77553 LdrLoadDll,

0_2_00A77553

Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A0185 mov eax, dword ptr fs:[00000030h]	0_2_018A0185
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01904180 mov eax, dword ptr fs:[00000030h]	0_2_01904180
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01904180 mov eax, dword ptr fs:[00000030h]	0_2_01904180
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E019F mov eax, dword ptr fs:[00000030h]	0_2_018E019F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E019F mov eax, dword ptr fs:[00000030h]	0_2_018E019F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E019F mov eax, dword ptr fs:[00000030h]	0_2_018E019F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E019F mov eax, dword ptr fs:[00000030h]	0_2_018E019F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185A197 mov eax, dword ptr fs:[00000030h]	0_2_0185A197
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185A197 mov eax, dword ptr fs:[00000030h]	0_2_0185A197
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185A197 mov eax, dword ptr fs:[00000030h]	0_2_0185A197
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0191C188 mov eax, dword ptr fs:[00000030h]	0_2_0191C188
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0191C188 mov eax, dword ptr fs:[00000030h]	0_2_0191C188
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019261C3 mov eax, dword ptr fs:[00000030h]	0_2_019261C3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019261C3 mov eax, dword ptr fs:[00000030h]	0_2_019261C3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE1D0 mov eax, dword ptr fs:[00000030h]	0_2_018DE1D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE1D0 mov eax, dword ptr fs:[00000030h]	0_2_018DE1D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE1D0 mov ecx, dword ptr fs:[00000030h]	0_2_018DE1D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE1D0 mov eax, dword ptr fs:[00000030h]	0_2_018DE1D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE1D0 mov eax, dword ptr fs:[00000030h]	0_2_018DE1D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018901F8 mov eax, dword ptr fs:[00000030h]	0_2_018901F8
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019361E5 mov eax, dword ptr fs:[00000030h]	0_2_019361E5
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01920115 mov eax, dword ptr fs:[00000030h]	0_2_01920115
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190A118 mov ecx, dword ptr fs:[00000030h]	0_2_0190A118
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190A118 mov eax, dword ptr fs:[00000030h]	0_2_0190A118
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190A118 mov eax, dword ptr fs:[00000030h]	0_2_0190A118
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190A118 mov eax, dword ptr fs:[00000030h]	0_2_0190A118
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E10E mov eax, dword ptr fs:[00000030h]	0_2_0190E10E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E10E mov ecx, dword ptr fs:[00000030h]	0_2_0190E10E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E10E mov eax, dword ptr fs:[00000030h]	0_2_0190E10E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E10E mov eax, dword ptr fs:[00000030h]	0_2_0190E10E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E10E mov ecx, dword ptr fs:[00000030h]	0_2_0190E10E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E10E mov eax, dword ptr fs:[00000030h]	0_2_0190E10E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E10E mov eax, dword ptr fs:[00000030h]	0_2_0190E10E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E10E mov ecx, dword ptr fs:[00000030h]	0_2_0190E10E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E10E mov eax, dword ptr fs:[00000030h]	0_2_0190E10E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E10E mov ecx, dword ptr fs:[00000030h]	0_2_0190E10E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01890124 mov eax, dword ptr fs:[00000030h]	0_2_01890124
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F4144 mov eax, dword ptr fs:[00000030h]	0_2_018F4144
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F4144 mov eax, dword ptr fs:[00000030h]	0_2_018F4144
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F4144 mov ecx, dword ptr fs:[00000030h]	0_2_018F4144
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F4144 mov eax, dword ptr fs:[00000030h]	0_2_018F4144
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F4144 mov eax, dword ptr fs:[00000030h]	0_2_018F4144
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01866154 mov eax, dword ptr fs:[00000030h]	0_2_01866154
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01866154 mov eax, dword ptr fs:[00000030h]	0_2_01866154
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185C156 mov eax, dword ptr fs:[00000030h]	0_2_0185C156
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F8158 mov eax, dword ptr fs:[00000030h]	0_2_018F8158
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186208A mov eax, dword ptr fs:[00000030h]	0_2_0186208A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F80A8 mov eax, dword ptr fs:[00000030h]	0_2_018F80A8
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019260B8 mov eax, dword ptr fs:[00000030h]	0_2_019260B8
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019260B8 mov ecx, dword ptr fs:[00000030h]	0_2_019260B8
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E20DE mov eax, dword ptr fs:[00000030h]	0_2_018E20DE
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185A0E3 mov ecx, dword ptr fs:[00000030h]	0_2_0185A0E3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E60E0 mov eax, dword ptr fs:[00000030h]	0_2_018E60E0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018680E9 mov eax, dword ptr fs:[00000030h]	0_2_018680E9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185C0F0 mov eax, dword ptr fs:[00000030h]	0_2_0185C0F0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A20F0 mov ecx, dword ptr fs:[00000030h]	0_2_018A20F0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E4000 mov ecx, dword ptr fs:[00000030h]	0_2_018E4000
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01902000 mov eax, dword ptr fs:[00000030h]	0_2_01902000
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01902000 mov eax, dword ptr fs:[00000030h]	0_2_01902000
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01902000 mov eax, dword ptr fs:[00000030h]	0_2_01902000
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01902000 mov eax, dword ptr fs:[00000030h]	0_2_01902000
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01902000 mov eax, dword ptr fs:[00000030h]	0_2_01902000
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01902000 mov eax, dword ptr fs:[00000030h]	0_2_01902000
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01902000 mov eax, dword ptr fs:[00000030h]	0_2_01902000
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01902000 mov eax, dword ptr fs:[00000030h]	0_2_01902000
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187E016 mov eax, dword ptr fs:[00000030h]	0_2_0187E016
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187E016 mov eax, dword ptr fs:[00000030h]	0_2_0187E016
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187E016 mov eax, dword ptr fs:[00000030h]	0_2_0187E016
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187E016 mov eax, dword ptr fs:[00000030h]	0_2_0187E016
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185A020 mov eax, dword ptr fs:[00000030h]	0_2_0185A020
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185C020 mov eax, dword ptr fs:[00000030h]	0_2_0185C020
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F6030 mov eax, dword ptr fs:[00000030h]	0_2_018F6030
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01862050 mov eax, dword ptr fs:[00000030h]	0_2_01862050
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E6050 mov eax, dword ptr fs:[00000030h]	0_2_018E6050
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188C073 mov eax, dword ptr fs:[00000030h]	0_2_0188C073
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188438F mov eax, dword ptr fs:[00000030h]	0_2_0188438F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188438F mov eax, dword ptr fs:[00000030h]	0_2_0188438F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185E388 mov eax, dword ptr fs:[00000030h]	0_2_0185E388
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185E388 mov eax, dword ptr fs:[00000030h]	0_2_0185E388
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185E388 mov eax, dword ptr fs:[00000030h]	0_2_0185E388
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01858397 mov eax, dword ptr fs:[00000030h]	0_2_01858397
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01858397 mov eax, dword ptr fs:[00000030h]	0_2_01858397
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01858397 mov eax, dword ptr fs:[00000030h]	0_2_01858397
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019043D4 mov eax, dword ptr fs:[00000030h]	0_2_019043D4
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019043D4 mov eax, dword ptr fs:[00000030h]	0_2_019043D4
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018683C0 mov eax, dword ptr fs:[00000030h]	0_2_018683C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018683C0 mov eax, dword ptr fs:[00000030h]	0_2_018683C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018683C0 mov eax, dword ptr fs:[00000030h]	0_2_018683C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018683C0 mov eax, dword ptr fs:[00000030h]	0_2_018683C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0186A3C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0186A3C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0186A3C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0186A3C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0186A3C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A3C0 mov eax, dword ptr fs:[00000030h]	0_2_0186A3C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E3DB mov eax, dword ptr fs:[00000030h]	0_2_0190E3DB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E3DB mov eax, dword ptr fs:[00000030h]	0_2_0190E3DB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E3DB mov ecx, dword ptr fs:[00000030h]	0_2_0190E3DB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190E3DB mov eax, dword ptr fs:[00000030h]	0_2_0190E3DB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E63C0 mov eax, dword ptr fs:[00000030h]	0_2_018E63C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0191C3CD mov eax, dword ptr fs:[00000030h]	0_2_0191C3CD
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018703E9 mov eax, dword ptr fs:[00000030h]	0_2_018703E9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018703E9 mov eax, dword ptr fs:[00000030h]	0_2_018703E9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018703E9 mov eax, dword ptr fs:[00000030h]	0_2_018703E9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018703E9 mov eax, dword ptr fs:[00000030h]	0_2_018703E9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018703E9 mov eax, dword ptr fs:[00000030h]	0_2_018703E9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018703E9 mov eax, dword ptr fs:[00000030h]	0_2_018703E9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018703E9 mov eax, dword ptr fs:[00000030h]	0_2_018703E9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018703E9 mov eax, dword ptr fs:[00000030h]	0_2_018703E9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018963FF mov eax, dword ptr fs:[00000030h]	0_2_018963FF
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0187E3F0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0187E3F0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187E3F0 mov eax, dword ptr fs:[00000030h]	0_2_0187E3F0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A30B mov eax, dword ptr fs:[00000030h]	0_2_0189A30B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A30B mov eax, dword ptr fs:[00000030h]	0_2_0189A30B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A30B mov eax, dword ptr fs:[00000030h]	0_2_0189A30B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185C310 mov ecx, dword ptr fs:[00000030h]	0_2_0185C310
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01880310 mov ecx, dword ptr fs:[00000030h]	0_2_01880310
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192A352 mov eax, dword ptr fs:[00000030h]	0_2_0192A352
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01908350 mov ecx, dword ptr fs:[00000030h]	0_2_01908350
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E2349 mov eax, dword ptr fs:[00000030h]	0_2_018E2349
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E035C mov eax, dword ptr fs:[00000030h]	0_2_018E035C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E035C mov eax, dword ptr fs:[00000030h]	0_2_018E035C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E035C mov eax, dword ptr fs:[00000030h]	0_2_018E035C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E035C mov ecx, dword ptr fs:[00000030h]	0_2_018E035C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E035C mov eax, dword ptr fs:[00000030h]	0_2_018E035C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E035C mov eax, dword ptr fs:[00000030h]	0_2_018E035C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190437C mov eax, dword ptr fs:[00000030h]	0_2_0190437C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E0283 mov eax, dword ptr fs:[00000030h]	0_2_018E0283
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E0283 mov eax, dword ptr fs:[00000030h]	0_2_018E0283
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E0283 mov eax, dword ptr fs:[00000030h]	0_2_018E0283
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E284 mov eax, dword ptr fs:[00000030h]	0_2_0189E284
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E284 mov eax, dword ptr fs:[00000030h]	0_2_0189E284
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018702A0 mov eax, dword ptr fs:[00000030h]	0_2_018702A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018702A0 mov eax, dword ptr fs:[00000030h]	0_2_018702A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F62A0 mov eax, dword ptr fs:[00000030h]	0_2_018F62A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F62A0 mov ecx, dword ptr fs:[00000030h]	0_2_018F62A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F62A0 mov eax, dword ptr fs:[00000030h]	0_2_018F62A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F62A0 mov eax, dword ptr fs:[00000030h]	0_2_018F62A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F62A0 mov eax, dword ptr fs:[00000030h]	0_2_018F62A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F62A0 mov eax, dword ptr fs:[00000030h]	0_2_018F62A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0186A2C3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0186A2C3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0186A2C3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0186A2C3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A2C3 mov eax, dword ptr fs:[00000030h]	0_2_0186A2C3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018702E1 mov eax, dword ptr fs:[00000030h]	0_2_018702E1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018702E1 mov eax, dword ptr fs:[00000030h]	0_2_018702E1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018702E1 mov eax, dword ptr fs:[00000030h]	0_2_018702E1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185823B mov eax, dword ptr fs:[00000030h]	0_2_0185823B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0191A250 mov eax, dword ptr fs:[00000030h]	0_2_0191A250
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0191A250 mov eax, dword ptr fs:[00000030h]	0_2_0191A250
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E8243 mov eax, dword ptr fs:[00000030h]	0_2_018E8243
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E8243 mov ecx, dword ptr fs:[00000030h]	0_2_018E8243
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185A250 mov eax, dword ptr fs:[00000030h]	0_2_0185A250
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01866259 mov eax, dword ptr fs:[00000030h]	0_2_01866259
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01910274 mov eax, dword ptr fs:[00000030h]	0_2_01910274
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01864260 mov eax, dword ptr fs:[00000030h]	0_2_01864260
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01864260 mov eax, dword ptr fs:[00000030h]	0_2_01864260
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01864260 mov eax, dword ptr fs:[00000030h]	0_2_01864260
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185826B mov eax, dword ptr fs:[00000030h]	0_2_0185826B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01894588 mov eax, dword ptr fs:[00000030h]	0_2_01894588
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01862582 mov eax, dword ptr fs:[00000030h]	0_2_01862582
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01862582 mov ecx, dword ptr fs:[00000030h]	0_2_01862582
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E59C mov eax, dword ptr fs:[00000030h]	0_2_0189E59C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E05A7 mov eax, dword ptr fs:[00000030h]	0_2_018E05A7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E05A7 mov eax, dword ptr fs:[00000030h]	0_2_018E05A7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E05A7 mov eax, dword ptr fs:[00000030h]	0_2_018E05A7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018845B1 mov eax, dword ptr fs:[00000030h]	0_2_018845B1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018845B1 mov eax, dword ptr fs:[00000030h]	0_2_018845B1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E5CF mov eax, dword ptr fs:[00000030h]	0_2_0189E5CF
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E5CF mov eax, dword ptr fs:[00000030h]	0_2_0189E5CF
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018665D0 mov eax, dword ptr fs:[00000030h]	0_2_018665D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A5D0 mov eax, dword ptr fs:[00000030h]	0_2_0189A5D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A5D0 mov eax, dword ptr fs:[00000030h]	0_2_0189A5D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189C5ED mov eax, dword ptr fs:[00000030h]	0_2_0189C5ED
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189C5ED mov eax, dword ptr fs:[00000030h]	0_2_0189C5ED
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018625E0 mov eax, dword ptr fs:[00000030h]	0_2_018625E0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0188E5E7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0188E5E7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0188E5E7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0188E5E7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0188E5E7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0188E5E7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0188E5E7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E5E7 mov eax, dword ptr fs:[00000030h]	0_2_0188E5E7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F6500 mov eax, dword ptr fs:[00000030h]	0_2_018F6500
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01934500 mov eax, dword ptr fs:[00000030h]	0_2_01934500
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01934500 mov eax, dword ptr fs:[00000030h]	0_2_01934500
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01934500 mov eax, dword ptr fs:[00000030h]	0_2_01934500
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01934500 mov eax, dword ptr fs:[00000030h]	0_2_01934500
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01934500 mov eax, dword ptr fs:[00000030h]	0_2_01934500
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01934500 mov eax, dword ptr fs:[00000030h]	0_2_01934500
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01934500 mov eax, dword ptr fs:[00000030h]	0_2_01934500
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870535 mov eax, dword ptr fs:[00000030h]	0_2_01870535
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870535 mov eax, dword ptr fs:[00000030h]	0_2_01870535
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870535 mov eax, dword ptr fs:[00000030h]	0_2_01870535
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870535 mov eax, dword ptr fs:[00000030h]	0_2_01870535
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870535 mov eax, dword ptr fs:[00000030h]	0_2_01870535
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870535 mov eax, dword ptr fs:[00000030h]	0_2_01870535
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E53E mov eax, dword ptr fs:[00000030h]	0_2_0188E53E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E53E mov eax, dword ptr fs:[00000030h]	0_2_0188E53E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E53E mov eax, dword ptr fs:[00000030h]	0_2_0188E53E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E53E mov eax, dword ptr fs:[00000030h]	0_2_0188E53E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E53E mov eax, dword ptr fs:[00000030h]	0_2_0188E53E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01868550 mov eax, dword ptr fs:[00000030h]	0_2_01868550
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01868550 mov eax, dword ptr fs:[00000030h]	0_2_01868550
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189656A mov eax, dword ptr fs:[00000030h]	0_2_0189656A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189656A mov eax, dword ptr fs:[00000030h]	0_2_0189656A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189656A mov eax, dword ptr fs:[00000030h]	0_2_0189656A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0191A49A mov eax, dword ptr fs:[00000030h]	0_2_0191A49A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018664AB mov eax, dword ptr fs:[00000030h]	0_2_018664AB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018944B0 mov ecx, dword ptr fs:[00000030h]	0_2_018944B0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EA4B0 mov eax, dword ptr fs:[00000030h]	0_2_018EA4B0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018604E5 mov ecx, dword ptr fs:[00000030h]	0_2_018604E5
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01898402 mov eax, dword ptr fs:[00000030h]	0_2_01898402
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01898402 mov eax, dword ptr fs:[00000030h]	0_2_01898402
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01898402 mov eax, dword ptr fs:[00000030h]	0_2_01898402
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185C427 mov eax, dword ptr fs:[00000030h]	0_2_0185C427
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185E420 mov eax, dword ptr fs:[00000030h]	0_2_0185E420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185E420 mov eax, dword ptr fs:[00000030h]	0_2_0185E420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185E420 mov eax, dword ptr fs:[00000030h]	0_2_0185E420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E6420 mov eax, dword ptr fs:[00000030h]	0_2_018E6420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E6420 mov eax, dword ptr fs:[00000030h]	0_2_018E6420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E6420 mov eax, dword ptr fs:[00000030h]	0_2_018E6420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E6420 mov eax, dword ptr fs:[00000030h]	0_2_018E6420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E6420 mov eax, dword ptr fs:[00000030h]	0_2_018E6420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E6420 mov eax, dword ptr fs:[00000030h]	0_2_018E6420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E6420 mov eax, dword ptr fs:[00000030h]	0_2_018E6420
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A430 mov eax, dword ptr fs:[00000030h]	0_2_0189A430
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0191A456 mov eax, dword ptr fs:[00000030h]	0_2_0191A456
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E443 mov eax, dword ptr fs:[00000030h]	0_2_0189E443
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E443 mov eax, dword ptr fs:[00000030h]	0_2_0189E443
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E443 mov eax, dword ptr fs:[00000030h]	0_2_0189E443
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E443 mov eax, dword ptr fs:[00000030h]	0_2_0189E443
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E443 mov eax, dword ptr fs:[00000030h]	0_2_0189E443
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E443 mov eax, dword ptr fs:[00000030h]	0_2_0189E443
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E443 mov eax, dword ptr fs:[00000030h]	0_2_0189E443
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189E443 mov eax, dword ptr fs:[00000030h]	0_2_0189E443
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188245A mov eax, dword ptr fs:[00000030h]	0_2_0188245A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185645D mov eax, dword ptr fs:[00000030h]	0_2_0185645D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EC460 mov ecx, dword ptr fs:[00000030h]	0_2_018EC460
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188A470 mov eax, dword ptr fs:[00000030h]	0_2_0188A470
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188A470 mov eax, dword ptr fs:[00000030h]	0_2_0188A470
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188A470 mov eax, dword ptr fs:[00000030h]	0_2_0188A470
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190678E mov eax, dword ptr fs:[00000030h]	0_2_0190678E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018607AF mov eax, dword ptr fs:[00000030h]	0_2_018607AF
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_019147A0 mov eax, dword ptr fs:[00000030h]	0_2_019147A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186C7C0 mov eax, dword ptr fs:[00000030h]	0_2_0186C7C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E07C3 mov eax, dword ptr fs:[00000030h]	0_2_018E07C3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018827ED mov eax, dword ptr fs:[00000030h]	0_2_018827ED
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018827ED mov eax, dword ptr fs:[00000030h]	0_2_018827ED
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018827ED mov eax, dword ptr fs:[00000030h]	0_2_018827ED
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EE7E1 mov eax, dword ptr fs:[00000030h]	0_2_018EE7E1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018647FB mov eax, dword ptr fs:[00000030h]	0_2_018647FB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018647FB mov eax, dword ptr fs:[00000030h]	0_2_018647FB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189C700 mov eax, dword ptr fs:[00000030h]	0_2_0189C700
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01860710 mov eax, dword ptr fs:[00000030h]	0_2_01860710
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01890710 mov eax, dword ptr fs:[00000030h]	0_2_01890710
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189C720 mov eax, dword ptr fs:[00000030h]	0_2_0189C720
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189C720 mov eax, dword ptr fs:[00000030h]	0_2_0189C720
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189273C mov eax, dword ptr fs:[00000030h]	0_2_0189273C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189273C mov ecx, dword ptr fs:[00000030h]	0_2_0189273C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189273C mov eax, dword ptr fs:[00000030h]	0_2_0189273C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DC730 mov eax, dword ptr fs:[00000030h]	0_2_018DC730
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189674D mov esi, dword ptr fs:[00000030h]	0_2_0189674D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189674D mov eax, dword ptr fs:[00000030h]	0_2_0189674D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189674D mov eax, dword ptr fs:[00000030h]	0_2_0189674D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EE75D mov eax, dword ptr fs:[00000030h]	0_2_018EE75D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01860750 mov eax, dword ptr fs:[00000030h]	0_2_01860750
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2750 mov eax, dword ptr fs:[00000030h]	0_2_018A2750
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2750 mov eax, dword ptr fs:[00000030h]	0_2_018A2750
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E4755 mov eax, dword ptr fs:[00000030h]	0_2_018E4755
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01868770 mov eax, dword ptr fs:[00000030h]	0_2_01868770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870770 mov eax, dword ptr fs:[00000030h]	0_2_01870770
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01864690 mov eax, dword ptr fs:[00000030h]	0_2_01864690
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01864690 mov eax, dword ptr fs:[00000030h]	0_2_01864690
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189C6A6 mov eax, dword ptr fs:[00000030h]	0_2_0189C6A6
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018966B0 mov eax, dword ptr fs:[00000030h]	0_2_018966B0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A6C7 mov ebx, dword ptr fs:[00000030h]	0_2_0189A6C7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A6C7 mov eax, dword ptr fs:[00000030h]	0_2_0189A6C7
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE6F2 mov eax, dword ptr fs:[00000030h]	0_2_018DE6F2
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE6F2 mov eax, dword ptr fs:[00000030h]	0_2_018DE6F2
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE6F2 mov eax, dword ptr fs:[00000030h]	0_2_018DE6F2
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE6F2 mov eax, dword ptr fs:[00000030h]	0_2_018DE6F2
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E06F1 mov eax, dword ptr fs:[00000030h]	0_2_018E06F1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E06F1 mov eax, dword ptr fs:[00000030h]	0_2_018E06F1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE609 mov eax, dword ptr fs:[00000030h]	0_2_018DE609
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187260B mov eax, dword ptr fs:[00000030h]	0_2_0187260B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187260B mov eax, dword ptr fs:[00000030h]	0_2_0187260B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187260B mov eax, dword ptr fs:[00000030h]	0_2_0187260B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187260B mov eax, dword ptr fs:[00000030h]	0_2_0187260B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187260B mov eax, dword ptr fs:[00000030h]	0_2_0187260B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187260B mov eax, dword ptr fs:[00000030h]	0_2_0187260B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187260B mov eax, dword ptr fs:[00000030h]	0_2_0187260B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A2619 mov eax, dword ptr fs:[00000030h]	0_2_018A2619
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187E627 mov eax, dword ptr fs:[00000030h]	0_2_0187E627
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01896620 mov eax, dword ptr fs:[00000030h]	0_2_01896620
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01898620 mov eax, dword ptr fs:[00000030h]	0_2_01898620
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186262C mov eax, dword ptr fs:[00000030h]	0_2_0186262C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0187C640 mov eax, dword ptr fs:[00000030h]	0_2_0187C640
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A660 mov eax, dword ptr fs:[00000030h]	0_2_0189A660
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A660 mov eax, dword ptr fs:[00000030h]	0_2_0189A660
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192866E mov eax, dword ptr fs:[00000030h]	0_2_0192866E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192866E mov eax, dword ptr fs:[00000030h]	0_2_0192866E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01892674 mov eax, dword ptr fs:[00000030h]	0_2_01892674
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018729A0 mov eax, dword ptr fs:[00000030h]	0_2_018729A0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018609AD mov eax, dword ptr fs:[00000030h]	0_2_018609AD
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018609AD mov eax, dword ptr fs:[00000030h]	0_2_018609AD
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E89B3 mov esi, dword ptr fs:[00000030h]	0_2_018E89B3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E89B3 mov eax, dword ptr fs:[00000030h]	0_2_018E89B3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E89B3 mov eax, dword ptr fs:[00000030h]	0_2_018E89B3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192A9D3 mov eax, dword ptr fs:[00000030h]	0_2_0192A9D3
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F69C0 mov eax, dword ptr fs:[00000030h]	0_2_018F69C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0186A9D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0186A9D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0186A9D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0186A9D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0186A9D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186A9D0 mov eax, dword ptr fs:[00000030h]	0_2_0186A9D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018949D0 mov eax, dword ptr fs:[00000030h]	0_2_018949D0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EE9E0 mov eax, dword ptr fs:[00000030h]	0_2_018EE9E0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018929F9 mov eax, dword ptr fs:[00000030h]	0_2_018929F9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018929F9 mov eax, dword ptr fs:[00000030h]	0_2_018929F9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE908 mov eax, dword ptr fs:[00000030h]	0_2_018DE908
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DE908 mov eax, dword ptr fs:[00000030h]	0_2_018DE908
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EC912 mov eax, dword ptr fs:[00000030h]	0_2_018EC912
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01858918 mov eax, dword ptr fs:[00000030h]	0_2_01858918
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01858918 mov eax, dword ptr fs:[00000030h]	0_2_01858918
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E892A mov eax, dword ptr fs:[00000030h]	0_2_018E892A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F892B mov eax, dword ptr fs:[00000030h]	0_2_018F892B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018E0946 mov eax, dword ptr fs:[00000030h]	0_2_018E0946
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A096E mov eax, dword ptr fs:[00000030h]	0_2_018A096E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A096E mov edx, dword ptr fs:[00000030h]	0_2_018A096E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018A096E mov eax, dword ptr fs:[00000030h]	0_2_018A096E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01904978 mov eax, dword ptr fs:[00000030h]	0_2_01904978
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01904978 mov eax, dword ptr fs:[00000030h]	0_2_01904978
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01886962 mov eax, dword ptr fs:[00000030h]	0_2_01886962
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01886962 mov eax, dword ptr fs:[00000030h]	0_2_01886962
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01886962 mov eax, dword ptr fs:[00000030h]	0_2_01886962
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EC97C mov eax, dword ptr fs:[00000030h]	0_2_018EC97C
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01860887 mov eax, dword ptr fs:[00000030h]	0_2_01860887
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EC89D mov eax, dword ptr fs:[00000030h]	0_2_018EC89D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188E8C0 mov eax, dword ptr fs:[00000030h]	0_2_0188E8C0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189C8F9 mov eax, dword ptr fs:[00000030h]	0_2_0189C8F9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189C8F9 mov eax, dword ptr fs:[00000030h]	0_2_0189C8F9
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192A8E4 mov eax, dword ptr fs:[00000030h]	0_2_0192A8E4
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EC810 mov eax, dword ptr fs:[00000030h]	0_2_018EC810
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190483A mov eax, dword ptr fs:[00000030h]	0_2_0190483A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190483A mov eax, dword ptr fs:[00000030h]	0_2_0190483A
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189A830 mov eax, dword ptr fs:[00000030h]	0_2_0189A830
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01882835 mov eax, dword ptr fs:[00000030h]	0_2_01882835
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01882835 mov eax, dword ptr fs:[00000030h]	0_2_01882835
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01882835 mov eax, dword ptr fs:[00000030h]	0_2_01882835
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01882835 mov ecx, dword ptr fs:[00000030h]	0_2_01882835
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01882835 mov eax, dword ptr fs:[00000030h]	0_2_01882835
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01882835 mov eax, dword ptr fs:[00000030h]	0_2_01882835
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01872840 mov ecx, dword ptr fs:[00000030h]	0_2_01872840
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01890854 mov eax, dword ptr fs:[00000030h]	0_2_01890854
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01864859 mov eax, dword ptr fs:[00000030h]	0_2_01864859
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01864859 mov eax, dword ptr fs:[00000030h]	0_2_01864859
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EE872 mov eax, dword ptr fs:[00000030h]	0_2_018EE872
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018EE872 mov eax, dword ptr fs:[00000030h]	0_2_018EE872
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F6870 mov eax, dword ptr fs:[00000030h]	0_2_018F6870
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F6870 mov eax, dword ptr fs:[00000030h]	0_2_018F6870
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01914BB0 mov eax, dword ptr fs:[00000030h]	0_2_01914BB0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01914BB0 mov eax, dword ptr fs:[00000030h]	0_2_01914BB0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870BBE mov eax, dword ptr fs:[00000030h]	0_2_01870BBE
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870BBE mov eax, dword ptr fs:[00000030h]	0_2_01870BBE
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190EBD0 mov eax, dword ptr fs:[00000030h]	0_2_0190EBD0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01880BCB mov eax, dword ptr fs:[00000030h]	0_2_01880BCB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01880BCB mov eax, dword ptr fs:[00000030h]	0_2_01880BCB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01880BCB mov eax, dword ptr fs:[00000030h]	0_2_01880BCB
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01860BCD mov eax, dword ptr fs:[00000030h]	0_2_01860BCD
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01860BCD mov eax, dword ptr fs:[00000030h]	0_2_01860BCD
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01860BCD mov eax, dword ptr fs:[00000030h]	0_2_01860BCD
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188EBFC mov eax, dword ptr fs:[00000030h]	0_2_0188EBFC
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01868BF0 mov eax, dword ptr fs:[00000030h]	0_2_01868BF0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01868BF0 mov eax, dword ptr fs:[00000030h]	0_2_01868BF0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01868BF0 mov eax, dword ptr fs:[00000030h]	0_2_01868BF0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018ECBF0 mov eax, dword ptr fs:[00000030h]	0_2_018ECBF0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DEB1D mov eax, dword ptr fs:[00000030h]	0_2_018DEB1D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DEB1D mov eax, dword ptr fs:[00000030h]	0_2_018DEB1D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DEB1D mov eax, dword ptr fs:[00000030h]	0_2_018DEB1D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DEB1D mov eax, dword ptr fs:[00000030h]	0_2_018DEB1D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DEB1D mov eax, dword ptr fs:[00000030h]	0_2_018DEB1D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DEB1D mov eax, dword ptr fs:[00000030h]	0_2_018DEB1D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DEB1D mov eax, dword ptr fs:[00000030h]	0_2_018DEB1D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DEB1D mov eax, dword ptr fs:[00000030h]	0_2_018DEB1D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DEB1D mov eax, dword ptr fs:[00000030h]	0_2_018DEB1D
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188EB20 mov eax, dword ptr fs:[00000030h]	0_2_0188EB20
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188EB20 mov eax, dword ptr fs:[00000030h]	0_2_0188EB20
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01928B28 mov eax, dword ptr fs:[00000030h]	0_2_01928B28
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01928B28 mov eax, dword ptr fs:[00000030h]	0_2_01928B28
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190EB50 mov eax, dword ptr fs:[00000030h]	0_2_0190EB50
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F6B40 mov eax, dword ptr fs:[00000030h]	0_2_018F6B40
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018F6B40 mov eax, dword ptr fs:[00000030h]	0_2_018F6B40
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0192AB40 mov eax, dword ptr fs:[00000030h]	0_2_0192AB40
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01908B42 mov eax, dword ptr fs:[00000030h]	0_2_01908B42
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01914B4B mov eax, dword ptr fs:[00000030h]	0_2_01914B4B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01914B4B mov eax, dword ptr fs:[00000030h]	0_2_01914B4B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0185CB7E mov eax, dword ptr fs:[00000030h]	0_2_0185CB7E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186EA80 mov eax, dword ptr fs:[00000030h]	0_2_0186EA80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186EA80 mov eax, dword ptr fs:[00000030h]	0_2_0186EA80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186EA80 mov eax, dword ptr fs:[00000030h]	0_2_0186EA80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186EA80 mov eax, dword ptr fs:[00000030h]	0_2_0186EA80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186EA80 mov eax, dword ptr fs:[00000030h]	0_2_0186EA80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186EA80 mov eax, dword ptr fs:[00000030h]	0_2_0186EA80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186EA80 mov eax, dword ptr fs:[00000030h]	0_2_0186EA80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186EA80 mov eax, dword ptr fs:[00000030h]	0_2_0186EA80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0186EA80 mov eax, dword ptr fs:[00000030h]	0_2_0186EA80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01934A80 mov eax, dword ptr fs:[00000030h]	0_2_01934A80
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01898A90 mov edx, dword ptr fs:[00000030h]	0_2_01898A90
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01868AA0 mov eax, dword ptr fs:[00000030h]	0_2_01868AA0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01868AA0 mov eax, dword ptr fs:[00000030h]	0_2_01868AA0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018B6AA4 mov eax, dword ptr fs:[00000030h]	0_2_018B6AA4
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018B6ACC mov eax, dword ptr fs:[00000030h]	0_2_018B6ACC
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018B6ACC mov eax, dword ptr fs:[00000030h]	0_2_018B6ACC
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018B6ACC mov eax, dword ptr fs:[00000030h]	0_2_018B6ACC
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01860AD0 mov eax, dword ptr fs:[00000030h]	0_2_01860AD0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01894AD0 mov eax, dword ptr fs:[00000030h]	0_2_01894AD0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01894AD0 mov eax, dword ptr fs:[00000030h]	0_2_01894AD0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189AAEE mov eax, dword ptr fs:[00000030h]	0_2_0189AAEE
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189AAEE mov eax, dword ptr fs:[00000030h]	0_2_0189AAEE
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018ECA11 mov eax, dword ptr fs:[00000030h]	0_2_018ECA11
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0188EA2E mov eax, dword ptr fs:[00000030h]	0_2_0188EA2E
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189CA24 mov eax, dword ptr fs:[00000030h]	0_2_0189CA24
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189CA38 mov eax, dword ptr fs:[00000030h]	0_2_0189CA38
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01884A35 mov eax, dword ptr fs:[00000030h]	0_2_01884A35
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01884A35 mov eax, dword ptr fs:[00000030h]	0_2_01884A35
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01866A50 mov eax, dword ptr fs:[00000030h]	0_2_01866A50
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01866A50 mov eax, dword ptr fs:[00000030h]	0_2_01866A50
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01866A50 mov eax, dword ptr fs:[00000030h]	0_2_01866A50
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01866A50 mov eax, dword ptr fs:[00000030h]	0_2_01866A50
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01866A50 mov eax, dword ptr fs:[00000030h]	0_2_01866A50
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01866A50 mov eax, dword ptr fs:[00000030h]	0_2_01866A50
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01866A50 mov eax, dword ptr fs:[00000030h]	0_2_01866A50
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870A5B mov eax, dword ptr fs:[00000030h]	0_2_01870A5B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01870A5B mov eax, dword ptr fs:[00000030h]	0_2_01870A5B
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189CA6F mov eax, dword ptr fs:[00000030h]	0_2_0189CA6F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189CA6F mov eax, dword ptr fs:[00000030h]	0_2_0189CA6F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189CA6F mov eax, dword ptr fs:[00000030h]	0_2_0189CA6F
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0190EA60 mov eax, dword ptr fs:[00000030h]	0_2_0190EA60
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DCA72 mov eax, dword ptr fs:[00000030h]	0_2_018DCA72
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_018DCA72 mov eax, dword ptr fs:[00000030h]	0_2_018DCA72
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01896DA0 mov eax, dword ptr fs:[00000030h]	0_2_01896DA0
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01888DBF mov eax, dword ptr fs:[00000030h]	0_2_01888DBF
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01888DBF mov eax, dword ptr fs:[00000030h]	0_2_01888DBF
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189CDB1 mov ecx, dword ptr fs:[00000030h]	0_2_0189CDB1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189CDB1 mov eax, dword ptr fs:[00000030h]	0_2_0189CDB1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_0189CDB1 mov eax, dword ptr fs:[00000030h]	0_2_0189CDB1
Source: C:\Users\user\Desktop\qWfJQYqN3A.exe	Code function: 0_2_01928DAE mov eax, dword ptr fs:[00000030h]	0_2_01928DAE

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 0.2.qWfJQYqN3A.exe.a60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2114857461.0000000001700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 0.2.qWfJQYqN3A.exe.a60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2114857461.0000000001700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	2 Virtualization/Sandbox Evasion	OS Credential Dumping	2 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	2 Software Packing	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
qWfJQYqN3A.exe	61%	ReversingLabs	Win32.Backdoor.FormBook
qWfJQYqN3A.exe	100%	Avira	TR/Crypt.ZPACK.Gen
qWfJQYqN3A.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1530784
Start date and time:	2024-10-10 14:40:30 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	qWfJQYqN3A.exe renamed because original name is a hash value
Original Sample Name:	6af24339176b4c8fce1bc2993921f81e01940291fe6fe376a73d66001816c977.exe
Detection:	MAL
Classification:	mal80.troj.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 92% Number of executed functions: 10 Number of non-executed functions: 327
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: qWfJQYqN3A.exe

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.990957333150719
TrID:	Win32 Executable (generic) a (10002005/4) 99.98% DOS Executable Generic (2002/1) 0.02%
File name:	qWfJQYqN3A.exe
File size:	283'648 bytes
MD5:	118bc45382ad2e22899c16c44627aeb5
SHA1:	8f65ceea44c16c2614735bf264060836ca020af9
SHA256:	6af24339176b4c8fce1bc2993921f81e01940291fe6fe376a73d66001816c977
SHA512:	c3d49a16ede6117ce9d9b779b016c543324fb9584f5e8d6130791731537d66c5fae56b4f4ec92265b81a33120a5a25fb84cd5a3c499059f4e71b9728e39f46e9
SSDEEP:	6144:DycYZkZODTaAneS0hYYUOKUe1nTAyhbs9/J:m1nTaAneaObe1n7
TLSH:	B154120E23566510D8FED53512BE62B01C7772CB2FD097B3739A1EA9E8B41637B5023A
File Content Preview:	MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L.....T[.................P...................`....@................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4014c0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5B5411DB [Sun Jul 22 05:10:51 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 000003A4h
push ebx
push esi
push edi
push 00000368h
lea eax, dword ptr [ebp-000003A0h]
push 00000000h
push eax
mov dword ptr [ebp-000003A4h], 00000000h
call 00007F1D44BBEC6Ch
xor ebx, ebx
add esp, 0Ch
xor esi, esi
xor eax, eax
mov edi, 00000087h
mov dword ptr [ebp-34h], 0000067Ah
mov dword ptr [ebp-30h], 00003025h
mov dword ptr [ebp-38h], ebx
mov dword ptr [ebp-20h], eax
mov dword ptr [ebp-1Ch], 00007A40h
mov dword ptr [ebp-24h], 00005AF6h
mov dword ptr [ebp-28h], 00000A99h
mov dword ptr [ebp-2Ch], 000049CAh
inc esi
mov eax, 66666667h
imul esi
sar edx, 02h
mov eax, edx
shr eax, 1Fh
add eax, edx
lea ecx, dword ptr [eax+eax*4]
add ecx, ecx
mov eax, esi
sub eax, ecx
jne 00007F1D44BBD176h
add esi, esi
jmp 00007F1D44BBD17Bh
mov eax, esi
cdq
sub eax, edx
sar eax, 1
add esi, eax
cmp esi, 00000757h
jl 00007F1D44BBD140h
call 00007F1D44BBEF07h
mov dword ptr [ebp-58h], eax
mov eax, 0000163Eh
mov ecx, 0000005Dh
jmp 00007F1D44BBD175h
lea ecx, dword ptr [ecx+00h]
cmp edi, ecx
cmovl edi, ecx
dec eax
jne 00007F1D44BBD16Ah
lea eax, dword ptr [ebp-0000013Ch]
push 0000001Eh
push eax
mov esi, 00004474h
mov edi, 000000C8h

Rich Headers

Programming Language:

[C++] VS2012 build 50727
[ASM] VS2012 build 50727
[LNK] VS2012 build 50727

Data Directories

Name	Virtual Address	Virtual Size
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x44ef4	0x45000	7bb7157b2cda7a1bf9aa403e2ee1cf44	False	0.9890101336050725	data	7.995044797616875	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: qWfJQYqN3A.exePID: 7552, Parent PID: 4056

General

Target ID:	0
Start time:	08:41:30
Start date:	10/10/2024
Path:	C:\Users\user\Desktop\qWfJQYqN3A.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\qWfJQYqN3A.exe"
Imagebase:	0xa60000
File size:	283'648 bytes
MD5 hash:	118BC45382AD2E22899C16C44627AEB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2114857461.0000000001700000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2114857461.0000000001700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: qWfJQYqN3A.exePID: 7552, Parent PID: 4056COMMON

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	6.9%
Signature Coverage:	11.9%
Total number of Nodes:	101
Total number of Limit Nodes:	9

Executed Functions

Function 00A77553 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00A775C5

Memory Dump Source

Source File: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000000.00000002.2114510192.0000000000A60000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_qWfJQYqN3A.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: f09366afa68eda8b01afae48002f5c4ccfd802e9b0410a3c64f1ff7f27b1606d
Instruction ID: f368a28b3eef3cf01eee342a65e0edfc48c299f6f49a1e117441fc6c7c9aaec8
Opcode Fuzzy Hash: f09366afa68eda8b01afae48002f5c4ccfd802e9b0410a3c64f1ff7f27b1606d
Instruction Fuzzy Hash: 640121B6E0020EABDF10EBE4DD46F9EB7789B54304F0081A5E90C97240F631EB548B91

Function 00A8C413 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00A8C447

Memory Dump Source

Source File: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000000.00000002.2114510192.0000000000A60000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_qWfJQYqN3A.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 53eed950f2c0d02fb7bbd90e0ccb4c03fdc01c4f79c3660848b8669e83cdaad8
Instruction ID: 6937e281ba9e6e67bde2d0776f994eb5cf6db48a9cc9aea5462192ddd8d17299
Opcode Fuzzy Hash: 53eed950f2c0d02fb7bbd90e0ccb4c03fdc01c4f79c3660848b8669e83cdaad8
Instruction Fuzzy Hash: F1E04F312002087BD510AA59DD42FDB776CDBCA710F004415FA0C67142CA71791187B1

Function 018A2B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 018A2B6A

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ac4491c87aeb6f8064f7327b81f317d5a38c56fee2231f9be21d3b0f38627fbb
Instruction ID: 3b85241cecb80621df7b3796b99abaca6bc6a484eea2c756a01cfa445492cfea
Opcode Fuzzy Hash: ac4491c87aeb6f8064f7327b81f317d5a38c56fee2231f9be21d3b0f38627fbb
Instruction Fuzzy Hash: FF90026120240007410571584854656400E97E1301B55D021E20195A0DC5258A996626

Function 018A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 018A2DFA

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b4df249603d58f4c736b87e5000de2278b833fa1d8f8864bbb239cf8b2ea3a37
Instruction ID: 89399dd77b01d1a2ed3287ca3b68f0d41036dc7a837a45b958329c49afcd58ca
Opcode Fuzzy Hash: b4df249603d58f4c736b87e5000de2278b833fa1d8f8864bbb239cf8b2ea3a37
Instruction Fuzzy Hash: 8A90023120140417D11171584944747000D97D1341F95D412A1429568DD6568B5AA622

Function 018A2C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 018A2C7A

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b291961c31e23fb53547dce9cadc69a4776644cc0a59da690217e939024793f6
Instruction ID: 4e8744d45e29dc7718866da75bbb5a539dced16293bf287aebbfc5625fab11f2
Opcode Fuzzy Hash: b291961c31e23fb53547dce9cadc69a4776644cc0a59da690217e939024793f6
Instruction Fuzzy Hash: 6290023120148806D1107158884478A000997D1301F59D411A5429668DC6958A997622

Function 018A35C0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 018A35CA

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 809a2e628f88572af1226956f202b1efcaa5c2d9b4f759fe49f19a96f65bfdfa
Instruction ID: 524aa147dd48ff081a0707201e509533c43b346d61abf177f1a5ea88d7d72532
Opcode Fuzzy Hash: 809a2e628f88572af1226956f202b1efcaa5c2d9b4f759fe49f19a96f65bfdfa
Instruction Fuzzy Hash: 8690023160550406D10071584954746100997D1301F65D411A1429578DC7958B596AA3

Function 00A8C723 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00A7E33E,?,?,00000000,?,00A7E33E,?,?,?), ref: 00A8C762

Memory Dump Source

Source File: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000000.00000002.2114510192.0000000000A60000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_qWfJQYqN3A.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a0008d3896d4bf2a29dca11b0d5b82dec56922c8b2ae7ae0e4a185f439c60cb4
Instruction ID: fa1da0df41b532238ca810c620fb4671b156296276a8af59e701e469f298d38e
Opcode Fuzzy Hash: a0008d3896d4bf2a29dca11b0d5b82dec56922c8b2ae7ae0e4a185f439c60cb4
Instruction Fuzzy Hash: 4DE06D722046097BDA14EF58DC41EDB37ACDF89711F004518F90CA7281DA70B9518BB5

Function 00A8C773 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,E2C10578,00000007,00000000,00000004,00000000,00A76DD7,000000F4), ref: 00A8C7AF

Memory Dump Source

Source File: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000000.00000002.2114510192.0000000000A60000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_qWfJQYqN3A.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: a57cad70431134bdfe3e244918ebb80e75b2560a693a4781e2bbb10073d12457
Instruction ID: 44b64018f50fa19d05811a16c41c5be7713b8cee522b9ff9f80c1d5cbbe1dfd3
Opcode Fuzzy Hash: a57cad70431134bdfe3e244918ebb80e75b2560a693a4781e2bbb10073d12457
Instruction Fuzzy Hash: 7FE0E5722042087BDA14EE59EC81EEB77ADEF89710F004419FA1DA7242DAB1B951CBB5

Function 00A8C7C3 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?), ref: 00A8C7F7

Memory Dump Source

Source File: 00000000.00000002.2114549934.0000000000A61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A60000, based on PE: true

Associated: 00000000.00000002.2114510192.0000000000A60000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a60000_qWfJQYqN3A.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: c4bc31ecbbbabb50519f1455004ecebc7f7cf525fbcb43f06987e3ec4259cc7b
Instruction ID: 1c95a4deb331f70f3787808b4fd4fb3a68c5d023280addb3b95a33e133bf432e
Opcode Fuzzy Hash: c4bc31ecbbbabb50519f1455004ecebc7f7cf525fbcb43f06987e3ec4259cc7b
Instruction Fuzzy Hash: D2E04F31200204BBC624EA59DC41FAB776CDBC9750F404419FA4C67181D7707A01C7A1

Function 018A2C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 018A2C24

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3e1e99cafa39d71fecc10e5af6958517371e8321510b08f282d64324b66b16b0
Instruction ID: 91e6ff77d60969ba2104efb513c3c30701053e1d2cfd39a77ba95affe8470a3a
Opcode Fuzzy Hash: 3e1e99cafa39d71fecc10e5af6958517371e8321510b08f282d64324b66b16b0
Instruction Fuzzy Hash: 2DB09B719015C5CAEA11E7644A08717790577D1701F55C061D3034651F4738C2D5E676

Non-executed Functions

Function 018E2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

MaxLoaderThreads, xrefs: 018E24EC
ShutdownFlags, xrefs: 018E24A1
Initializing the application verifier package failed with status 0x%08lx, xrefs: 018E3176
UnloadEventTraceDepth, xrefs: 018E24C0
UseImpersonatedDeviceMap, xrefs: 018E251C
DisableHeapLookaside, xrefs: 018E246D
DisableExceptionChainValidation, xrefs: 018E275F
LdrpInitializeExecutionOptions, xrefs: 018E317D
CFGOptions, xrefs: 018E2967
MaxDeadActivationContexts, xrefs: 018E2D82
@, xrefs: 018E2B74
GlobalFlag, xrefs: 018E2F3F, 018E3059
MinimumStackCommitInBytes, xrefs: 018E2BB0
ExecuteOptions, xrefs: 018E25A0
GlobalFlag2, xrefs: 018E2FC0
minkernel\ntdll\ldrinit.c, xrefs: 018E3187
@, xrefs: 018E2942
RaiseExceptionOnPossibleDeadlock, xrefs: 018E2579
TracingFlags, xrefs: 018E2549
FrontEndHeapDebugOptions, xrefs: 018E2489

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: 351dbd1d1f9626c983c490a91a4bd5b3402c6457c3fb2d37faae8cb2803bddc2
Instruction ID: a306e328559e54c3a75135fb65861319b4abcdb848c54d2aac584846828c809d
Opcode Fuzzy Hash: 351dbd1d1f9626c983c490a91a4bd5b3402c6457c3fb2d37faae8cb2803bddc2
Instruction Fuzzy Hash: 0C92DF71608346AFE721DF28C888F6BB7EABB85714F04481DFA94D7251D770EA44CB92

Function 018568B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON

Download Yara Rule

Strings

ApphelpCheckModule, xrefs: 01856A86
SE_ProcessDying, xrefs: 018569FF
SE_GetProcAddressForCaller, xrefs: 01856A59
SE_InstallBeforeInit, xrefs: 0185691E
SE_LdrResolveDllName, xrefs: 01856A2C
SE_InitializeEngine, xrefs: 018568C5
Could not locate procedure "%s" in the shim engine DLL, xrefs: 018B9BB3
SE_DllUnloaded, xrefs: 018569A5
apphelp.dll, xrefs: 0185698A
SE_LdrEntryRemoved, xrefs: 018569D2
minkernel\ntdll\ldrinit.c, xrefs: 018B9BC3
SE_ShimDllLoaded, xrefs: 018568F1
SE_DllLoaded, xrefs: 01856978
LdrpGetShimEngineInterface, xrefs: 018B9BB9
SE_InstallAfterInit, xrefs: 0185694B

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-3089669407
Opcode ID: ebd08d601525041df2b78f830fd4d496c8d127778991283e18e2ceccd0ff8acc
Instruction ID: 24cd78e61efcaaa10cc0273fbd06b0e917245a7ed323c419efe0bbe8f0f59f09
Opcode Fuzzy Hash: ebd08d601525041df2b78f830fd4d496c8d127778991283e18e2ceccd0ff8acc
Instruction Fuzzy Hash: 438132B2D05219BF9B11EAE8EDC0EEE77BDEB14754B554422FA01F7210E620DF048BA1

Function 01905910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON

Download Yara Rule

Strings

Control Panel\Desktop, xrefs: 0190615E
@, xrefs: 01906027
LanguageConfiguration, xrefs: 01906420
*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 01905A84
\Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 01905FE1
LanguageConfigurationPending, xrefs: 01906221
InstallLanguageFallback, xrefs: 01906050
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0190635D
PreferredUILanguages, xrefs: 019063D1
PreferredUILanguagesPending, xrefs: 019061D2
@, xrefs: 01906277
@, xrefs: 0190647A
@, xrefs: 019061B0
@, xrefs: 019063A0

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
API String ID: 0-1325123933
Opcode ID: 3108b630497ce3659fb8f919df7c5582cdb14eec0d3d37b7edb9ea1851ceca3d
Instruction ID: 0f2142b9e2a2bdab0f0cec2a335b6513f51ff518becb6c77d9c880be6f22f0dc
Opcode Fuzzy Hash: 3108b630497ce3659fb8f919df7c5582cdb14eec0d3d37b7edb9ea1851ceca3d
Instruction Fuzzy Hash: 7D725A715083419FE366DF28C840B6BBBE9BF88710F45492DFA89D7290E734E945CB92

Function 01898620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

Invalid debug info address of this critical section, xrefs: 018D54B6
Address of the debug info found in the active list., xrefs: 018D54AE, 018D54FA
Critical section address, xrefs: 018D5425, 018D54BC, 018D5534
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018D540A, 018D5496, 018D5519
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018D54CE
8, xrefs: 018D52E3
Thread identifier, xrefs: 018D553A
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018D54E2
undeleted critical section in freed memory, xrefs: 018D542B
corrupted critical section, xrefs: 018D54C2
Thread is in a state in which it cannot own a critical section, xrefs: 018D5543
Critical section address., xrefs: 018D5502
double initialized or corrupted critical section, xrefs: 018D5508
Critical section debug info address, xrefs: 018D541F, 018D552E

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: 5f7ce4c2c4ce2ca8599f2f6b9c6ffe527bdae050c908494a625a08491950a001
Instruction ID: 0620eb73e289c4cf88dfec7b7694b7e7b82cf28ac8661c07c1df2ec276af675f
Opcode Fuzzy Hash: 5f7ce4c2c4ce2ca8599f2f6b9c6ffe527bdae050c908494a625a08491950a001
Instruction Fuzzy Hash: 8481ACB1A41349EFDB21CF99C884BAEBBB5FB0AB14F14411AF505F7240D775AA40CB90

Function 018929F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 018D2506
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018D22E4
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 018D2498
@, xrefs: 018D259B
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 018D2602
RtlpResolveAssemblyStorageMapEntry, xrefs: 018D261F
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 018D2412
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018D24C0
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 018D2624
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 018D2409
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018D25EB

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 64bc95636d0c7f0b2cbcb59579e3e37647f51c9ce88a81ee198f053bd6c5eb10
Instruction ID: c58adea46d63e78393972b58942c742d72fe13ba4dc6b140fe64dea789b2f32a
Opcode Fuzzy Hash: 64bc95636d0c7f0b2cbcb59579e3e37647f51c9ce88a81ee198f053bd6c5eb10
Instruction Fuzzy Hash: 610250B1D00269AFDF31DB58CC80B9AB7B9AF54318F4441DAA609E7241EB709F84CF59

Function 01890F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON

Download Yara Rule

Strings

h, xrefs: 01890FB0
9, xrefs: 01890F9C
%%%u, xrefs: 018D14CC
, xrefs: 01890FEC
0, xrefs: 01890F92
l, xrefs: 01890FC4
%%%u!%s!, xrefs: 018D14A1
w, xrefs: 01890FBA
%, xrefs: 01890F7E
!, xrefs: 01890FA6

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
API String ID: 0-360209818
Opcode ID: 28ed15a6f6cf7f3b21cd351fcecc289023bcc699458312b022146a12c01a276b
Instruction ID: ee108c988ec912660b0f411e9a9f73b685be1fdae67a7c5adbfe8a10c928a933
Opcode Fuzzy Hash: 28ed15a6f6cf7f3b21cd351fcecc289023bcc699458312b022146a12c01a276b
Instruction Fuzzy Hash: E5629FB5E042298FEB24CF18C8457A9B7B6BF95324F5882DAE549EB240D7325BD1CF40

Function 01908B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 01908BD0
services.exe, xrefs: 01908B96
smss.exe, xrefs: 01908B8B
DefaultBrowser_NOPUBLISHERID, xrefs: 01908D00
runtimebroker.exe, xrefs: 01908B73
lsass.exe, xrefs: 01908BA1
SegmentHeap, xrefs: 01908BE9
svchost.exe, xrefs: 01908B68
heapType, xrefs: 01908BCB
csrss.exe, xrefs: 01908B80

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: d6eda908af9c886a02d00bba650c8a50af6c2113c836608e2b637a688208027d
Instruction ID: 3796c00efc7fabe2329871ceacf7892311533be66528b867f9b07facc6e8e944
Opcode Fuzzy Hash: d6eda908af9c886a02d00bba650c8a50af6c2113c836608e2b637a688208027d
Instruction Fuzzy Hash: FB518EB1A04315AFD726DF188844BABBBECAF94750F144A1DEA9DC2281E770D609C792

Function 019112ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON

Download Yara Rule

Strings

Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 019118A5
HEAP: , xrefs: 01911706, 01911756, 019117A8, 01911809, 0191184D, 01911895, 019118E6
HEAP[%wZ]: , xrefs: 019116CD, 019116F9, 01911749, 0191179B, 019117FC, 01911840, 019118D9
Heap block at %p is not last block in segment (%p), xrefs: 019117B7
Heap block at %p has incorrect segment offset (%x), xrefs: 0191181A
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 0191186B
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 019118F8
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 0191176D
Free Heap block %p modified at %p after it was freed, xrefs: 0191171B

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: 70839e1e91056fefd168265f26aa3e93667b38334b75bc69f0ea10587a1b9f2e
Instruction ID: 8ed2d59801a149c8f5b0e5a243f15a759c138f6181029a2bcd219ff995feb9ad
Opcode Fuzzy Hash: 70839e1e91056fefd168265f26aa3e93667b38334b75bc69f0ea10587a1b9f2e
Instruction Fuzzy Hash: D212C13060064AEFD725CF39C480BBABBF5FF15715F088869EA8A8B645D334E981CB51

Function 0187AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON

Download Yara Rule

Strings

LdrGetDllHandleEx, xrefs: 018C807C, 018C83B2
Status: 0x%08lx, xrefs: 018C82D0, 018C83AB
minkernel\ntdll\ldrfind.c, xrefs: 018C82E1
DLL name: %wZ, xrefs: 018C8075
LdrpInitializeDllPath, xrefs: 018C80AD
minkernel\ntdll\ldrapi.c, xrefs: 018C8086, 018C83BC
minkernel\ntdll\ldrutil.c, xrefs: 018C80B7
DLL search path passed in externally: %ws, xrefs: 018C80A6
LdrpFindLoadedDllInternal, xrefs: 018C82D7

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
API String ID: 0-3197712848
Opcode ID: d7646517875ca43d0eca6c49ea171ab459f4db7872ca13ba1724194953a2ecfc
Instruction ID: 00a85b40fcac9d9e98729381220ec14c47ab95ba3d4142dff3b60f288317238a
Opcode Fuzzy Hash: d7646517875ca43d0eca6c49ea171ab459f4db7872ca13ba1724194953a2ecfc
Instruction Fuzzy Hash: EA12E2716083468BD325DF28C880BAEB7E5BF85B18F08091DF985DB291E734DB44CB92

Function 0185D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON

Download Yara Rule

Strings

Control Panel\Desktop, xrefs: 0185D45D
@, xrefs: 0185D663
@, xrefs: 0185D49D
PreferredUILanguages, xrefs: 0185D4B8, 0185D4C5
@, xrefs: 0185D3E9
PreferredUILanguagesPending, xrefs: 018BA8DE
MachinePreferredUILanguages, xrefs: 0185D685
Control Panel\Desktop\MuiCached, xrefs: 0185D62B
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0185D3B6

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
API String ID: 0-3532704233
Opcode ID: a92eff4ce1932158cbc3f4af74fd84a1112353fb66284784fedee08d135c6802
Instruction ID: f201b0101a7d41e2a45c8cb74156cedde5c832e90ffd1845656dd1f22b2d11ce
Opcode Fuzzy Hash: a92eff4ce1932158cbc3f4af74fd84a1112353fb66284784fedee08d135c6802
Instruction Fuzzy Hash: CFB1AE725083069FD765DFA8C480A6BBBE8FB84758F014A2EFD89D7310D730DA458B92

Function 01910CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 01910E61, 01910EC2, 01910FD5, 0191105E, 01911124, 01911178
HEAP[%wZ]: , xrefs: 01910E54, 01910EB5, 01910FC8, 01911051, 01911117, 0191116B
Tag %04x (%ws) size incorrect (%Ix != %Ix) %p, xrefs: 01911192
Pseudo Tag %04x size incorrect (%Ix != %Ix) %p, xrefs: 0191113D
Number of free blocks in arena (%ld) does not match number in the free lists (%ld), xrefs: 01910FE4
Total size of free blocks in arena (%Id) does not match number total in heap header (%Id), xrefs: 0191106F
dedicated (%04Ix) free list element %p is marked busy, xrefs: 01910ED1
Non-Dedicated free list element %p is out of order, xrefs: 01910E6D

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
API String ID: 0-1357697941
Opcode ID: ad71f1e96ab55830a09c2c83d635345f006b941d4d5d60b46370016083ad998f
Instruction ID: bed889aead46c4ca54d03dfd0d31f84d47ef27d2c22fc2577385d62588731d42
Opcode Fuzzy Hash: ad71f1e96ab55830a09c2c83d635345f006b941d4d5d60b46370016083ad998f
Instruction Fuzzy Hash: 90F10531A0064AEFDB25CF68C081BAABBF9FF05704F088459F989DB245D735AAC5CB51

Function 01910274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 019104D3
Just reallocated block at %p to %Ix bytes, xrefs: 019105F1
HEAP: , xrefs: 019103A6, 019104B5, 019105DD, 01910682, 019106D9
HEAP[%wZ]: , xrefs: 01910399, 019104A8, 019105D0, 01910675, 019106CC
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 019106EA
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 0191069F
About to reallocate block at %p to %Ix bytes, xrefs: 019103BA
RtlReAllocateHeap, xrefs: 019102BF, 01910362

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: ad575231fad2d3ad13a2eb6304901087ddc875b52ae4b2d32f640854e15854c5
Instruction ID: 533b334302240e05703be164d7095098120d59572ad315e9f7b4b75d0b4f7511
Opcode Fuzzy Hash: ad575231fad2d3ad13a2eb6304901087ddc875b52ae4b2d32f640854e15854c5
Instruction Fuzzy Hash: F4D1F031604689DFDB22DF68C440AADBBF6FF5A700F0C8449F8499B256E7369AC1CB51

Function 018E89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

VerifierDlls, xrefs: 018E8CBD
VerifierDebug, xrefs: 018E8CA5
HandleTraces, xrefs: 018E8C8F
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 018E8A67
VerifierFlags, xrefs: 018E8C50
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 018E8A3D
AVRF: -*- final list of providers -*- , xrefs: 018E8B8F

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: 76601a613e7cde53634ed72bf88f50c6417f24b5b3b8eb279ef0ca6b235e60f0
Instruction ID: ee931efdce7b7ac5ad2420b2523b192aea69bb29f66e77a40c7d2cdbeca4131f
Opcode Fuzzy Hash: 76601a613e7cde53634ed72bf88f50c6417f24b5b3b8eb279ef0ca6b235e60f0
Instruction Fuzzy Hash: 1B912571649706EFEB21DF2C8888B1E77E4AB97754F060418FA45EB242D770AF00C792

Function 0186EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON

Download Yara Rule

Strings

LdrpResSearchResourceInsideDirectory Exit, xrefs: 0186EB6C
, xrefs: 0186F299
R, xrefs: 0186EB62
LdrpResSearchResourceInsideDirectory Enter, xrefs: 0186EB58
T, xrefs: 0186EB4E
{, xrefs: 018C4643

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
API String ID: 0-1109411897
Opcode ID: 6051ead1c4854303be9461607b9e285e0d3ec967a26276374a4135afbc115e64
Instruction ID: 3b77b655f59ee3ab4fca7237410eb2801f1d85fba1adf029ffd5f3f37fea4cf2
Opcode Fuzzy Hash: 6051ead1c4854303be9461607b9e285e0d3ec967a26276374a4135afbc115e64
Instruction Fuzzy Hash: 56A22774A0562ACBDB65CF18CCA8BA9BBB5AF45704F2442E9D909E7251DB309FC5CF00

Function 0185F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON

Download Yara Rule

Strings

(UCRBlock != NULL), xrefs: 018BDF6F
((LONG)FreeEntry->Size > 1), xrefs: 018BE0B3
(!TrailingUCR), xrefs: 018BE3A9
HEAP: , xrefs: 018BDF64, 018BE0A8, 018BE286, 018BE39E
HEAP[%wZ]: , xrefs: 018BDF57, 018BE09B, 018BE279, 018BE391
(LONG)FreeEntry->Size > 1, xrefs: 018BE291

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: 2c4ea0d0621eaefa4a8346faee8932a6d537247e08607f12be391bfe06470c46
Instruction ID: 27c4098e729b99a7b697c4a67d3474799c33e0119292e0846f7b6252c784c4d3
Opcode Fuzzy Hash: 2c4ea0d0621eaefa4a8346faee8932a6d537247e08607f12be391bfe06470c46
Instruction Fuzzy Hash: DB4200712087869FD755CF28C884AAABBE5FF88308F18496DF985CB342D734DA45CB52

Function 0186ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON

Download Yara Rule

Strings

J, xrefs: 0186AEAE
MUI, xrefs: 0186B410
LdrpResSearchResourceMappedFile Exit, xrefs: 0186AECC
H, xrefs: 0186AEC2
LdrpResSearchResourceMappedFile Enter, xrefs: 0186AEB8
#, xrefs: 018C363D

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
API String ID: 0-4098886588
Opcode ID: 6e259558015f6698de2b6e8856b0fd17a64759513cdae1fecf036b1e4000a1d5
Instruction ID: ddf3799a8502bbb73f63b3d6e43dd4debed787ad771286dbebe2241736bf5999
Opcode Fuzzy Hash: 6e259558015f6698de2b6e8856b0fd17a64759513cdae1fecf036b1e4000a1d5
Instruction Fuzzy Hash: E532B071A00269DBDB22CF18C894BEEBBB9BF45748F1440EAE949E7251D7319F818F41

Function 0187B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

LdrpPreprocessDllName, xrefs: 018C8403, 018C84D7
minkernel\ntdll\ldrutil.c, xrefs: 018C840D, 018C84E1
LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx, xrefs: 018C84D0
API set, xrefs: 018C83F4, 018C83F9
DLL %wZ was redirected to %wZ by %s, xrefs: 018C83FC
SxS, xrefs: 018C83ED

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
API String ID: 0-122214566
Opcode ID: c66fb683b283ba946a52ebfa3b66300f346f12f608971ea48d24ca60e11fe089
Instruction ID: 245c44f6810c69b54d24edcb7789dc8764ab38e2766636ed0276189ba4b2aee1
Opcode Fuzzy Hash: c66fb683b283ba946a52ebfa3b66300f346f12f608971ea48d24ca60e11fe089
Instruction Fuzzy Hash: BEC13A71A0021A9BDB259B6CC8C0B7EBBA6BF45714F18406DED06EB291D774DF84C391

Function 018963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 018D41FE
Process initialization failed with status 0x%08lx, xrefs: 018D413A
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 018D40D8
_LdrpInitialize, xrefs: 018D40DF, 018D4141, 018D4205, 018D425F
Delaying execution failed with status 0x%08lx, xrefs: 018D4258
minkernel\ntdll\ldrinit.c, xrefs: 018D40E9, 018D414B, 018D420F, 018D4269

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: d756b681a7f33be34b1b3c330868ec246ef73ffd94a469916c78ba18994056ec
Instruction ID: 41c0861ccc94c573cb86d7c254de2fe22543797d83534b352b470ffc372c66b2
Opcode Fuzzy Hash: d756b681a7f33be34b1b3c330868ec246ef73ffd94a469916c78ba18994056ec
Instruction Fuzzy Hash: 38912B71B043199BEF35DF6CD885BAE7BA1BB41B24F180129E904FB681EB749B01C791

Function 0185645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

Getting the shim engine exports failed with status 0x%08lx, xrefs: 018B9A01
apphelp.dll, xrefs: 01856496
LdrpInitShimEngine, xrefs: 018B99F4, 018B9A07, 018B9A30
minkernel\ntdll\ldrinit.c, xrefs: 018B9A11, 018B9A3A
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 018B9A2A
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 018B99ED

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: c94a6a79b5f8114c81daa61d7420ee971df3dd3228fe9a9cf8592dcef6e5a529
Instruction ID: 287c8f2f22a3f545ed81a6aeeac0980b08dac1002d9c995cf74d87a7272890d2
Opcode Fuzzy Hash: c94a6a79b5f8114c81daa61d7420ee971df3dd3228fe9a9cf8592dcef6e5a529
Instruction Fuzzy Hash: 755191716483099FE721DF28D881AAB7BE5FB84748F54051DFA85E7251EA30EB04CB93

Function 0189C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

Loading import redirection DLL: '%wZ', xrefs: 018D8170
Unable to build import redirection Table, Status = 0x%x, xrefs: 018D81E5
minkernel\ntdll\ldrredirect.c, xrefs: 018D8181, 018D81F5
minkernel\ntdll\ldrinit.c, xrefs: 0189C6C3
LdrpInitializeImportRedirection, xrefs: 018D8177, 018D81EB
LdrpInitializeProcess, xrefs: 0189C6C4

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: 95f2639297372f960550dd599a6b4338b89b8d8a2f3a8b843847763d59e60a48
Instruction ID: 4f77e2368e067d7f92b66dc055dcedb9b673340a67ae21fadabf3e49ae932ae2
Opcode Fuzzy Hash: 95f2639297372f960550dd599a6b4338b89b8d8a2f3a8b843847763d59e60a48
Instruction Fuzzy Hash: 8131F3716483069BD310EE2CDC86E1AB7D5AF95B10F05051CF944EB291EA20EF04C7E3

Function 01892674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

RtlGetAssemblyStorageRoot, xrefs: 018D2160, 018D219A, 018D21BA
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 018D2178
SXS: %s() passed the empty activation context, xrefs: 018D2165
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 018D2180
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 018D219F
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018D21BF

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: 1ae2352ee5add0c1b0ca5a221150b34a23adc6c951d492b48b81d1e9dd8f9ac0
Instruction ID: f5d84654d52a1e7b741023faf3e5beddb9e73318508f0568a453047eabc59aed
Opcode Fuzzy Hash: 1ae2352ee5add0c1b0ca5a221150b34a23adc6c951d492b48b81d1e9dd8f9ac0
Instruction Fuzzy Hash: 6C31E936B4031977FF219AA98C85F5F7B6ADB95B54F098059BB04FB240D770AB00C7A1

Function 01879950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON

Download Yara Rule

Strings

Status != STATUS_SXS_SECTION_NOT_FOUND, xrefs: 018C76A3
, xrefs: 018799F1
, xrefs: 018799F9
minkernel\ntdll\sxsisol.cpp, xrefs: 018C76AD
Internal error check failed, xrefs: 018C76B2

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
API String ID: 0-3393094623
Opcode ID: 6fbc5adcb854e2db98f32103ac87a76933b0cfe7755f4e70b9adc98142af5614
Instruction ID: 89027ab52f22c1de9da7d7d87f255ff4ebbee8a702aef0e03775f04c3689cf48
Opcode Fuzzy Hash: 6fbc5adcb854e2db98f32103ac87a76933b0cfe7755f4e70b9adc98142af5614
Instruction Fuzzy Hash: 34025A71908355CFD721CF28C080B6BBBE5BF89B68F44891EE999C7251E770DA44CB92

Function 018A096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 018A2DF0: LdrInitializeThunk.NTDLL ref: 018A2DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018A0BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018A0BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018A0D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018A0D74

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: b4bbf9563f151a46bb699ded3a1205c3df06fe0cfab3d83c5f76857a73a001e9
Instruction ID: 6b0b78d63afdb27dd50dcafecca5c02206bcb7988fdb7cc014a6ac79de9a1f41
Opcode Fuzzy Hash: b4bbf9563f151a46bb699ded3a1205c3df06fe0cfab3d83c5f76857a73a001e9
Instruction Fuzzy Hash: 3D426D71900715DFEB21CF28C880BAAB7F5FF44314F5485A9E989EB241E770AA85CF61

Function 018E4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON

Download Yara Rule

Strings

\microsoft.system.package.metadata\Application, xrefs: 018E5158
.DLL, xrefs: 018E50C7, 018E519C
.Local, xrefs: 018E5170
\, xrefs: 018E4F66
/, xrefs: 018E4F6D

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
API String ID: 0-2518169356
Opcode ID: 922771d570d7a11cb13f8080f522373e73de3ca75aae5eeeea3320f6dd215236
Instruction ID: d4c6560fd5dce9fca79b6bff5e6fccdbb0359257efa8f1fcfd2192cd1ab1f88b
Opcode Fuzzy Hash: 922771d570d7a11cb13f8080f522373e73de3ca75aae5eeeea3320f6dd215236
Instruction Fuzzy Hash: 9891DF76D00A1A8BCB21CF5CC884AAEBBF0FF4A714F594169E914E7350D735DA01CB91

Function 018770C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01877C96, 01878696
HEAP: , xrefs: 01877C7C, 0187867F
HEAP[%wZ]: , xrefs: 01877C6D, 01878670

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 56c2d7a1294801a7258b9838d2be89d17b9050966e3994979c018398f81c6839
Instruction ID: 8b29eb09cd655af50c49d8d550dd113d2001d2f377f02e7af63eb21121d878de
Opcode Fuzzy Hash: 56c2d7a1294801a7258b9838d2be89d17b9050966e3994979c018398f81c6839
Instruction Fuzzy Hash: BD139D70A0065ACFEB25CF68C4887A9BBF1BF49304F1481A9D959EB385D734EA45CF90

Function 0187A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON

Download Yara Rule

Strings

SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 018C7D56
SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 018C7D39
SsHd, xrefs: 0187A885
RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 018C7D03

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
API String ID: 0-2905229100
Opcode ID: 3db5b98f0290c503faf6d49071f88e7f149403e7d5fb6fc700b9aeac0cf637cb
Instruction ID: 9362c9250c5c7c82f4441860e9d5ea123b006ab003dbea376a5ccadfc549c33d
Opcode Fuzzy Hash: 3db5b98f0290c503faf6d49071f88e7f149403e7d5fb6fc700b9aeac0cf637cb
Instruction Fuzzy Hash: D7D1A236A00219DBDB29CF98C8C07ADBBB1FF48714F19406AE915EB345E331DA91CB91

Function 01873D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01874393, 018745CB, 0187486D
HEAP: , xrefs: 0187437C, 018745B4, 01874853
HEAP[%wZ]: , xrefs: 0187436D, 018745A5, 01874844

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 2453af9563a58e23b1502f54ec66c3b824bddb37659331312353f2a689d3e35f
Instruction ID: 9540b5989662ab118a21f84d35180eaba7b40577c63589ef147fea44d381778d
Opcode Fuzzy Hash: 2453af9563a58e23b1502f54ec66c3b824bddb37659331312353f2a689d3e35f
Instruction Fuzzy Hash: 4BE2AF70A00219CFDB25CF68C490BA9BBF1FF49304F188199E959EB396D734EA45CB91

Function 0186A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

LdrResFallbackLangList Enter, xrefs: 0186A3EF
6, xrefs: 0186A3F7
8, xrefs: 0186A3E7
LdrResFallbackLangList Exit, xrefs: 0186A3FF

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: 3416ed2c4116927bee20d7794e52a9d6a718de0424d2ba363877832cc8a475e7
Instruction ID: 2b7091cde47a09a3321cf48bfd94486aa241375fbe0b3dd420a76a066bfb385f
Opcode Fuzzy Hash: 3416ed2c4116927bee20d7794e52a9d6a718de0424d2ba363877832cc8a475e7
Instruction Fuzzy Hash: FAC179741083868FD719CF58C484B6AB7E8BF84708F04496EF996EB291E734DA49CB52

Function 01898402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

@, xrefs: 01898591
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0189855E
minkernel\ntdll\ldrinit.c, xrefs: 01898421
LdrpInitializeProcess, xrefs: 01898422

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: 2d55c51f477731903bc7315a07305f947a19b06376d6561cdd02b333e686282c
Instruction ID: 65ae609c2014e646fcff24115986dd690ea3e74ddbaaf7c7b56da426e154fd28
Opcode Fuzzy Hash: 2d55c51f477731903bc7315a07305f947a19b06376d6561cdd02b333e686282c
Instruction Fuzzy Hash: 87917C7150834AAFEB21DF65CC80EABBBE8BF85744F44492EFA84D2151E734DA058B53

Function 01870C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 018C54E0, 018C55A1
HEAP[%wZ]: , xrefs: 018C54D1, 018C5592
((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 018C54ED
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 018C55AE

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: 7228acefc9922e45624c5719ca3d405f9aa0b47d43279ffbe5bf872d5a38bde3
Instruction ID: b6843bbee17de7430bc0105b281ec49e3fe2136f73bee20384379b7f6215e9a8
Opcode Fuzzy Hash: 7228acefc9922e45624c5719ca3d405f9aa0b47d43279ffbe5bf872d5a38bde3
Instruction Fuzzy Hash: BFA1CF7060470A9BDB25CF28C480BBABBE1EF56704F14856DF89ACB782D734EA45C791

Function 0189273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018D21D9, 018D22B1
SXS: %s() passed the empty activation context, xrefs: 018D21DE
.Local, xrefs: 018928D8
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018D22B6

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: 0b1a59213902272b0e6c6dd49c877dc75ec5cb9f0c7bfdbf735517502824d53b
Instruction ID: 7c3209e2e370c5f1dee1a9e53c20b7a5b99b0be9b6f45cebbbe38fd0da439afd
Opcode Fuzzy Hash: 0b1a59213902272b0e6c6dd49c877dc75ec5cb9f0c7bfdbf735517502824d53b
Instruction Fuzzy Hash: 1EA17D31941229ABDF25CF68DC84BA9B7B2BF58354F1941E9E908EB251D7309F80CF91

Function 01894AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 018D3456
SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 018D3437
RtlDeactivateActivationContext, xrefs: 018D3425, 018D3432, 018D3451
SXS: %s() called with invalid flags 0x%08lx, xrefs: 018D342A

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: 51e688fcc665fa2f943d3234434e3972d05bb30f8bf706709d850df25ad9ead0
Instruction ID: 9a44a6035b793eda918e7ba32bce5a2289810aa8caa68ab3cdb90b876b7bceed
Opcode Fuzzy Hash: 51e688fcc665fa2f943d3234434e3972d05bb30f8bf706709d850df25ad9ead0
Instruction Fuzzy Hash: 776127766007169FDB22CF1CC981B2AB7E5FF90B54F18851DE955DB240D738EA02CB92

Function 018664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 018C1028
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018C10AE
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 018C0FE5
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 018C106B

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: 875afd53b3f10578156a4619de93ad5c3ca4abe77fedd0c3de20e09cf242379a
Instruction ID: 37398d2e7dab51193477c2ef7c58a2d035e302222d6d9469be85b547cd64d1f1
Opcode Fuzzy Hash: 875afd53b3f10578156a4619de93ad5c3ca4abe77fedd0c3de20e09cf242379a
Instruction Fuzzy Hash: AD71E0B19043459FDB60DF18C889B9B7BACAF95764F500468F948CB246E334D688CBD2

Function 0188245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

LdrpDynamicShimModule, xrefs: 018CA998
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 018CA992
apphelp.dll, xrefs: 01882462
minkernel\ntdll\ldrinit.c, xrefs: 018CA9A2

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 99932f5a79938380c917e5fa2389aac0bf33a7fde4bbb4ba55f2c9232396670b
Instruction ID: 64c51a1e8c547694cf8b3e183172d8591cb9616e2f772992d0b3194d2d0ca7e3
Opcode Fuzzy Hash: 99932f5a79938380c917e5fa2389aac0bf33a7fde4bbb4ba55f2c9232396670b
Instruction Fuzzy Hash: DB314871A00309EBDB399F6DD885AAABBB5FB80B04F15001DF910F7245E7709B81CB91

Function 018729A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0187327D
HEAP: , xrefs: 01873264
HEAP[%wZ]: , xrefs: 01873255

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: 776104fdc08c48a96310a9a60ad2b523f07e4169bbbd781180c2344b6ba0f376
Instruction ID: 50ae7bb945c58f7710e6c835e65c565ec085008abbbe9dd6de76c1ab65a90a5d
Opcode Fuzzy Hash: 776104fdc08c48a96310a9a60ad2b523f07e4169bbbd781180c2344b6ba0f376
Instruction Fuzzy Hash: 1192BB71A042499FDB25CF68C440BAEBBF2FF48304F188459E899EB392D735EA41DB51

Function 018F02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON

Download Yara Rule

Strings

MitigationOptions, xrefs: 018F0326
"""", xrefs: 018F04D0
MitigationAuditOptions, xrefs: 018F032D

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: """"$MitigationAuditOptions$MitigationOptions
API String ID: 0-1670051934
Opcode ID: 7b9f5209a8bf945e91346040b8d7513bbe551ef842fe98fe3d40002fccbf83ca
Instruction ID: 8c8f1d04336f0e7d54eaa1a6c91aec8c5cfb5229d9a6ff3507beb9575c9086b2
Opcode Fuzzy Hash: 7b9f5209a8bf945e91346040b8d7513bbe551ef842fe98fe3d40002fccbf83ca
Instruction Fuzzy Hash: 57226CB2A147068FD724CF2DC991626BBE2BBC4314F24892EF2DAC7652D771E6448B41

Function 01870770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 018C50BD
HEAP[%wZ]: , xrefs: 018C50AE
(UCRBlock->Size >= *Size), xrefs: 018C50CA

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: e38f0daac9e371749b83131e97aa2eb77932a8b4621359413593ab1bae211e9e
Instruction ID: fd188490260946f0a4daed8a4615810270ea78a46061a903f0a3890d619216e6
Opcode Fuzzy Hash: e38f0daac9e371749b83131e97aa2eb77932a8b4621359413593ab1bae211e9e
Instruction Fuzzy Hash: D4F18B7070060ADFEB25CF68C884B6AB7F6FB85704F148169E456DB392D734EA81CB91

Function 01861460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01861728
HEAP: , xrefs: 01861596
HEAP[%wZ]: , xrefs: 01861712

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 372a59da5af578da40b6577755832753fbe91e14f8a39ee23d41bbee074506f2
Instruction ID: 46cc2731e9913acbfde3f57c0fb1da4d170f90001550460a8a363796479d619c
Opcode Fuzzy Hash: 372a59da5af578da40b6577755832753fbe91e14f8a39ee23d41bbee074506f2
Instruction Fuzzy Hash: 42E1D130A046459FDB25CF6CC499BBABBFAAF85304F18845DE996CB246D734EA40CB50

Function 01886962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

, xrefs: 018CCA51
@, xrefs: 01886C24

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: $@
API String ID: 0-1077428164
Opcode ID: 49ae7d027245362413e5e9e7417c24200376c6049c80ec181a7f369c2e1eb5c2
Instruction ID: 7f3b5dac36b5e231d4dff25daa0d2ee96ab7043ae4ba32f9505722fa095e4ae0
Opcode Fuzzy Hash: 49ae7d027245362413e5e9e7417c24200376c6049c80ec181a7f369c2e1eb5c2
Instruction Fuzzy Hash: 04C290716083459FE725DF28C880BABBBE5BF88714F14892DF989C7241E734DA45CB52

Function 0185A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

\??\, xrefs: 018BC1E4
UseFilter, xrefs: 0185A1C1
FilterFullPath, xrefs: 018BC2E6

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: fa6cb2ec7355c32bfeab7e9ca15526d826a059eb5f360784ec614c820572f097
Instruction ID: eb66fd8c933f8b176927a0b60deae46aa8dbecd24a990c91f070d89691d54acb
Opcode Fuzzy Hash: fa6cb2ec7355c32bfeab7e9ca15526d826a059eb5f360784ec614c820572f097
Instruction Fuzzy Hash: 15A147719116299BDB319B68CCC8BEAB7B8EF48700F1001EAEA09E7251D7359F85CF51

Function 01880BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

LdrpCheckModule, xrefs: 018CA117
Failed to allocated memory for shimmed module list, xrefs: 018CA10F
minkernel\ntdll\ldrinit.c, xrefs: 018CA121

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: 2a8e45c9c97d1966827f2e29703cbe8616c2a821c240d88e599dde10698db3cc
Instruction ID: e3a269290a43275b8ac0e931b9e8ded7ed22e6ad5831f5ac48572400218f7616
Opcode Fuzzy Hash: 2a8e45c9c97d1966827f2e29703cbe8616c2a821c240d88e599dde10698db3cc
Instruction Fuzzy Hash: D3719D71A00309DFDB29EF6CC981AAEB7B5FB84704F14406DE902E7251E734AB85CB51

Function 01870A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON

Download Yara Rule

Strings

((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 018C534D
HEAP: , xrefs: 018C5342
HEAP[%wZ]: , xrefs: 018C5335

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: e87ebb10ced53f348d71558414460e805d0b7dd26e314a6dbb2295fd0c10743a
Instruction ID: 8788a36e381b2294a5a1a39de484ed63e26acd706bde1029e7a051e42d0ccd33
Opcode Fuzzy Hash: e87ebb10ced53f348d71558414460e805d0b7dd26e314a6dbb2295fd0c10743a
Instruction Fuzzy Hash: 9D618F716043059FDB29DF28C480B6ABBE1FF46708F14855DE899CB296D770EA81CB91

Function 0190DAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON

Download Yara Rule

Strings

Heap block at %p modified at %p past requested size of %Ix, xrefs: 0190DC32
HEAP: , xrefs: 0190DC1F
HEAP[%wZ]: , xrefs: 0190DC12

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
API String ID: 0-3815128232
Opcode ID: 0fb2085a6774a05a0222bd34b10059c6ad2ae1e3b6b24e1dc4c052d9eedf0b8b
Instruction ID: c62309e57da9901cb4177318c60509f2dc8bd33378991aed7a6487802d9d491d
Opcode Fuzzy Hash: 0fb2085a6774a05a0222bd34b10059c6ad2ae1e3b6b24e1dc4c052d9eedf0b8b
Instruction Fuzzy Hash: 81512335104A108EE376CAEEC884B727BE6EF46746F044C5AE4CACB2C5E275D847DB61

Function 0189C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

Failed to reallocate the system dirs string !, xrefs: 018D82D7
LdrpInitializePerUserWindowsDirectory, xrefs: 018D82DE
minkernel\ntdll\ldrinit.c, xrefs: 018D82E8

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-1783798831
Opcode ID: f45a6b2167ad59f6e6a20e280519e2391756e29a351ddc5ba60ec0495f4dc5ea
Instruction ID: a6968354c9c0551332414a61cb3eeb6037d68790f00a373b3f9590ae20f644c4
Opcode Fuzzy Hash: f45a6b2167ad59f6e6a20e280519e2391756e29a351ddc5ba60ec0495f4dc5ea
Instruction Fuzzy Hash: B941E271509305ABDB21EB6CD884B5F77E8EF44764F04492AF948E7254EB70DA008BA2

Function 0191C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

@, xrefs: 0191C1F1
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0191C1C5
PreferredUILanguages, xrefs: 0191C212

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: 8937a6c21c69054b3f531788a5164d9cf8266ca1a8b2748ca4ccb39133031803
Instruction ID: 219b52ed2d69a19c8afe070115fb6e34b02bc69324f6a3ca60f167215a7acebf
Opcode Fuzzy Hash: 8937a6c21c69054b3f531788a5164d9cf8266ca1a8b2748ca4ccb39133031803
Instruction Fuzzy Hash: 3841747194020DEBDF11DAD8C841FEEB7BCAB14701F04456AEA09E7244D774DA858B51

Function 018F4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

LdrpResValidateFilePath Enter, xrefs: 018F4160
@, xrefs: 018F4225
LdrpResValidateFilePath Exit, xrefs: 018F4172

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: 9aa114e8e7a152adac99a1fcf103f456dafd6c92ab5d58c1cec7e7bfa0977ada
Instruction ID: 2b5112020badd169df7854c8a2132122d0f022d4f4931d880b0d5399fa268d23
Opcode Fuzzy Hash: 9aa114e8e7a152adac99a1fcf103f456dafd6c92ab5d58c1cec7e7bfa0977ada
Instruction Fuzzy Hash: 68410431A006588BEB25DBE8C844BAEBBB8FF55344F14046EDB01EB781DB348B41CB12

Function 018E4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

LdrpCheckRedirection, xrefs: 018E488F
Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 018E4888
minkernel\ntdll\ldrredirect.c, xrefs: 018E4899

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: e4c75774998b1dd1c21f69890f612d4ca5cd462e32bd74e4fdab65251a014dd2
Instruction ID: 9d2edeed81e258843b8abe8b31b1201ea1ddbc2a8dc096abcc38e362b1edb5b1
Opcode Fuzzy Hash: e4c75774998b1dd1c21f69890f612d4ca5cd462e32bd74e4fdab65251a014dd2
Instruction Fuzzy Hash: F441B032A043659BCB21CE6DD848A267BE5AF8B750F060559ED4DE7311D731DE00CBD1

Function 01870BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 018C5449
HEAP: , xrefs: 018C543E
HEAP[%wZ]: , xrefs: 018C5431

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 7ce069af0a7394bc2bf171e5ad89652a3a0c01645ecd71c43d91ec97bbec887e
Instruction ID: cfa4e748dce2e5db59cc3f988d50d48d1522091b87e0e62c1f259595ad520416
Opcode Fuzzy Hash: 7ce069af0a7394bc2bf171e5ad89652a3a0c01645ecd71c43d91ec97bbec887e
Instruction Fuzzy Hash: 4B11EE713181069FDB29CA18C480F3AF3A5EF82B1AF18816DF406CB252EB34EB41C791

Function 018E20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

Process initialization failed with status 0x%08lx, xrefs: 018E20F3
LdrpInitializationFailure, xrefs: 018E20FA
minkernel\ntdll\ldrinit.c, xrefs: 018E2104

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: 3f54418a73d4ba3489ba70eedb5cb7aef3996814f39e7ba6fd9a2da122aaf783
Instruction ID: 0b26bb4ee8b311a035c434272450d81cb8177351180f3544c05baf7020192db8
Opcode Fuzzy Hash: 3f54418a73d4ba3489ba70eedb5cb7aef3996814f39e7ba6fd9a2da122aaf783
Instruction Fuzzy Hash: 61F0A43564070C6BE724D64C9C46F993BA9EB41B54F540059F600FB285D6B4A7408B91

Function 018703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 018C4D8A

Strings

#%u, xrefs: 018C4D82

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: cc3ed2705b98fb5c794a313f2d5726e6c06b9a775d08f22f6a111d69dfc08d76
Instruction ID: e891bb7aa513c229ac11f48f27aa87c484ed365d8ff664ecaaecce38ae3cf0dc
Opcode Fuzzy Hash: cc3ed2705b98fb5c794a313f2d5726e6c06b9a775d08f22f6a111d69dfc08d76
Instruction Fuzzy Hash: 96710A71A0014A9FDB05DFA8C994BAEBBF8FF18704F154069E905E7251EB34EA41CB62

Function 018752A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON

Download Yara Rule

Strings

@, xrefs: 018755A3
@, xrefs: 01875445

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 1665a14d49df1231979e3bc819ca10ecec7ef487e7bd0283135e9733ab4275a6
Instruction ID: 120c08d698460c9ec88ea300cbb1017531a834bbfc69831ec9304e4117514571
Opcode Fuzzy Hash: 1665a14d49df1231979e3bc819ca10ecec7ef487e7bd0283135e9733ab4275a6
Instruction Fuzzy Hash: 47327C705083518BD724CF19C490B3EBBE1EF89B54F24492EFA95D72A0E734DA84DB92

Function 0186A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Enter, xrefs: 0186AA13
LdrResSearchResource Exit, xrefs: 0186AA25

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: 4ed48e7f7b93fc26a32335d3fe734f3c5966569b5450de1833b2bd0785f420b9
Instruction ID: 1908eeeaf9a558e54dd3b3f9d9271cd5b896fb96e5d32e28be80c547f0212a4b
Opcode Fuzzy Hash: 4ed48e7f7b93fc26a32335d3fe734f3c5966569b5450de1833b2bd0785f420b9
Instruction Fuzzy Hash: 4BE17C71A00219AFEB268E9DD980BAEBBBAFF44714F14442AE901F7291D734DB41CB51

Function 0192A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 0192A551
`, xrefs: 0192A44B

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: 9876168fb5a62e5ecbb02f385946be8bb19e4b47a325f3d6b7db5c0983fc5d94
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: 71C1E2322043529BE725CF28C840B2BBBE9BFD4719F084A2DF69ACB694D774D505CB42

Function 01860CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON

Download Yara Rule

Strings

Failed to retrieve service checksum., xrefs: 018BEE56
ResIdCount less than 2., xrefs: 018BEEC9

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
API String ID: 0-863616075
Opcode ID: b0d1d344118b210024cdb63c76abb09151d06809847bc09d51f6d26e281b7ae6
Instruction ID: f702941db6d61747b150b1b89db8287ba428296e52d402e91bda5357fb2751b9
Opcode Fuzzy Hash: b0d1d344118b210024cdb63c76abb09151d06809847bc09d51f6d26e281b7ae6
Instruction Fuzzy Hash: 82E1D3B19087449FE364CF19C480BABFBE4FB88314F408A2EE599DA351D7719A09CF56

Function 018DE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

Legacy, xrefs: 018DE75A
UEFI, xrefs: 018DE751

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 26816abe316882c86712819c2a07639249619b2ab42b019b7c55b1d5565da41f
Instruction ID: 3c37c044adf7dc54fec39d6a97fb08f1a3ed937eeca892b39908fb99f5ecf0b7
Opcode Fuzzy Hash: 26816abe316882c86712819c2a07639249619b2ab42b019b7c55b1d5565da41f
Instruction Fuzzy Hash: 8B616E71E007199FDB24DFA8C881BAEBBB9FB44704F54406DE649EB291DB31EA40CB50

Function 019043D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

MUI, xrefs: 01904525
@, xrefs: 01904437

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: 8759a80b33daf4d7d8eba318f22e74e0431a22726d6faac210603c3cf41d945e
Instruction ID: c88db7dbedebf7e124f4ee8fcff94165b5c40ce5b15edd6f0519fea8dc073fdf
Opcode Fuzzy Hash: 8759a80b33daf4d7d8eba318f22e74e0431a22726d6faac210603c3cf41d945e
Instruction Fuzzy Hash: D751F971E0021DAFEB11DFA9CC80AEEBBBDAB44754F100529E615F7290D631AA05CB61

Function 018604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

kLsE, xrefs: 01860540
TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0186063D

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: e47435d5ccacbc34068a67daf1e396d6785b91bd87fc8c5391018ad7e6713bdd
Instruction ID: a2eb22fc2258c512421b054d2119ddab49818795ec7a2c2f79e0cdf39616eb61
Opcode Fuzzy Hash: e47435d5ccacbc34068a67daf1e396d6785b91bd87fc8c5391018ad7e6713bdd
Instruction Fuzzy Hash: BF51D0715047468FD725EF68C4446A7BBE8AF84304F10483EFADAC7241E774DA45CB9A

Function 0186A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Enter, xrefs: 0186A2FB
RtlpResUltimateFallbackInfo Exit, xrefs: 0186A309

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 269f4d349f87d1813255ade377f0c835fd7a31de7a71719fac87b3326db88498
Instruction ID: ff4a1da4315093e61c8d7264f8355fbf41c63bd1e09a22e5732bb1d0f3e221d8
Opcode Fuzzy Hash: 269f4d349f87d1813255ade377f0c835fd7a31de7a71719fac87b3326db88498
Instruction Fuzzy Hash: 5341BE30A04649DBDB19CF5DC940B6ABBB9FF85704F1440A9EA00EB291E7B5DB40CB51

Function 0189A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Threadpool!, xrefs: 0189A5E9
Cleanup Group, xrefs: 0189A5E4

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: e9f41f25089bf183b88bd52fd197aa702d3f05f9b8752f0e24289eb1aa31536f
Instruction ID: 12fe8ee1d8e04a7128294c5c9d8fe80c962feb335101a51029c1228cdc79000b
Opcode Fuzzy Hash: e9f41f25089bf183b88bd52fd197aa702d3f05f9b8752f0e24289eb1aa31536f
Instruction Fuzzy Hash: ED0128B2244704AFD322DF14CD85F167BE8E784B16F098939B648C7590E374DA04CB86

Function 0186C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 0186C8C3, 0186CA40

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: 67867275d4b1806f6f904f7af4ec04b0e6603d0f6d74edf2b9a28eb41ba434e0
Instruction ID: 3d953884617f53df3f24e98fe1b7ba4b33a2af5a23a560b9407827139cc8ecb4
Opcode Fuzzy Hash: 67867275d4b1806f6f904f7af4ec04b0e6603d0f6d74edf2b9a28eb41ba434e0
Instruction Fuzzy Hash: 79826B75E002588FEB25CFA9C880BEDBBB9BF48314F148169D999EB351D730AE41CB50

Function 018B2F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON

Download Yara Rule

Strings

P`owRbow, xrefs: 018B300D, 018B33E4, 018B343B, 018B34FE, 018B352E

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: P`owRbow
API String ID: 0-263301770
Opcode ID: 95040b9556762a838670ab101be70b0cee4de8aa303c86f953d745996b145041
Instruction ID: 3e6d9510bc92d3a49316e3f8d36c9ffc9c7c36e4e0982b814a65465e878f5399
Opcode Fuzzy Hash: 95040b9556762a838670ab101be70b0cee4de8aa303c86f953d745996b145041
Instruction Fuzzy Hash: AC42D075D0425AAAEF29CBACD8C46FDBBB1BF05314F14802AED51EB391D6349B81CB50

Function 0190CD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON

Download Yara Rule

Strings

@, xrefs: 0190CDAC

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
Instruction ID: 1d02143fb8f9035d988356603adcc1ba5fe160ff4b641c9ea4214f1f21b192f5
Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
Instruction Fuzzy Hash: BB622770D012188FCB98DF9AD4D4AADB7B2FF8C311F608199E9816BB45C7356A16CF60

Function 01882E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

0, xrefs: 01883240

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: a4b153033b048f505296d3c9d02af705f3fd75a97caffb2f5181fe73270c74ed
Instruction ID: 13f9b7a9a5bcee1da486b39f446bb6e54fcbf145e063ac908370579bc9a22434
Opcode Fuzzy Hash: a4b153033b048f505296d3c9d02af705f3fd75a97caffb2f5181fe73270c74ed
Instruction Fuzzy Hash: 12F19F75608746CFDB26EF28C480A6ABBE1BF88B14F04486DFD89D7241DB34DA45CB52

Function 01862FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

PATH, xrefs: 018630D6, 01863124

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: PATH
API String ID: 0-1036084923
Opcode ID: bb552031322023245d1cb372f7a4d4724c549c145de30961cc78ab7f78218c4b
Instruction ID: 368fd0a615addf1b3e4948db8bd07e316449bf1d582c1291001edc48e038381a
Opcode Fuzzy Hash: bb552031322023245d1cb372f7a4d4724c549c145de30961cc78ab7f78218c4b
Instruction Fuzzy Hash: DBF1BE71D00219DBDB25CF9CE881ABEBBB9FF48710F444029E909EB344D7359A41CBA1

Function 018EEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 018EF05B

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: __aullrem
String ID:
API String ID: 3758378126-0
Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
Instruction ID: 3560dcd7f8d03f58e45545d112414e64f210cd8a912cdd809bf599e30077a9d9
Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
Instruction Fuzzy Hash: 1B418D71F001199BDF18DEBCC8805AEFBF2FF89324B198279D615E7284E635AA508780

Function 01911AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON

Download Yara Rule

Strings

., xrefs: 01911C01

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: d9bb871e2f933976f61fe7e78996906a5ff43cb5afda483b02fab5e8c7b3bed5
Instruction ID: 181815ba60e4d1420fbdd21c67b6eae5e0f0e12277379457fb5798d2e3cca0bc
Opcode Fuzzy Hash: d9bb871e2f933976f61fe7e78996906a5ff43cb5afda483b02fab5e8c7b3bed5
Instruction Fuzzy Hash: 03E1B074D0026DABDF21DFA9C4406BDBBF5FF44700F94412AEA49AB299D774AC82CB50

Function 01860100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

, xrefs: 01860255

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 3901091033572a1deacb1c7c937d0923e0b3e68cbbf34145610b2ff18a83b0b2
Instruction ID: 65abd82a359960836a83486b354af322064b3f23a15ff127be4c1f3e23af4c47
Opcode Fuzzy Hash: 3901091033572a1deacb1c7c937d0923e0b3e68cbbf34145610b2ff18a83b0b2
Instruction Fuzzy Hash: D8A14F31A0425D6FDF3ACA288981BFE6BAD9F55318F044099FE46EB381D6708F44CB59

Function 01914420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON

Download Yara Rule

Strings

, xrefs: 01914606

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8e4b54e1948b1c98c51f4b252d408a81c32e14f91bafed1685857d17f947c8bf
Instruction ID: dbe364fecfd924d1fa6e1294830d2e19e3b053c70992d4693594a23ab641a19b
Opcode Fuzzy Hash: 8e4b54e1948b1c98c51f4b252d408a81c32e14f91bafed1685857d17f947c8bf
Instruction Fuzzy Hash: D3A10B3160036D66DF35CA2CCC44BFD6BA89F5E769F044898AE4E9B289D774CAD0CB50

Function 018E6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 018E65C1

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 9d13db7a34bc0ec5353257f380f948b0f86d7c9d7bb955280467f0bcb9b22c35
Instruction ID: 101a4d1b177f445791c259b3658b753fab20d2f4f412e68af36cf2c83d5cb898
Opcode Fuzzy Hash: 9d13db7a34bc0ec5353257f380f948b0f86d7c9d7bb955280467f0bcb9b22c35
Instruction Fuzzy Hash: C0915371A40219AFEB21EB99CD85FAE7BB9EF15B50F200065F600EB191E774EA00CB51

Function 0190E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 0190E1FA

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 699f5f65a7a30301c98156b3062281a59f3bceb715b63f768fd1351ef02e5126
Instruction ID: 68f96d2650ccd0f65e370b216dcc6a1a9e43d6054a4e0d1260a4dee32b6184a4
Opcode Fuzzy Hash: 699f5f65a7a30301c98156b3062281a59f3bceb715b63f768fd1351ef02e5126
Instruction Fuzzy Hash: EE918172901609BFDB23EBA9DC44FAFBB79EF85740F140819F509A7290E7749A01CB52

Function 0189A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 018D67C9

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: 39efddbf4ae73ed36641765d23b635e111de051b63f65dce85b4dc2014b97ebb
Instruction ID: e2e8621b078ff9ad5ef5a18494259a0d6efd294f167238c74aa941259960a9d7
Opcode Fuzzy Hash: 39efddbf4ae73ed36641765d23b635e111de051b63f65dce85b4dc2014b97ebb
Instruction Fuzzy Hash: 487149B5E0030E9BDF29DF9CD5916ADBBB1BF88714F24812AE905E7241E7309A41CB60

Function 01904978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 01904A7F

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: 5e5c1c30d89f191ad2ba4b03a6d309951d92261358c4fd4f3e44ede2e7f6fb46
Instruction ID: db715e7b658f81864ae2186d47ed8db7c37c6f420e0d4dac2c90785a56668dbb
Opcode Fuzzy Hash: 5e5c1c30d89f191ad2ba4b03a6d309951d92261358c4fd4f3e44ede2e7f6fb46
Instruction Fuzzy Hash: 0C518472D0062A9FDF12DF99D840AAEBBB8AF08B10F054129EB15F7290D7749901CBE4

Function 0187E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 0187E6A4

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: 7807f1050c3733bf4a05e7171a404b809979c25f427a5af00fd3f38d25140e71
Instruction ID: b178b83c1e134fe9c4b14a2e1d99ddca11d8d6baffae07a02da90ef336076b88
Opcode Fuzzy Hash: 7807f1050c3733bf4a05e7171a404b809979c25f427a5af00fd3f38d25140e71
Instruction Fuzzy Hash: C24191725083429BD711DA79C980B6BB7E8EF88B58F44496DFA84D7140E774DB04C793

Function 018DC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 018DC77F

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: bf2c5be1b0232fc8aa265928051381a1f5462dfa61bcb655f5c1a4b273523177
Instruction ID: 02b9e4d8a7543f4290ca23da9ca2478ee5b5e2ed54a7d4e92dda62c046c68c4e
Opcode Fuzzy Hash: bf2c5be1b0232fc8aa265928051381a1f5462dfa61bcb655f5c1a4b273523177
Instruction Fuzzy Hash: 3C4131B1D0022DABDB219A64CC85FDEB77CAB45714F0045A9EB08EB141DB709F89CFA5

Function 018F6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 018F6B91

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: ff20ade139b0485853ea31132dec1d00d9d607a12d49b87d607d4e335e4bc675
Instruction ID: df9353802f941a9941f3d04471487477ca819d87de587feec5e9c61107316711
Opcode Fuzzy Hash: ff20ade139b0485853ea31132dec1d00d9d607a12d49b87d607d4e335e4bc675
Instruction Fuzzy Hash: 43312A31A007099BEB22DB6DC850BAE7BB8DF15704F64412CEA81EB282E775DE05CB50

Function 018DCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 018DCAA2

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 4bc75477911ca0ffa2e880fda44d85cf226a711069af5c19de6adb9248bda811
Instruction ID: fb383a148a3904d5206050df1b67ced48e49bc2fe9a6719b969c5767bb9e9a75
Opcode Fuzzy Hash: 4bc75477911ca0ffa2e880fda44d85cf226a711069af5c19de6adb9248bda811
Instruction Fuzzy Hash: D031E17690061AAFEB16DA5DC845E6FBB74EB80724F01412DE905E7251D730EF04EBE1

Function 018E892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 018E895E

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: 386c40cda5d04078dae73627ae14c394f046b76a6c8f32a90e5cc02ef2237fbd
Instruction ID: 0989e477d0500081fd283431be345f0db26a769b4ab4512b6b7c6c75607b77dd
Opcode Fuzzy Hash: 386c40cda5d04078dae73627ae14c394f046b76a6c8f32a90e5cc02ef2237fbd
Instruction Fuzzy Hash: 6C01F732A043059BF731BA59988CA5E7FE5EF93394B05001CF641A7152CB60AE41C793

Function 0189E8F0 Relevance: 1.0, Instructions: 985COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b67e837a862f0565c614a6d2ba36de7f61b2e43ddf466a923b245827eee13a06
Instruction ID: efc8caccd7e3495b3dc3ee457bf332b782d37a8123a2dce106362183c6292e9e
Opcode Fuzzy Hash: b67e837a862f0565c614a6d2ba36de7f61b2e43ddf466a923b245827eee13a06
Instruction Fuzzy Hash: 3C823472F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45

Function 018A516C Relevance: .8, Instructions: 785COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f247c7e8f68cb733d792e81141ae0504c9cbbe828bc74d168d790d4d457fe34a
Instruction ID: 6cb34eacce987f55dfb021e2c8a9d9f40e64fee743e0d1fe0b187db713c92ac3
Opcode Fuzzy Hash: f247c7e8f68cb733d792e81141ae0504c9cbbe828bc74d168d790d4d457fe34a
Instruction Fuzzy Hash: 9362B37290464AAFEF25CF08D4905AEFB72FE51314B89C55CC99AA7605D330BB85CBD0

Function 01902000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c70d683937f56a20afa5e5c2676956cd7a5af2ee70324df5d30cbeb99277e58
Instruction ID: 6524af82cff49c64bff7b52b0add9c6e61bc35977e7c1825d55b61a482fa2c33
Opcode Fuzzy Hash: 1c70d683937f56a20afa5e5c2676956cd7a5af2ee70324df5d30cbeb99277e58
Instruction Fuzzy Hash: 8642E6356083419FE726CF68C894A6BBBE9BF84700F18092DFA8AD7290D771D945CB53

Function 018B739A Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3da1c9b6d027a5e4035c395ed36460d764570e2e5df608074f7bc36f5f6ed20a
Instruction ID: 241d98f9a7c12da64c2ab35ea31ba2c7eb413dfba4ea5873554fcc447cb3f91e
Opcode Fuzzy Hash: 3da1c9b6d027a5e4035c395ed36460d764570e2e5df608074f7bc36f5f6ed20a
Instruction Fuzzy Hash: 46428D71A007168FDB19CF5DC490AAEBBB2FFC9314B148569D956EB380D734EA42CB90

Function 018B5AA0 Relevance: .7, Instructions: 652COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684

Function 0188B2C0 Relevance: .6, Instructions: 629COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da086e16ec7a1f3f5618fe6fdf266b3cdb92401024176fb3c93d2cb49ec6f91a
Instruction ID: f121b733b4d4fa96c8357368205c9f2687dbe462f003018038c834d559c76bd1
Opcode Fuzzy Hash: da086e16ec7a1f3f5618fe6fdf266b3cdb92401024176fb3c93d2cb49ec6f91a
Instruction Fuzzy Hash: F5328072E00219DFDB24EF98D891BAEBBB1FF94714F180129E905EB351E7359A01CB91

Function 018F8158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77a60a74b47e20a562f635b4f39068b7d41310bec646c7fc43f51792125621fb
Instruction ID: dfe124eaeca5c0bfad80d3b39c7e5a3c44fcdc152b38de1f22b3616c2c38acbd
Opcode Fuzzy Hash: 77a60a74b47e20a562f635b4f39068b7d41310bec646c7fc43f51792125621fb
Instruction Fuzzy Hash: C4425E75E102198FEB24CF69C881BADBBF5BF49300F14809DEA49EB252D7349A85CF51

Function 01872840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 499b311ab8f6cb1580c462f04cc5790ae3b8108eef7d3ba3257582e3a6099689
Instruction ID: cc22b61de2947f5a39438cc99812e4f083b55aefe4d02698e9b743b3e3025478
Opcode Fuzzy Hash: 499b311ab8f6cb1580c462f04cc5790ae3b8108eef7d3ba3257582e3a6099689
Instruction Fuzzy Hash: DD32DF70A047598BDB25CF69C844BBABBF2BF84B04F24412DD58ADB385E735EA41CB50

Function 0190A118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a780b6b4dc346d2ca6af9337a78e9c2f5d6d58252ae508d86b5526e7a0c497f4
Instruction ID: e6a4284ac44b5d12452bca429d052b99473d0ee5a408c5bb9ba28e0417f5a383
Opcode Fuzzy Hash: a780b6b4dc346d2ca6af9337a78e9c2f5d6d58252ae508d86b5526e7a0c497f4
Instruction Fuzzy Hash: 0622BC746047618FEB26CF2DC490776BBF5BF44341F08895AD98A8B2C6D335E492DBA0

Function 019216CC Relevance: .6, Instructions: 571COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8263834040c17138d4c7345e2f73618c62966e7f5ea66442f6b949658974a8c
Instruction ID: ca1c146493121d42277eb5832ca6779425cecb8c906ef627a19d0040f6905557
Opcode Fuzzy Hash: d8263834040c17138d4c7345e2f73618c62966e7f5ea66442f6b949658974a8c
Instruction Fuzzy Hash: 7622AF35B002268FDB19CF5CC490AAAB7F6BF88305B24457DD959DB349EB30E952CB90

Function 0188FB80 Relevance: .6, Instructions: 559COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 250c7fa3ff07cc3b3955d18198ec9a3974f5a73f7d4acc8375d18eb61fdeb4e3
Instruction ID: 50c5a65fa3f8f44b9c56e119fb2730dd0f199c8b6b633ab18cc3ede9db494d6a
Opcode Fuzzy Hash: 250c7fa3ff07cc3b3955d18198ec9a3974f5a73f7d4acc8375d18eb61fdeb4e3
Instruction Fuzzy Hash: 8D22B47190030A9FEB15DFA8C880BAEB7B5FF44310F248569E915EB246E734DB45CB91

Function 01888DBF Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33a9228f2dec0fde69c94fbd1a0356ccf525a103e58926d338952396bfab6cd1
Instruction ID: 6d10492d8500648ab086384939a831c1f921ebf01d4517f28f0c5165ba673929
Opcode Fuzzy Hash: 33a9228f2dec0fde69c94fbd1a0356ccf525a103e58926d338952396bfab6cd1
Instruction Fuzzy Hash: A1226E70E0011ADBDB15DF99C4809BEFBF2BF85704B54816AE945EB241E734EE42DBA0

Function 01866A50 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cebdbfd43f66bf30465b95c848c705ea2168212f3f04c88bb0c5100a24e606ae
Instruction ID: 42860d01c8433d8e555979df2be77f91cbbe661f5d6ff4bed0ca820c235958ee
Opcode Fuzzy Hash: cebdbfd43f66bf30465b95c848c705ea2168212f3f04c88bb0c5100a24e606ae
Instruction Fuzzy Hash: 6C32AF71A00645CFDB25CF68C480BAABBF6FF48304F248569E955EB352E734EA41CB90

Function 01922446 Relevance: .5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5167e2ac8cc9ea0b47e386d253ac32a551071d5d4a9883d87aa3b78752d3bccd
Instruction ID: 4645b23701a201cbf9d9fb752b1a2cfc625c6e263866ae6762400db0f0181b87
Opcode Fuzzy Hash: 5167e2ac8cc9ea0b47e386d253ac32a551071d5d4a9883d87aa3b78752d3bccd
Instruction Fuzzy Hash: 0E0222356046618BEB24CF2EC450775BBF5BF85301B18859AE9DECF28AD334E842DB61

Function 0193B16B Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fff2616be18e6c3689a7ba325763265867c27e8c86c155bc7ae2b51f58244c2d
Instruction ID: 8038970825a2b830aa9f978a8f6d40b2231a479696bb69f8beed5b348a60ad4c
Opcode Fuzzy Hash: fff2616be18e6c3689a7ba325763265867c27e8c86c155bc7ae2b51f58244c2d
Instruction Fuzzy Hash: A0F1F572E006158BDB18CF6DC9A067EFBF6AFD8211719426DD85BDB381E634EA01CB50

Function 0193A9A6 Relevance: .4, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bd7d104e3c28359b087eb031d23ebfa4dc5d1932942937511fcc053ced176fc
Instruction ID: ad48e24cff2690038d6015074889be983ff57bb97222da50d24e81b5a9a50f65
Opcode Fuzzy Hash: 6bd7d104e3c28359b087eb031d23ebfa4dc5d1932942937511fcc053ced176fc
Instruction Fuzzy Hash: 2FF1E673E005269BCB2DCE68C5A057DFFF5AF94211B194269D89AEB380D734EE41CB90

Function 01884A35 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction ID: 8e3d0827bedad42304d9d96a7e7fe29d5b0361dc4b381552b64d112d1119ac7c
Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction Fuzzy Hash: 99F17E72E0061B9BDB15DFA9C580BAEBBF6AF48754F04812DE905EB341E734DA41CB60

Function 01912F30 Relevance: .4, Instructions: 412COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e913dff60694d037e58464c9686ac344d408ab14f1215bcd8ee4e3d0c6ce77d
Instruction ID: 1a8da190d8154b631d3812e3f4067b32c061e926d411fac4c82bd81a90bada13
Opcode Fuzzy Hash: 1e913dff60694d037e58464c9686ac344d408ab14f1215bcd8ee4e3d0c6ce77d
Instruction Fuzzy Hash: 58E11631E0428A9FDB25DFACC4407FEBBF5BF44321F54841AD48AAB285D635AAC5C750

Function 0188FDC0 Relevance: .4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f29aeb07a012acbe24d5d60cca96db06dd9fb44be218b6b94cd08b32a0fbfa7
Instruction ID: bb930811667084224109e1e5ab3607120eef6528848eb746c04990e04985ab59
Opcode Fuzzy Hash: 8f29aeb07a012acbe24d5d60cca96db06dd9fb44be218b6b94cd08b32a0fbfa7
Instruction Fuzzy Hash: 86F14D70A0430ADFDB15DFA8C480AAEBBB5FF44304F2485A9E915EB246E734DB45CB91

Function 018F892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6678162985943c62d937f6a07c799a0d5ba6676ad1df3b8d579636574a660ca1
Instruction ID: 2ccab9a122ce256405793d6fd827089a78cf3cc38e298ad82594a606e1e85e6d
Opcode Fuzzy Hash: 6678162985943c62d937f6a07c799a0d5ba6676ad1df3b8d579636574a660ca1
Instruction Fuzzy Hash: F9D1D071A0060A9FDF15CF69C841BBEB7F1AF89304F18816DDA55E7241E735EA06CB60

Function 018665D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c89dd71d7c2ac4ebdd1f9b83aab1de2171ed8f41f815219a18f3d563ccbeb8a7
Instruction ID: 9ab983120abb054cf1fa2ea388f0fc89443ae107373d1fcbac60b570d92996b0
Opcode Fuzzy Hash: c89dd71d7c2ac4ebdd1f9b83aab1de2171ed8f41f815219a18f3d563ccbeb8a7
Instruction Fuzzy Hash: 64E18071508382CFC715CF28C190A6ABBE5FF89318F158A6DE995C7351EB31EA05CB92

Function 01858397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a86557411930529a6aac0a656f7a7c059e1d2215564d55f1d16b77193a88243
Instruction ID: 471146effc5cde122c86df53803e923a7a5d256014f2bffe572bf12bec92fa60
Opcode Fuzzy Hash: 5a86557411930529a6aac0a656f7a7c059e1d2215564d55f1d16b77193a88243
Instruction Fuzzy Hash: A2D1E371A0020ADBDB54DF6AC8C0ABA77A5FF56308F04462EED16DB281E730EB55CB51

Function 0188C6E0 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 120d0a1c5b19ec2a095b20a64b1b04e598545820b663ecd001a5d9ccb3a8a300
Instruction ID: c20431ca807c1765509cc026a84a4df00797f2bd8ab370ca0d721766b6d66ac4
Opcode Fuzzy Hash: 120d0a1c5b19ec2a095b20a64b1b04e598545820b663ecd001a5d9ccb3a8a300
Instruction Fuzzy Hash: 00D19B71E042198BEB28EE9CC5853FDBFB1FB44714F14802AD942EB289D7748B81DB65

Function 018738E0 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0418ff238de444d83d1adc36cf4d096b83711c083967f1b7d1afa1a6af73b646
Instruction ID: 236d0025188a0634b7f7082bc3d70516990660404c3eab7f524aa33a12e45426
Opcode Fuzzy Hash: 0418ff238de444d83d1adc36cf4d096b83711c083967f1b7d1afa1a6af73b646
Instruction Fuzzy Hash: 30E16D75A00209DFDB18CF59C890AAABBF1FF48310F25816DE955EB391D734EA41CBA1

Function 0187CFE0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88633b36162e6c9ec91e18d0033792ec8276e8e216310425a98afb906b835c64
Instruction ID: cee5bff382aed087e6809596e1c5513936209bb359bd49d0f0fc694cd593777d
Opcode Fuzzy Hash: 88633b36162e6c9ec91e18d0033792ec8276e8e216310425a98afb906b835c64
Instruction Fuzzy Hash: 9DD1B231A04319CFEB25CB99C884BAAB7B2BF45314F0442A9D909E7241DB74EF85CF52

Function 018E8243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: 0ab5b37084b9a6bd523545f5bf1f1fd1bcd20344c2fbd5edaccf6411e31482ff
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: CDB17274A00609AFDF24DF99C948AAFBBF9FF86304F14445DAA02D7791DA74EA05CB10

Function 01870535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: 9d9e63b663a24cf059fa8bb1d174adf570495566168f04445a1af18c04817574
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: 55B1063160464AAFDB25CBA8C850BBEBBF6AF85704F140159E656EB281D730EF81CB51

Function 018683C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90f10ca645c28eed45449710782453cdd1597bbb4f8341eef5305a0b98c2eeb3
Instruction ID: 69e76627564a7a2e84b96441477d55a3a477c139a343d27a6dc4936b5af5433c
Opcode Fuzzy Hash: 90f10ca645c28eed45449710782453cdd1597bbb4f8341eef5305a0b98c2eeb3
Instruction Fuzzy Hash: 69C14974508341CFE764CF19C498BAAB7E9BF88704F44495DE989C7291E774EA08CF92

Function 0185C427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03ef6c3e3353a4010227d0d807c4395b0882b1aff0c88f777af014aca7221692
Instruction ID: dc7e93df3f843a46506b67165ec176eff632e542ef495afd50e0ce0527ba31c0
Opcode Fuzzy Hash: 03ef6c3e3353a4010227d0d807c4395b0882b1aff0c88f777af014aca7221692
Instruction Fuzzy Hash: BDB16370A002658BDB65DF58C890BA9B7F5FF44744F0485E9E90AEB241EB709E86CF21

Function 0188E5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffdf2ca45fadf4540c1d5a25a63670591d13579a05896b4308bc6458dc698ed3
Instruction ID: 6fd747d8c338990a2e1991f5864d155b6878427359124543aad990ead92f8c91
Opcode Fuzzy Hash: ffdf2ca45fadf4540c1d5a25a63670591d13579a05896b4308bc6458dc698ed3
Instruction Fuzzy Hash: 05A1E731E006599FFB21EB5CC844BADBBA5AF01B18F054115EB11E7291D774DF40CB91

Function 018A0185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc1f954773cbc0259cee1ea1ad8abbe569166eda453068f83eb21c1f9ad08b0c
Instruction ID: 75e06ba19e576326b14e58cc07be62e00b93aaf7600e5cae08ed2c73adbc0a6c
Opcode Fuzzy Hash: fc1f954773cbc0259cee1ea1ad8abbe569166eda453068f83eb21c1f9ad08b0c
Instruction Fuzzy Hash: 9EA1C470B0171A9FEB25DF69D890BAAB7B1FF54318F444029FA45D7281EB34EA11CB50

Function 01934500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b6f34d3b63dc7b13eb851c3fd5607992108d6b5e765ff19fc20d62309656e75
Instruction ID: 519eaed8ee607b3f2b4b69a33dd16171707734770a2fd27130bb1bf51c72f3a0
Opcode Fuzzy Hash: 4b6f34d3b63dc7b13eb851c3fd5607992108d6b5e765ff19fc20d62309656e75
Instruction Fuzzy Hash: 24A1AE72A04612DFD722DF28C980F5ABBE9FF88745F460A28E549DB651D334ED01CB92

Function 018E60E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03f31e5fda969a0d1a49333f4f7ac4a29cfe4b14da053dec36cfa882637b9eed
Instruction ID: 3655b8f1db50a6a962edf5c21f28a1a66a17cdae5f441a2128c48458a2096417
Opcode Fuzzy Hash: 03f31e5fda969a0d1a49333f4f7ac4a29cfe4b14da053dec36cfa882637b9eed
Instruction Fuzzy Hash: 75917371D0021AAFDB15DF68D888BAEBFF5AF5A710F254159E610EB241E734DB009BA0

Function 0187E3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19be7a05876e3bae3429e2237513546f853bf834c8f40198571d89e863eb1db2
Instruction ID: 815ac2a7d3a80f0bb8c5e8eb6ac7c54f72f55b3588a46bfd4514eb22ffc8deb2
Opcode Fuzzy Hash: 19be7a05876e3bae3429e2237513546f853bf834c8f40198571d89e863eb1db2
Instruction Fuzzy Hash: 7291F571E0061ACBEB24DB6DC484BBABBA1FF94B18F0541E9ED05EB241E634DB41C752

Function 01894750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
Instruction ID: 027ddaba4984248de1180fb455e53a1d49fdf8cd8b9855d4648ef08086388b84
Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
Instruction Fuzzy Hash: 41813761A4439A8BEF214EACC9C026DBB61FB52314B2C467AD942EF341C2649B47D392

Function 018ADBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
Instruction ID: 73813b14f1cc89c58defc1456e2503f60eaef883b460c02529af13b186904fd9
Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
Instruction Fuzzy Hash: 80914272510A068FF725CF6DC885662BFE0FF55324B948B18E5E6DBAA0C375E621CB40

Function 0192F7B0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa7240fab1cb96c0b440608abf1a935c5fe68d98141d8f53d5d25e57c01c1e6a
Instruction ID: 21fe23315ee57f3513fa42df8231da256c1110953df82b13b2739abafef0a6c5
Opcode Fuzzy Hash: fa7240fab1cb96c0b440608abf1a935c5fe68d98141d8f53d5d25e57c01c1e6a
Instruction Fuzzy Hash: 34911775A002269BEB11CF2CC88076ABBF5EF84311F148578E94DDB289E774E905CB91

Function 0192F43F Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c9106f6a96212643f953a34689f2500b75876e591ce57510d73b8777a823357
Instruction ID: 74bd250caa6001d949d0940c0db1819af15acd3fab3c221096e180110ee10fd8
Opcode Fuzzy Hash: 1c9106f6a96212643f953a34689f2500b75876e591ce57510d73b8777a823357
Instruction Fuzzy Hash: 8A91F472A001198BDF18CF79C8946BEBBF1FF88311F1981A9D81ADB39AD634D905CB50

Function 019281CC Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 216f9290ccb20c5b992cf73e169734c2d0767bffcda517103a5240afb40982ef
Instruction ID: 023e318e459672e9d556c57c1c49118a4e69f70cb0d1184eca7e6976ddc6255b
Opcode Fuzzy Hash: 216f9290ccb20c5b992cf73e169734c2d0767bffcda517103a5240afb40982ef
Instruction Fuzzy Hash: 4181D671E005269BCB14CF6DC8805BEB7F5FF89321B18472AD925E7288E774E952CB90

Function 01870E59 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19aebc0a6782bfe3feac93918b5b726d8c6e673a077378c972296173d35a881b
Instruction ID: b50b39ae1b7ebdb27bc806f4922ecbfc38e46e432054e4303c00c71247dfa354
Opcode Fuzzy Hash: 19aebc0a6782bfe3feac93918b5b726d8c6e673a077378c972296173d35a881b
Instruction Fuzzy Hash: 2E81B471A005199FDB15CF5DC8849AEBBB2FFD6314B288299F854DB349D730EA41CB90

Function 018B6ACC Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0063dea5a65bec4e857e5f0b207fa3528790c35fd388aa6a4fcaba03b31a546f
Instruction ID: f910a5f3b054e68d7030591bba6711046c946d5b713280c1f9cf760c6b821e88
Opcode Fuzzy Hash: 0063dea5a65bec4e857e5f0b207fa3528790c35fd388aa6a4fcaba03b31a546f
Instruction Fuzzy Hash: A9817271A0061A9BDB24CF69C990AFEBBF9FB48700F14852EE555E7740E334EA40CB94

Function 0191E4F6 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5f60cbab6c9f84b39d1731aea391b21fc18b749890f7c05a83477f5933cc5f6
Instruction ID: 1804241b7bba1903dbddccddefe4c8ecdb7547a5a3ca687cdd25e792f6457318
Opcode Fuzzy Hash: b5f60cbab6c9f84b39d1731aea391b21fc18b749890f7c05a83477f5933cc5f6
Instruction Fuzzy Hash: B781B176E002199BDF19CF58C490AADFBF5EF88310B598169D81AEB389D730DD81CB90

Function 0192AB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: 583827d9ed3805788d315156ee3d52a0a108c231078c3f15a7514e430e210a1c
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: 60818332A002169FDF19CF59C480AAEBBF6FF84311F188569D91A9B789D734EA05CB50

Function 0189E284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62658ec4c512ddbc3a82739751d0b381a354dd4d521cb594ef1f160ba6ca8294
Instruction ID: 8a7d05b436fc123cb73b3596f0dd41a1888ef47ca8a0ce2ed8d91b030555c7a6
Opcode Fuzzy Hash: 62658ec4c512ddbc3a82739751d0b381a354dd4d521cb594ef1f160ba6ca8294
Instruction Fuzzy Hash: ED814F71A00609AFDB25CFA9C880AEEBBBAFF88354F144429E555E7250D730AE45DB60

Function 0188B950 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e82da425a913a2809d70fb1a83e524d666cafa33dda2aab6acc691a32af01c15
Instruction ID: d933c437e31510caeaec0020442156bbfa827c37a0b950d21cf11d7d300d0330
Opcode Fuzzy Hash: e82da425a913a2809d70fb1a83e524d666cafa33dda2aab6acc691a32af01c15
Instruction Fuzzy Hash: D07107303142648FE734DE2EC980B36BBE2ABC4B09F14855DE996DB5C5D735EA02CB60

Function 0187C640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dfaf7fe585dc1336ebc1285ebf0f827851c3c07a0d5a79cbd23dc90034ca647
Instruction ID: f0d4055ba5db48ffbc6920e7bef0e5244b29906a7576e96dba9ac5250b2bff7c
Opcode Fuzzy Hash: 7dfaf7fe585dc1336ebc1285ebf0f827851c3c07a0d5a79cbd23dc90034ca647
Instruction Fuzzy Hash: F571BCB580462ADBCB25CF59D8907BEBBB0FF59B10F14411EE942EB350E7349A00CBA0

Function 019147A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78adedb0dc756b4f8e493d967f7ad1f85b7b21772799e4c02862750a57d8f4e4
Instruction ID: 1660d2863c4b8f7c83c77d97ae698783d75d3ba77e36ef31fcb616aca955f151
Opcode Fuzzy Hash: 78adedb0dc756b4f8e493d967f7ad1f85b7b21772799e4c02862750a57d8f4e4
Instruction Fuzzy Hash: DC719171904309EFEB20CF99D940A9ABBF9FF98701F55465AE608EB25CC7318980CF54

Function 0191DAC6 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97327f4b07d7c8f99226ed806ddc0cbce3cfd53838c755e46f84a800441fc8bf
Instruction ID: 282fdefd2bcb32c20054ce1639a7d745f4fe8aa2f5f58578113714a78a8b737f
Opcode Fuzzy Hash: 97327f4b07d7c8f99226ed806ddc0cbce3cfd53838c755e46f84a800441fc8bf
Instruction Fuzzy Hash: 1181AE70D002499FDB25CFAAC448AAABBF5FF89701F00C85DE49AAB649D374D881DF50

Function 0187260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cd0c98beef1f8041738b799f6ecc997d27bb437ce0f233d91056d528b06aaf6
Instruction ID: f50e81fae6aa52408ba7d0c0342b196139831a2161854e8e523bfc6231b048f7
Opcode Fuzzy Hash: 7cd0c98beef1f8041738b799f6ecc997d27bb437ce0f233d91056d528b06aaf6
Instruction Fuzzy Hash: EA71C1356042428FD311DF2CC480B2AF7E6FF84714F0485AAE899CB356EB34DA85CB92

Function 019270E9 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 582b01e49f1b1d8206768a64862f91032318d010de4fa3c1a98f4e67f10d8ed8
Instruction ID: 3d57ed403be71ab42e0c0a4ca0628996bf31d089e3a5ecf3bf03d9e44311e6de
Opcode Fuzzy Hash: 582b01e49f1b1d8206768a64862f91032318d010de4fa3c1a98f4e67f10d8ed8
Instruction Fuzzy Hash: 2B61F671E002379BDB19AEE9C8819BFB77EBF75300F104429E919B7249DB30DA448B91

Function 0191F0CC Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c9e8f1c8c2de7fb75ba042a7f419d3271cec3c599916360d605882a0b36b365
Instruction ID: c08293587fd18ee628bc50308823530e0f4ebabc07d5197e958545deb4b5e787
Opcode Fuzzy Hash: 0c9e8f1c8c2de7fb75ba042a7f419d3271cec3c599916360d605882a0b36b365
Instruction Fuzzy Hash: 2D71AD79A0072ECBDB24CF59C0905BAB7F5FF85316B64486ED94A97248D370E9C8CB90

Function 018E035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: f2bb27e97a0e5acb244eeea31e0b7f5eb8bc4d6a7fb48bcd7b0e92f86dfd39f8
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: 63716D71A0060AEFDB10DFA9C984A9EBBF8FF98700F144969E905E7250DB74EA01CB51

Function 018F62A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 598a2b18bb3e121e2495d317c9a4efcdcf6d545f9c1c42b4b433c339cbd79678
Instruction ID: 6d74be8f1b5b3483632c7ae80a4fb658b3d2c766ad5370a95802c48fe992af99
Opcode Fuzzy Hash: 598a2b18bb3e121e2495d317c9a4efcdcf6d545f9c1c42b4b433c339cbd79678
Instruction Fuzzy Hash: B371D132200701AFE7329F18C884F56BBA6EF50724F244A1CE755D76A1E775EA44CB51

Function 01868AA0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd12bbe818f5864ead6eeb75cc44824deabea800f594e1a518ce4b65a698b459
Instruction ID: 4a5ed0b8dd77c0c712b017d4da307efff3c5bfd02834ac460e609a40015f62e9
Opcode Fuzzy Hash: dd12bbe818f5864ead6eeb75cc44824deabea800f594e1a518ce4b65a698b459
Instruction Fuzzy Hash: 8281AB72A083168FDB24CF9CD484BADB7B6BB89714F15412DDA04EB291D774DE81CB90

Function 0189CDB1 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12131d352b6f9f48eb1f2b985eeb9f4003d480b128054350d775b93f3de39b31
Instruction ID: 20f000770e3eaf2dc477b29ebdc3317a054fed532dbe5eb2820eb1257d095dea
Opcode Fuzzy Hash: 12131d352b6f9f48eb1f2b985eeb9f4003d480b128054350d775b93f3de39b31
Instruction Fuzzy Hash: 2061A071A0020AEFDF19DF6CC880AAEB7B5FF49314F154569E612EB291DB31DA01CB52

Function 01927A46 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e9bee1d840eda15b47ed864714dd05faabd5e5889dcc0c0986dc423231e163
Instruction ID: 65854258942991a0909d3e9d34cb5cf88bf9b97a09b989d669945a3753ab5a5a
Opcode Fuzzy Hash: 59e9bee1d840eda15b47ed864714dd05faabd5e5889dcc0c0986dc423231e163
Instruction Fuzzy Hash: 3B515D75A001365BCB1CDFADC8809BABBE6EFA8311F144169ED59E7389DA34C902C790

Function 0192132D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf033a2efef6d93fccdffffdbed6d4c5b1c49122a547d2f1406fe77db8e62738
Instruction ID: cd3872566412a19bca94484d8e8c26bb5160c7959dda3f6749967657af15d084
Opcode Fuzzy Hash: bf033a2efef6d93fccdffffdbed6d4c5b1c49122a547d2f1406fe77db8e62738
Instruction Fuzzy Hash: 71819171A00219DFCB09CF69C490AAEBBF1FF88310F1581A9D859EB345D734EA51CB90

Function 0191A250 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e24d39e11745c706a90d6d758c0c4b0559102120f3cf98451877bb1f34fe778
Instruction ID: e877875796f580b02a04a342eb1e422fa72f3e2cab297557c028a4087bd3913d
Opcode Fuzzy Hash: 8e24d39e11745c706a90d6d758c0c4b0559102120f3cf98451877bb1f34fe778
Instruction Fuzzy Hash: 4451F17250674AAFD712DE68C844F5BB7E8EBC5B10F000929BA48DB194D770EE45C7A3

Function 0192CE93 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
Instruction ID: 4d95e9180d0115b8c09c0a91a69c9b5f515b91b45df3315d01c45d480f87905e
Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
Instruction Fuzzy Hash: F85177326046224BD711DE2D8850FAFBBDAAFD0350F18846DE99DC724ADA30D90987A1

Function 01928DAE Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b02bcbffaa3a92b0345998bd0c2408ee46cbba00b99c0a20c87e6699e10f731
Instruction ID: 2b8f6a3323bc784ad415d23f08c2a55a2b8121399ae5c9ba46f1aa61b17f871b
Opcode Fuzzy Hash: 3b02bcbffaa3a92b0345998bd0c2408ee46cbba00b99c0a20c87e6699e10f731
Instruction Fuzzy Hash: 7451E3726043229FD711DF28C840BAABBE9FF94351F04892CFD9997294D734E948CB96

Function 01908350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bd9faae13694a19c98a0a5b90a2374e3a5f34181e846003ec851616058aeae7
Instruction ID: eb2bd640d4cb619a1bd3c2930d2a75c8e5d7d66097c40147e5d65779bdccdb0f
Opcode Fuzzy Hash: 6bd9faae13694a19c98a0a5b90a2374e3a5f34181e846003ec851616058aeae7
Instruction Fuzzy Hash: D9518E70A00B05DFD722DF5AC884A6BFBF8BF94B10F104A1ED29A976E1D770A545CB90

Function 0189E443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db2c8bc5d3da18102e4ee371501b28f373de87b41423a50083452456f933da07
Instruction ID: e506d2d4cad08ff83b9c61928250e12a7c0933d1d541460cd8bc285165390fcb
Opcode Fuzzy Hash: db2c8bc5d3da18102e4ee371501b28f373de87b41423a50083452456f933da07
Instruction Fuzzy Hash: 1D519B31600A05DFDB22EF69C9C0E6AB7F9FF54744F440429E916D7660E734EA40DB52

Function 01904180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fededa8f8f4e7bc1ea42e44447886912f29c21b497fa9e15159884e0b9dc4d78
Instruction ID: d679b3d5ba4e4b531e76561eff196ec4729e6707f08612c411e8d0b46559ad80
Opcode Fuzzy Hash: fededa8f8f4e7bc1ea42e44447886912f29c21b497fa9e15159884e0b9dc4d78
Instruction Fuzzy Hash: 3D5158716083029FD755DF29C980A6BB7E9BFC8704F44492DF689C7290E730EA05CB92

Function 018845B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: 3e8062174aac79928a26bd30dbab9ea7ac492e56bb46fac41ed75de862e0854f
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: F9516D72E0421EABDF15FF98C440BEEBBB5AF45754F04406AEA01EB240D734DA44CBA1

Function 018E3A6C Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4437cf3fb34c2be35fe7de17ed7dcaa2bf19a2bebaa497cde60932d49780eb4
Instruction ID: 331970f7cd5e7606e649b2e18d25cb2f5f08cc633e0e23c8fc6adae689e70f7d
Opcode Fuzzy Hash: f4437cf3fb34c2be35fe7de17ed7dcaa2bf19a2bebaa497cde60932d49780eb4
Instruction Fuzzy Hash: 64514B32E4021D8BEF25CA58D461BEFB3E2FB81314F450816E95ABB3C1C6B66A46D650

Function 018DD800 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65f9a4a4ebf0ceae3ade7601cabb06aefa0946fb9ac87e0058cf1ee09bdc7275
Instruction ID: 0fa3f950622b94c06a09aec541b05d40c1d396076205af7a0c8ba8dabae0cf06
Opcode Fuzzy Hash: 65f9a4a4ebf0ceae3ade7601cabb06aefa0946fb9ac87e0058cf1ee09bdc7275
Instruction Fuzzy Hash: DB51CE70A00316ABDB14DFADC480ABEBBF5FF45704B094269EE45DB680E7369A50CB91

Function 018EE9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: 6eedebf00f0cd5c9e4f4d9a00323027bfe8635c109a65d822a1c4110608ff140
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: 5351B831D0021EEFEF219E98C888BAEBBF9AB46314F154665D511F7190E7709F4487A1

Function 01927571 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cb05c8a5c75badc69e08dccfb783573a7d185e4ecb4005f82a6e3850ec23eb8
Instruction ID: fe238bd8cbc1f57ae983e7d07bc70caeab8ba40be42428ad72d050fe7ff54330
Opcode Fuzzy Hash: 6cb05c8a5c75badc69e08dccfb783573a7d185e4ecb4005f82a6e3850ec23eb8
Instruction Fuzzy Hash: 53512A31A001369BDB29DFA8D840A7EFBB9FF58341F044169D909F7259EB309D01CB80

Function 01928B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 680bfcc4c4358bf60be6e9a67a3fd42f54705b302f2dc63632d1285dc6f85c26
Instruction ID: 08593a5137d54680a91563c4b94669f52f5bfffa9709f4f214ac2111e7656ca1
Opcode Fuzzy Hash: 680bfcc4c4358bf60be6e9a67a3fd42f54705b302f2dc63632d1285dc6f85c26
Instruction Fuzzy Hash: 7D41D371B016219BD729DB2DC894F7BBBDEEF90221F088619F95D87289DB34D801C791

Function 018ECBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4026fd332f266242291dcc8ee61aefd5d06fbae5146131f9dedb8f6241974e98
Instruction ID: 1e70724b44c9019d400d383c6f0818a738d0b6a3d176f6ffbacc991af1c56a7a
Opcode Fuzzy Hash: 4026fd332f266242291dcc8ee61aefd5d06fbae5146131f9dedb8f6241974e98
Instruction Fuzzy Hash: 37518A72E0021ADFCB20DFADC9849AEBBF9FB4A358B504519E505E3304D732AA01CB91

Function 018E5BF0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f604d3c1b4c36c26dd95862250e342ae12cc5b7585349a9bcfaf1f1e9dc7ea41
Instruction ID: f295e3172951fb38231e8023f4d5a3a6562959d6d2d149ae6482c86e5b152357
Opcode Fuzzy Hash: f604d3c1b4c36c26dd95862250e342ae12cc5b7585349a9bcfaf1f1e9dc7ea41
Instruction Fuzzy Hash: F3415B35B403069BDB65FFBC885AA6E76E19F56718B01023EE80AF7241DA34CB018793

Function 0189A430 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7745f0fc2a4683abed03cf240734ad589683668fe7d937d84bebe2366d900307
Instruction ID: 5a8f4a5e6ec4ffdefa7fbb7555d4cb64532c31466b06578a2e2b61d18f2fac4c
Opcode Fuzzy Hash: 7745f0fc2a4683abed03cf240734ad589683668fe7d937d84bebe2366d900307
Instruction Fuzzy Hash: CF410671748306DBEF29EFACA8C0B6A3765EB54758F48002CFD0AEB245E7719A00C752

Function 0192A9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: cdaca04ca5e85cff1ecda01980e393025bd25a7610460ff2e076455c29d71018
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: 1D41FD336007269FD715CF58C984A6AB7AAFF80315B05452EE95A87A44EB30ED08C7D1

Function 018901F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27ee87acd227f97cc90b50ea10d652b4819116fa7e87c73b6c02cc4f79403860
Instruction ID: 45220315cb135de9cf352c5ed4f03d1707bebe2ed3f69302f7086f39d66b42d0
Opcode Fuzzy Hash: 27ee87acd227f97cc90b50ea10d652b4819116fa7e87c73b6c02cc4f79403860
Instruction Fuzzy Hash: 8F41AF359002199BDF15DF98C440AEEB7B8BF48714F18815AF819F7240D7359E41CBA5

Function 0188EBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df63df2c3cf53987ca311321d83e4213f00246f24fe2e7cb2855d4e0295466a9
Instruction ID: 355604ff796f78a58bd788065e93b4c33c08b2e5548054480a86a5a42f2fdfa6
Opcode Fuzzy Hash: df63df2c3cf53987ca311321d83e4213f00246f24fe2e7cb2855d4e0295466a9
Instruction Fuzzy Hash: E341B2716143069FE724EF2CC884A1BB7EAFF88318F14482DEA57C7611DB35EA448B52

Function 018A2750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: aef0eae84ac88eee7656292a4fa3c01a10abc12d371bc7856870c82808eb6e39
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: F6516C75A00219CFCB19CF59C480AAEF7B6FF84724F2881A9D915E7351D770AE82CB90

Function 01866154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06f36d6395a0c3c6f375f3166d5d128974c9f07c31624c2935bd2e64ede2c04c
Instruction ID: 0c691ad5a005d121e9a450e44e472b8f5c67ccc04fa09d144eec477c1534de11
Opcode Fuzzy Hash: 06f36d6395a0c3c6f375f3166d5d128974c9f07c31624c2935bd2e64ede2c04c
Instruction Fuzzy Hash: 8751D670900256DBDB25DB6CCC00BA8BBB9EF15318F2442A9E529E73D1E7349B81CF41

Function 01860BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b81ff35c6943fc4745c88954137e07f8bcad01b7771f2fb0bda96661ce5b124
Instruction ID: 74cd7ec5d77bbbcaf32118951c2ff707e9823ff3aff7613f7699481119c55623
Opcode Fuzzy Hash: 4b81ff35c6943fc4745c88954137e07f8bcad01b7771f2fb0bda96661ce5b124
Instruction Fuzzy Hash: 33414A31A002299EDB31EF6CC980BEA77B9AF45740F4500A5E948EB241DB749F84CB96

Function 0192866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: ea3be33a326cf82d1420aef8948746b25d2bf0828fa38524475aff391a22fc34
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 30419575B10125ABDF15DF99CC84AAFBBFEAF84650F144069E908E7349D670DE01C760

Function 0192F0E0 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ecd5402e2d1a3bce9f66c8f34543590c3300c054960c39cb0868cf42ee6e629
Instruction ID: 76f82e68ebb0a75beea0b75605b5b7784e4473a2b46162b15ef18116d1664cda
Opcode Fuzzy Hash: 0ecd5402e2d1a3bce9f66c8f34543590c3300c054960c39cb0868cf42ee6e629
Instruction Fuzzy Hash: 4341A2B12083528BD708CF29D8A597ABBE1FBD5715F04459DF8998B282CB30D919CB61

Function 01860887 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 632f541a676d07ef554b975deb783a3319a2f429a522b9747ef40a2f3eaede24
Instruction ID: 672db25ae1c1f0a3cd6893c71aab86e714db3f754a3203897b0cfdbda854203d
Opcode Fuzzy Hash: 632f541a676d07ef554b975deb783a3319a2f429a522b9747ef40a2f3eaede24
Instruction Fuzzy Hash: 3141D3716107059FE325CF28C890A22B7FAFF49318B144A6DE547C7A51E730FA45CB94

Function 0190D5B0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cf602e99da18a2640e677da7cd17c0f6847cc1e3f558f783fd0a046388230e6
Instruction ID: 346b486a4ea1a4de6b8c6c6fe96f5bc60e9f30b49e415434835468b32aae501d
Opcode Fuzzy Hash: 9cf602e99da18a2640e677da7cd17c0f6847cc1e3f558f783fd0a046388230e6
Instruction Fuzzy Hash: CE412530A082959FDB16CFACC895ABAFFF1FF49301F058489D5C98B286C735A456DB60

Function 0188A470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca4b2253f2639b9f590256d1b4025237adb80da0de32a11c6c8f0ae1e7cbed9d
Instruction ID: 0cf1deacc1239fa6bc1d958da98495c6d56a2bb66b6cf7f0213bda1453ed7b14
Opcode Fuzzy Hash: ca4b2253f2639b9f590256d1b4025237adb80da0de32a11c6c8f0ae1e7cbed9d
Instruction Fuzzy Hash: DD41BE31944609CFDB29EFACD4947A97BB0FB54714F04015AE911FB2D5EB34DA80CBA1

Function 01868BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 700feb00c08f77d91731b8da26045c4b1f43e8652e7840310561e451f4d21aad
Instruction ID: e3fcd2cb5f5fb4af329a94d3b5fc7d8a6acfc73259aed8c30b2ffab0ecc47fdc
Opcode Fuzzy Hash: 700feb00c08f77d91731b8da26045c4b1f43e8652e7840310561e451f4d21aad
Instruction Fuzzy Hash: 63412532904306CBD764DF5CD880A5ABBBAFF95704F14812ED905EB259D735DA82CFA0

Function 01858918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98761bd6215d216e074df3497ab9131ec32b1904a873083ac5689690b9d861a1
Instruction ID: a215ec62ee63747c9e007fe61e62ad2937e2caba82a5663c722b771629c96bfc
Opcode Fuzzy Hash: 98761bd6215d216e074df3497ab9131ec32b1904a873083ac5689690b9d861a1
Instruction Fuzzy Hash: E64129325083069FE312DF698880A6BB7E9EF85B54F40092BF984D7251E730DF058B97

Function 0185A020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: 81b59f3ff40093a2763dc19b819c60a29dc69b941d4ceb76aaa696bc390f270f
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: 3B413731A00616EBDB29DE6D84D07FABBA1EB90764F15816AED45DB340D632CF80CB91

Function 018609AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ece3526c279a2b3a7a2b9281b6433934baffbcfce70d77aa64df38fffac78f
Instruction ID: 318d24e0a75d2ad8b9ca1276047f5aaa6b306413689c29939e4bda7b004b295f
Opcode Fuzzy Hash: b0ece3526c279a2b3a7a2b9281b6433934baffbcfce70d77aa64df38fffac78f
Instruction Fuzzy Hash: 16419971640701EFD321CF18C880B6ABBF9FF58355F208A2AE449CB251E770EA42CB95

Function 01890710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: a626d19585224718b5815696193297114574afc5ac630ec3a0d3519bff959f74
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: 0D410871A00609EFDB24CF98C980AAABBF9FF18714B14496DE556EB651D330EA44CF90

Function 0186262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc74eabe6a1970af07dca323e63d88e31f132a266266b5248c0264b1c78242b5
Instruction ID: d269dc9e2dba6df4a3cc2daf357e3577a687641d8d1c10843723a8576c7cb8fd
Opcode Fuzzy Hash: dc74eabe6a1970af07dca323e63d88e31f132a266266b5248c0264b1c78242b5
Instruction Fuzzy Hash: EF417F71501705CFCB22EF28D940B69B7FAFF94314F1482A9C516EB6A1EB349A41CB52

Function 0189C8F9 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e4a66e633063d700454cf6893391ffe613bbdf309cdd6efe5b21e138979eb2a
Instruction ID: 4ec6a4b3e95ed156d800bb4a8521556de983797e879d51bd6c33afbf425878de
Opcode Fuzzy Hash: 6e4a66e633063d700454cf6893391ffe613bbdf309cdd6efe5b21e138979eb2a
Instruction Fuzzy Hash: 43318AB2A00745DFDB11CFA8C440B99BBF0FB49714F2485AED119EB251D3369A02CF90

Function 018E07C3 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1c886bee536967aacb9690c1e2d134d5a8ac0545abab58da9b0ecd989afd596
Instruction ID: 77395e9b8adae3c76a9ce6894c150691f39fa9da7c2aac9976992d42ad9cf296
Opcode Fuzzy Hash: d1c886bee536967aacb9690c1e2d134d5a8ac0545abab58da9b0ecd989afd596
Instruction Fuzzy Hash: 37418C72608315ABD720DF29C845B9BFBE8FF88764F004A2EF598D7251D7709A04CB92

Function 0192EEDB Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13a09be9906e583ec9c1f9c4721e734ac43ebd001405bdbb33e08849942b6a9a
Instruction ID: 10e5c2876281cf0358160e3ead34363995b7221ec71ced2b4af21afe15e044d3
Opcode Fuzzy Hash: 13a09be9906e583ec9c1f9c4721e734ac43ebd001405bdbb33e08849942b6a9a
Instruction Fuzzy Hash: BC41C733E1812A8BCB18CF68C491979F7F5FF8830475641BDD90AAB295DB34AD45CB90

Function 0192FA49 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c37909cdcc9319ee39524cbc6eb16d2e8ffaeb8f4caa0a5beb5db301fa60dfe1
Instruction ID: eb5c04d55c79868a85191e44cca4fcff5592b2c4a6fa4cc6bf70bb097981da4e
Opcode Fuzzy Hash: c37909cdcc9319ee39524cbc6eb16d2e8ffaeb8f4caa0a5beb5db301fa60dfe1
Instruction Fuzzy Hash: 0C3137327045269BD718CE2DCC44AA77BBAEF99350F088538E91DCB289EB74D945C3A4

Function 018E05A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f16cc2c58b24395ed5cf5f057ef2e60f094d8b57c1533ec4409954c0543fe1ec
Instruction ID: 350da8b4db186ca3b3d6e48924a3e2d4d45c77df39254ced19a00023d6ed8d1f
Opcode Fuzzy Hash: f16cc2c58b24395ed5cf5f057ef2e60f094d8b57c1533ec4409954c0543fe1ec
Instruction Fuzzy Hash: 4741D2726087469FD320DF6CC844B6AB7E5BFC9700F140A19F955D7690E770EA04CBA6

Function 01864859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be448aac0600ffe3b919ebe55cf16826803bce58275e9fb6a45b61f1d59a64b
Instruction ID: 48fc78ff56ab27e410f519ddb9c30b8f06b3bb4c126785aecd5a284ea22cc89c
Opcode Fuzzy Hash: 8be448aac0600ffe3b919ebe55cf16826803bce58275e9fb6a45b61f1d59a64b
Instruction Fuzzy Hash: 6A41B3702443028BD725DF2CD894B2ABBEEFF80754F14442DEA45CB2A1DB30DA41CB52

Function 0192FB76 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bf70051eba5429e6ded26cf6b8349b8d9f0f9a7e3bbb8e11af0e52a271ec191
Instruction ID: bb3d70f0729616b3c15c11fb9fc72b4fd8c8b7dc76a42aed23d7edf48f104a62
Opcode Fuzzy Hash: 0bf70051eba5429e6ded26cf6b8349b8d9f0f9a7e3bbb8e11af0e52a271ec191
Instruction Fuzzy Hash: 9631E671A14125ABE714DF29CD44A9BBFF9FF88350F058424F90DCB259E630E941C790

Function 018702E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: e236cd306dc9a6ac7577a11011be2c37eb3a2d74a3490239e9ce40830ac32165
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: 13312831A00248AFDB21CB6CCC80B9BBFE9EF15754F0441A6F815D7352D674DA84CBA1

Function 0190E3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b1f850cb0acf924412d90de3a1f3ecf136761d853aa823c037627c35cad337
Instruction ID: fab5daab602a721752a256a069633a88ac835619f96ab442a8da2519ea669b26
Opcode Fuzzy Hash: 58b1f850cb0acf924412d90de3a1f3ecf136761d853aa823c037627c35cad337
Instruction Fuzzy Hash: C8319635740706ABD722EF698C41F6B76A9AB59F50F010428F604EB3D1DAA4DD0097A1

Function 01914B4B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8e57b4f75c13cafd8bda1f6ee967430ff5dcbcead48801e50cc32e8b397f52
Instruction ID: 86a4c3f48a873cf5b2dcf66cb005ea7237100f45c39360d8276b5135d2583271
Opcode Fuzzy Hash: af8e57b4f75c13cafd8bda1f6ee967430ff5dcbcead48801e50cc32e8b397f52
Instruction Fuzzy Hash: 4531E6326093058FC321DF1DD880E6AB7FAFB88360F59446DE9599B259D730E880CF91

Function 01864260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d76f61eca944709ad68fa090d2f5a1751ee3accf3939b4d46fd88fdd1e369b1
Instruction ID: 2d4503443b1cbc91ef3599e4352e9a6e72844ee669f296076fa70bce1957a05c
Opcode Fuzzy Hash: 0d76f61eca944709ad68fa090d2f5a1751ee3accf3939b4d46fd88fdd1e369b1
Instruction Fuzzy Hash: B741BF35200B45DFD722CF68C980FDABBEAAF44B54F15442DE65ACB250D774EA04CBA0

Function 01914BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2406d8c06652d06d137b2ec527912a9f6852d309f975a34e1d39853af1056e0
Instruction ID: 9b4cb69a5e3139fb9722e1ddfa69179e796a7adb075e3f3e29f81250f2d6e1d4
Opcode Fuzzy Hash: d2406d8c06652d06d137b2ec527912a9f6852d309f975a34e1d39853af1056e0
Instruction Fuzzy Hash: CE317E71A043068FD720DF28C880E6AB7E5FBC8710F05496DF9599B359E730E985CB92

Function 018DEB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e3dfbd2033dac9b26282e359cf65b1d0d1ac9d52afd1c0bae493c7a8db0ed5f
Instruction ID: 2ec2485579ec61663a8cb6fc039a838c51069c948517bd09a8c4567aef74f7af
Opcode Fuzzy Hash: 8e3dfbd2033dac9b26282e359cf65b1d0d1ac9d52afd1c0bae493c7a8db0ed5f
Instruction Fuzzy Hash: F831A1317017869BF326975CCD48B657BD8BB41B44F1D04A4AF85EF6D2DB68EA80C322

Function 019261C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 864170faf458199a7bfe1977859b80f60153169b30ef865cf36f4eec3c0885e6
Instruction ID: 1e74ed917f079172547fb336a6614b9c25b047b7c8eae630710514e7724ab0e9
Opcode Fuzzy Hash: 864170faf458199a7bfe1977859b80f60153169b30ef865cf36f4eec3c0885e6
Instruction Fuzzy Hash: 5B31D576A0026AEBDB15DF98CC40FAEB7B9FB45B40F554168E904EB248D770ED00CBA4

Function 0190483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 098d978d12ab3768b0b85bcebf3395153e9d5c1feae32bb4c3d0aabd2bb8f2b3
Instruction ID: 18b54e3e4651b5db006ef9cfc76ac8ad67ef04954328ff1c8c9590dc7159b7c1
Opcode Fuzzy Hash: 098d978d12ab3768b0b85bcebf3395153e9d5c1feae32bb4c3d0aabd2bb8f2b3
Instruction Fuzzy Hash: 96315576A4012DAFCF22DF58DD44BDE7BB9AB98750F1400A5A60CE7250DA30DE918F91

Function 01926BD7 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da828039cb4df3d6594289cb2b64760d9bbd980170e70c9dbe230c64f2646675
Instruction ID: f9a7930f94f504f9c09cdf3edf596195ea8a7eb695c0b1be75b8971b37701d69
Opcode Fuzzy Hash: da828039cb4df3d6594289cb2b64760d9bbd980170e70c9dbe230c64f2646675
Instruction Fuzzy Hash: FB318131A042049BCB64CF2DD9C5A5B7BF8FF49340F4184A9EA08DF24AD270E945CBA5

Function 0188EB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c5ae6f3206efb5927b9c56e6b7404bbb47db0b9ea6ec6750a74cd2eb990a9cd
Instruction ID: 1a7451a684813c2ef7beb770fea89f53fd808db6834bcc53d8799ad1edeadc33
Opcode Fuzzy Hash: 9c5ae6f3206efb5927b9c56e6b7404bbb47db0b9ea6ec6750a74cd2eb990a9cd
Instruction Fuzzy Hash: 44319372E01219AFDB21EFADCC40AAEBBF9EF44750F114465EA16E7250D670DF008BA1

Function 019260B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc576706f666771561fd938f5e5bd533085af67490b6790078866b16f2d6326
Instruction ID: e36d83e3d5f2573f1de9a30beebf1f82ba029b24a6aa27593517eb66e7526e10
Opcode Fuzzy Hash: abc576706f666771561fd938f5e5bd533085af67490b6790078866b16f2d6326
Instruction Fuzzy Hash: C031D671A40626AFD712DF9DC850B6EB7B9FF84754F200069E909EB756DA30ED008B90

Function 018607AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 371aabf41009b1dbf8bc6aa5b889a6b699486d24ced2af22269098477418cf57
Instruction ID: 55b503e2b48d81e3b2538fa315e63bc2eee661639ce18bc0c296df419d17d337
Opcode Fuzzy Hash: 371aabf41009b1dbf8bc6aa5b889a6b699486d24ced2af22269098477418cf57
Instruction Fuzzy Hash: CD31B132A04716DBC713DE288C80AABBBA9EFD4750F014529FD55EB311DA30DE0197E6

Function 01868550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1bf94377f52d5239b60213fd34977697b6009c8d5bd5f895abba34957d5eb79
Instruction ID: 2de4c9cf01c77abddf9efe244decfb2dea9ab614b694f185f1454a7b091b7c23
Opcode Fuzzy Hash: a1bf94377f52d5239b60213fd34977697b6009c8d5bd5f895abba34957d5eb79
Instruction Fuzzy Hash: D7317C716093018FE720CF19C844B2ABBEAFB98B10F05496EF989D7391D770EA44CB91

Function 0189A6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: 21cd5dfd1644074a5666afa8590ad38cf07af09621c283ba330fe49377a7b44a
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: DF310E72B00705AFDB65CF6DDD41B57BBF8AB08B50F18492DA59AC3651E630EA00CB60

Function 0190EBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 558a4f31ea69031c918438446bdba80d77dfbb6437ebaa4c40d3e0ee61725ec8
Instruction ID: c366ab05997cddcb9df6a39d1ee69a1ff98f9e7ae765668de59f91b0b32fe5cb
Opcode Fuzzy Hash: 558a4f31ea69031c918438446bdba80d77dfbb6437ebaa4c40d3e0ee61725ec8
Instruction Fuzzy Hash: 0B319AB1A09311CFC712DF19C54095ABBF6FF89315F4449AEE88CAB291D332DA44CB92

Function 0188438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b31aae3c8da690d4d98791a7f3c5047a8af65f25f3a58de50e339461d36efb58
Instruction ID: ebfccaf79a259203f956ecf27979b1b111e39b1a6fa6dc6908e1ee582a551e5e
Opcode Fuzzy Hash: b31aae3c8da690d4d98791a7f3c5047a8af65f25f3a58de50e339461d36efb58
Instruction Fuzzy Hash: 2E31F172B016069FD720EFBCC881B6EBBF9AB80704F10842AD106D3255E730EB45CB91

Function 0185CB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: efe0112b807a058bfc0c9a889b001b7b149af27796179c00716e804648de2781
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 5821F236E0165AAADB109BB98840BEFBBB9EF54740F0580359E55EB340E370DE008BA1

Function 0185C156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b593b52807411cb9a506e69227febaf80c567cba728cb1b4dea4b1c3e45006ef
Instruction ID: 0d44c6552b497af5a75ed408c089b42321d8ca1add510b1159c66ef7d061aa36
Opcode Fuzzy Hash: b593b52807411cb9a506e69227febaf80c567cba728cb1b4dea4b1c3e45006ef
Instruction Fuzzy Hash: 2E3129725003019BD721AF6CCC80BE977B4EF91318F9482A9DD45DB342DA34DA86CB95

Function 0191C3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: d2327ef13a563a7c11cdba7b5e4f1c6877ebfa28bd4af877abb2b6450565ff11
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: B121453664065A77DF159B998C00FBBFB75EF80B11F40801AFA59C76D1D634DA81C361

Function 0185E420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9229d787f53d6bec34fe9a39bf08f5fd00a16ec20bce63f63dd5cd3611462bfd
Instruction ID: c2e439c17f325baaea75b87b9640df3a0f99fc825b80135fcc54aa952f2cba72
Opcode Fuzzy Hash: 9229d787f53d6bec34fe9a39bf08f5fd00a16ec20bce63f63dd5cd3611462bfd
Instruction Fuzzy Hash: 3D31B632A0152C9BEB31DF18CC81FEEBBB9EB15744F4101A1EA45E7290D6749F809F91

Function 01894588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: 8080d9f2bcbd3224d5d2377e1f0bd0b8d35a26b2b74a2c1dece5bc20b6c58cc9
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: E2217172A00609EBDF16CF58CA80A8EBBB5FF48714F148569EE15DB241D671EB06CB90

Function 018944B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c232732f882940979fd3d0f340e911a4c2520cebb430bf50888fb2e7fa1d7142
Instruction ID: 8d7b3f8e690e64964280b35df13d382cd63f397b279f6afda86fe091e91eaac6
Opcode Fuzzy Hash: c232732f882940979fd3d0f340e911a4c2520cebb430bf50888fb2e7fa1d7142
Instruction Fuzzy Hash: C721C3726047459FCB22DF58C980B6BB7E5FB88760F044529FD54DB641D730EE018BA2

Function 0185E388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: eef04ad63bf6fcc71e8fc2dcaf0cec951055a6c452f35b420233876a50c6852c
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: 8E318A31600608EFD721CB68C884F6ABBF9EF85358F1045A9E952CB291E730EF42CB51

Function 019303E6 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91dedb343d4ec090a2fc4ba428d5e4b40eda1aba77dc0b20a10ba904004fff97
Instruction ID: a36f50c9685a1b66a050f9294f548c5cecbba0180d1b653233a885b7a33bab39
Opcode Fuzzy Hash: 91dedb343d4ec090a2fc4ba428d5e4b40eda1aba77dc0b20a10ba904004fff97
Instruction Fuzzy Hash: 6A317571B04219AFDB14CBA5D998A9FBBB9FFC8254F054169F90AE3241D7306E04CBA0

Function 018DE609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df459e8ac5a235b1f99c7fa85a82ccd50aeb9cac429824db3825dbf76977bfc9
Instruction ID: 7398560fdb43cd02ad39ec5521089c84c38d3f9181645ae0e5b94a156b4243e6
Opcode Fuzzy Hash: df459e8ac5a235b1f99c7fa85a82ccd50aeb9cac429824db3825dbf76977bfc9
Instruction Fuzzy Hash: 8231AE75A00209DFCB14DF1CD8849AEBBB5FF88714B158459E809EB391E731EA40CB91

Function 01930591 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08ed67a3c14574a3ddaaa393d40b87ba3d90e7e1a17d5ad9644da01cd3255d46
Instruction ID: b92f909b79a8a11df2cb7bcf0f1fa4b8ed0b2aa06b608d0e0cabac4cdfa03beb
Opcode Fuzzy Hash: 08ed67a3c14574a3ddaaa393d40b87ba3d90e7e1a17d5ad9644da01cd3255d46
Instruction Fuzzy Hash: 9E21E1326142058FD728CE2EC880AAAB7E6EFC4315F694978E909DB29AD730F845C750

Function 018E06F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea2b9704f1fcb1b1f4af41ce562212d6f571ef81d4682b255a45a525629399b0
Instruction ID: 969e6103c791ee117ce7e2c5d91d1cf2bdaf65144bf8f6a0a0b88dbc4e3b8d28
Opcode Fuzzy Hash: ea2b9704f1fcb1b1f4af41ce562212d6f571ef81d4682b255a45a525629399b0
Instruction Fuzzy Hash: D021A071A002299BCF10DF59C881ABEB7F4FF49740B440069F941F7240D778AE41CBA1

Function 018E019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 850bfc85356541fca84aee6ab39695ea1cf4e234954b668aeca48c07780ffeaf
Instruction ID: b1a5945a3d8457f0a8c640222e95a86c35ef463cc46b8a1d94aa972480df5ec9
Opcode Fuzzy Hash: 850bfc85356541fca84aee6ab39695ea1cf4e234954b668aeca48c07780ffeaf
Instruction Fuzzy Hash: 9A21EC71600605AFD715DB6CC844F2AB7E8FF49740F140069F904EB6A1D738EE40CB69

Function 018E0283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b94a4818421a12345eb68bf31c979c0b1b3cc784115a90c264ffc7d875ea25
Instruction ID: d0a76ff168cbcad68d87f95cb91ab57cfb33d43524fe3627a1ad2e71a83e76f2
Opcode Fuzzy Hash: b2b94a4818421a12345eb68bf31c979c0b1b3cc784115a90c264ffc7d875ea25
Instruction Fuzzy Hash: 2721D072A043469BD712EF5DC848B5BBBECAF92740F080856BD80C7251D774CB08C6A3

Function 01882835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24ca023313db888d58b37f645655fcc6a04fb17e2af805a469a5ce85f0c1e6a4
Instruction ID: 618f74cda8550e70760c87c7c263f1b5077bdbad1766d8d112f36f93325be535
Opcode Fuzzy Hash: 24ca023313db888d58b37f645655fcc6a04fb17e2af805a469a5ce85f0c1e6a4
Instruction Fuzzy Hash: 5D210B317556899BE726676C8D04B243BD5AF41B74F180364FF20EB6D2EB7CCA41C242

Function 019301AA Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cd7cd25a58e64b496b245c7084852323008f3529a1c11592d45e4323fc38258
Instruction ID: f434885bf3e3392bc700c132b3a1007c86dab674b419a108bf6917a8d7280d89
Opcode Fuzzy Hash: 5cd7cd25a58e64b496b245c7084852323008f3529a1c11592d45e4323fc38258
Instruction Fuzzy Hash: 9B21E4E13042954FD705CF1A88F44B6BFE5EFD612674D81EAE8C8CB743C564990AC7A4

Function 0189A30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88101d22fbe5bbc00d1c53d9a309f271d194775be8aefb8aa398530b85d3667a
Instruction ID: 6c43060ea65bb45367366658a57a34e6b154de54e2c5bdf2035bc1a1d8b829bc
Opcode Fuzzy Hash: 88101d22fbe5bbc00d1c53d9a309f271d194775be8aefb8aa398530b85d3667a
Instruction Fuzzy Hash: CA218E752007019FCB29DF29CD01B56B7F5FF48B04F288468A509CBB61E371EA42DB95

Function 0191A49A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7ddf4beab5480d91db4dca6716ceced00bf94e4ed6050fa3471d8e99b1f1c48
Instruction ID: 2af92c0f1d76ea9c049e230b57ebd9f0e2b63f01039c17e848c12216d08b10f3
Opcode Fuzzy Hash: a7ddf4beab5480d91db4dca6716ceced00bf94e4ed6050fa3471d8e99b1f1c48
Instruction Fuzzy Hash: 9E112372385A19BBE32296589C00F2B769D9BD4B60F140428B71CCB2C8EB74DD008796

Function 018E0946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fde2b0e57ef30b952dc0c5118db67ac4dffae3b3d31728a9792c52a7660b4b2
Instruction ID: ca3c2a12bbe8966f284d4400b08e2099caf0a5c8a5617f225d99a58e25517ceb
Opcode Fuzzy Hash: 6fde2b0e57ef30b952dc0c5118db67ac4dffae3b3d31728a9792c52a7660b4b2
Instruction Fuzzy Hash: A621D6B1E00309ABDB10DFAAD8859AEFBF9FF98700F10012EE505E7241D7749A45CB55

Function 018F80A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: 6d8e143250d9e196648487a281b32b760e97f915e4b3c33bce756cdf6e594d8f
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: FD218172A00209EFDF129F58CC40B9EBBB9EF85310F204419FA00E7251D734DA50DB50

Function 0192EE26 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e208b409590fe4cac6a528f01c6ff81e8cd7dc4d5ac5b5df4eb2429f100703a3
Instruction ID: 587cad7e46949511307690bc0eab18bf202e52d379929fcf4b586b948bd3eb3d
Opcode Fuzzy Hash: e208b409590fe4cac6a528f01c6ff81e8cd7dc4d5ac5b5df4eb2429f100703a3
Instruction Fuzzy Hash: 2E21B433A105229B9B59CF3CC804466F7E6EFCC35436A427AD516EB269E770B9118784

Function 01890124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: 05df8d7511deaf3ed6726f0eef8944df2e63fd0776f3c0d3bf8fe0b1350f1102
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: 0511D0B2600A15AFEB229A48CC41F9ABBBCEF80B54F180429F600CB180D671EE44CB55

Function 01868770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a84fdb0e18f3a160a1730a157102becaf40900a06aa07ece98536dbc3fe48827
Instruction ID: dcaed0cff64357bf68d7a468366fc67fc77f4cbaba18965c8bbb52304c34c39e
Opcode Fuzzy Hash: a84fdb0e18f3a160a1730a157102becaf40900a06aa07ece98536dbc3fe48827
Instruction Fuzzy Hash: 7A119D717007159B9B11CF4EC580A26BBEDAF8B750B188069EE0CDF204D6B2DA018790

Function 0189AAEE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction ID: 107c3b3cce41045a02fb865787f315f2965c2bde02e69dbe1c47b8d486611bbe
Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction Fuzzy Hash: 6F217772640645DFDB299F4DC540A66BBE6FB94B14F18883DE94ACBA10C731EE01CB80

Function 018680E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c01122b8246d69b4fe7d9e300b573adbcfe4db28b61ec031a2f0ea0f3157c85d
Instruction ID: bc70fd34566d9ed3d3f040d4a0ecb0f0ce8707011d6446751dd3d82a5d22e6c1
Opcode Fuzzy Hash: c01122b8246d69b4fe7d9e300b573adbcfe4db28b61ec031a2f0ea0f3157c85d
Instruction Fuzzy Hash: 66216F75A00609DFCB14CF58C581A6EBBB9FB89718F24416DD109AB311D771AE06CBD0

Function 0189674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44964fbe85371938cf351edcc4efc795d081929c94a70d9747e8c56cfa65e6c1
Instruction ID: b1729f4ed159d839ba570d1f706624c6bc8c29228feb9d8da914a128bdf08b10
Opcode Fuzzy Hash: 44964fbe85371938cf351edcc4efc795d081929c94a70d9747e8c56cfa65e6c1
Instruction Fuzzy Hash: 56219071600B00EFDB20CF68C880F66B7F8FF44354F58892DE59AD7250EA30AA40CB61

Function 0188E8C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 552508b3065500872a45d8cc62bbd363682af7ec4ad2cfd7bc9860f3172d29a8
Instruction ID: 04cd1614d5823839224dfa92987cc3c6909fda47de81f9191cb6b02381fc617f
Opcode Fuzzy Hash: 552508b3065500872a45d8cc62bbd363682af7ec4ad2cfd7bc9860f3172d29a8
Instruction Fuzzy Hash: 82116B333002149FCF19DB28CC80A2BB2A7EFD1774B24452CEA26CB280E930DA02C791

Function 018F6870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 225e4af028dd980449a50759c71e76383bc4a587d8fa9457667441c50c095da6
Instruction ID: 12c9583a5e9cb8bbab0843a0e312252994f07797677776f0f6d1408a6afed30c
Opcode Fuzzy Hash: 225e4af028dd980449a50759c71e76383bc4a587d8fa9457667441c50c095da6
Instruction Fuzzy Hash: 89119132340614FBD722DB6DC940F9A77A8EB95B54F21412DF705DB262EA70EA01C7A1

Function 018966B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e28403b92f03fc7903d63171d6b2a388cc09aa36057897bf3e9101bf8880bd1e
Instruction ID: 0c7c63baf0fbcee684eb5eff1142ed476dc14ec758de6f972a022841a54dc576
Opcode Fuzzy Hash: e28403b92f03fc7903d63171d6b2a388cc09aa36057897bf3e9101bf8880bd1e
Instruction Fuzzy Hash: 17118C76A01205ABCF25DF59D580E5ABBE9EB94750B2A8179E905EB311F630DE00CB90

Function 0192A8E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction ID: 40f8747a1b92595415292ab40a88e22ceff7eee1d9f90962b5001cf5e477d4d4
Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction Fuzzy Hash: 2C11B236A00929AFDB19CB58CC05A9DBBF5EF84210F058269E859A7344E675AE51CB80

Function 01860AD0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction ID: 97260d16db394383ebb0b5181e42e90d69e360f775717b2bb619ca53d039aca2
Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction Fuzzy Hash: 2B2106B5A40B059FD3A0CF29C440B52BBF4FB48B10F10892EE98AC7B40E371E914CB94

Function 018EE7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: 75d6318a55cb1f168210e15d405647aca94602c7a5ac028753064dacd14bab51
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: 31110232A00619EFE7209F48C848B16BBE5EF42754F058428EA18DB160EB30DE44DB90

Function 018827ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25418be7af739f682bb71e3db3ccfceda203818fa100f6faa38349fbe1ab8222
Instruction ID: 16faa93316ecf1dbca42332b12967bd8d7d187189e82b285e6f7111a0476a7cd
Opcode Fuzzy Hash: 25418be7af739f682bb71e3db3ccfceda203818fa100f6faa38349fbe1ab8222
Instruction Fuzzy Hash: 5D014971705649AFE72AA26DDC84F277B9DEF80795F050078FA00DB241EA28DE00C2B2

Function 01864690 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e87c382a8a277b23f59ee9c5343a265f08ab293f7642ee2862f315fa986493a
Instruction ID: 1b38008b09da50240a9b2dcc5cac163c925cb699a32c740f2c4973fd1f290130
Opcode Fuzzy Hash: 0e87c382a8a277b23f59ee9c5343a265f08ab293f7642ee2862f315fa986493a
Instruction Fuzzy Hash: 6D110E76200648AFDB21CF5DC880F1A7BACEB96B68F084119F904CB251C378EA40CFA0

Function 01896620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59bb9044e6d10c1e10dafce9935afb052b565a4c20cc5a09f392019a5483eed2
Instruction ID: 28119a8ee706363c916a45db5f1c8ec3caba470f25ef73dc40793e998b47144e
Opcode Fuzzy Hash: 59bb9044e6d10c1e10dafce9935afb052b565a4c20cc5a09f392019a5483eed2
Instruction Fuzzy Hash: D7118272A00715ABEB22DF6DC980B5EFBB8EF84750F690459DA05E7200E730AE019B91

Function 0188EA2E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e1e2a64bb05e5fddf4093af8740132d75164e4cb544bcecd8481969711dd115
Instruction ID: 112dce83de1b8c17da7f6a33affd383cd3579795733e787f1fd4f97b0d7a27d7
Opcode Fuzzy Hash: 9e1e2a64bb05e5fddf4093af8740132d75164e4cb544bcecd8481969711dd115
Instruction Fuzzy Hash: E501F5715042059FE325EF18E404F26FBF9FB91714F25816AE104DB261D770ED42CB90

Function 0188E53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: 6fbdb6fcf7c4d083a92293732d1a69da8626341c00d91de4e49d1efa5ccb09ca
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: 8411E5712016C69BFB23A72CC954B657B95EB01B4CF1900A4EF41D7652F338CA42C262

Function 018EE75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: af34449d39788463a61b9ade63d82b595a6e20c44425e0fa985935c5a2e028d2
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: 33019232640105BFE7219F5CCC48F5A7AE9EB46B54F098424EA45DB260E775DF40C790

Function 0185A250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: 9aac7643237fbe68e623bda06a781f27690ce036a73f999a9b88be008fbc2ce8
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: FC012632404725AFCB758F19E881A327FA5EF55BA07008A2DFC95CB281C331D600CB60

Function 018DE1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a99ae86efd0e7ddf4b23c312001cd2eadb16703783ed9c144e5bb0aeb8dc96df
Instruction ID: 8d2d56bb7904556133e8fe883f82c53802dd74e3bdfcc47652240c27d82fe020
Opcode Fuzzy Hash: a99ae86efd0e7ddf4b23c312001cd2eadb16703783ed9c144e5bb0aeb8dc96df
Instruction Fuzzy Hash: E2117932241241EFDB15EF19C990F16BBB8FB94B84F2000A9FA05DB661D635EA01CA91

Function 01866259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042efdc512a94d58446aa2bbac7650e39037230de3802692ebfb3e7e4f7d7e0f
Instruction ID: ed7dabdd62354b34676f928441aac957ec5c1fd6005a678ab1eb37824bf1e62e
Opcode Fuzzy Hash: 042efdc512a94d58446aa2bbac7650e39037230de3802692ebfb3e7e4f7d7e0f
Instruction Fuzzy Hash: 11115E71541219ABEB35AB68CC41FE9B379AB04710F9041D4A314E61E0D7709F81CF85

Function 01896DA0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
Instruction ID: 20d0e60208754726d9067275ccba54b86edb473a82757094cd5c98008482d676
Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
Instruction Fuzzy Hash: F701FC7160415567EF259B59C804B9F7F64EB40B50F394055BA07DB290F774DA80C3E1

Function 0186208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: f941e18da8a792595a88fcb19c608abf02dd3ad9a77d3197fd3cfd091b2ab291
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: 9D0124322001118BEF119A2DD8C0B92BB6BBFC4700F1945E9EE05CF246DA71CE81C392

Function 018E6050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b457b7f8f0444bd216682dc4e48edd3f8525a4f8c802ead557f6e7b15a9330
Instruction ID: d4ecda3610a5c3b0e7d47ba6cf6b607ad2fa24af1686d763cc9afab1bdfe9696
Opcode Fuzzy Hash: f0b457b7f8f0444bd216682dc4e48edd3f8525a4f8c802ead557f6e7b15a9330
Instruction Fuzzy Hash: F5111773900119ABCB11DB98CC84EDFBBBCEF58358F044166A906E7211EA34EB15CBA1

Function 018F6500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f99c0025bc7099b9835a09393aea04c8e22ce8e56362bcfe877106e90333c42a
Instruction ID: 877b8f4aab9d229ae6e37dfe497cc58c4cae913f2e0da5c5387a85d935462ad6
Opcode Fuzzy Hash: f99c0025bc7099b9835a09393aea04c8e22ce8e56362bcfe877106e90333c42a
Instruction Fuzzy Hash: 3711E5326041459FD301CF18C800BA1BBB5FB5A314F188259F944DF315E732ED40CBA0

Function 018EC810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52efd4615aa20d31042828ef8a79d5a70052bee14e4d99eb13a67dde788accf1
Instruction ID: 29f4710a8da88db159e3ac0c736c85bc394bafb281914a2a91125494f5e7a550
Opcode Fuzzy Hash: 52efd4615aa20d31042828ef8a79d5a70052bee14e4d99eb13a67dde788accf1
Instruction Fuzzy Hash: BD1118B1E00219ABCB00DFA9D545AAEBBF8FF58350F10406AA905E7351D774EA018BA5

Function 0190EA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf2d462448d48abf32a760098577d64f974c4f99185ff5161a4d4c5dd8cb9bd
Instruction ID: 7117343b81e5622f2f4f05d54a8c856363a9c388df4c02866cfbbf9ed61717fb
Opcode Fuzzy Hash: ebf2d462448d48abf32a760098577d64f974c4f99185ff5161a4d4c5dd8cb9bd
Instruction Fuzzy Hash: D401B1325402119FCB33AE298440D26BBAEFF55791B444C2AE5599B291CB30DD81CB92

Function 018A20F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8203a5ba126d412ece624a0a4d805a13d3c064414bc96813f5c2b9536b73ac5b
Instruction ID: 466aa4ed52e9689211a45cf2fd24a92e4dee2a4be3f892923662fa58bb712502
Opcode Fuzzy Hash: 8203a5ba126d412ece624a0a4d805a13d3c064414bc96813f5c2b9536b73ac5b
Instruction Fuzzy Hash: 1C11A975A0120DEBDF15EFA8C840BAE7BB6EB44340F104058E912EB280EB34EF11CB91

Function 0185C020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: fbddf216bab3a1e5bef36acf53adfed7578db616b01bc6993c753a395d95d302
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: 0A01B532100705AFEF2296A9C840EA777EDFFC5318F054519A956CB640DB74E642CF51

Function 0189E5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f6ab2d69f4428b259fb126f551ccb5c1e4bfa4ecdf6460adc996c5d0ab1958c
Instruction ID: 9c3fec8e487d062b9c4f7031ea18e83b0ce762bf4afa5fe8d922c64e49a821b3
Opcode Fuzzy Hash: 5f6ab2d69f4428b259fb126f551ccb5c1e4bfa4ecdf6460adc996c5d0ab1958c
Instruction Fuzzy Hash: 0501DF71600A02BBD311BB7DCD80E17BBACFB947A4B000629F609C3650DB24EE01C6A2

Function 018F69C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 128c7fcc0456b8eb44b7af93c9c1ece04701aa41e4232f509b4e79676fe23fd0
Instruction ID: 03fef3b48f64199764e51b388393d0eb275a7815291bdc89c47cd971acaf38d5
Opcode Fuzzy Hash: 128c7fcc0456b8eb44b7af93c9c1ece04701aa41e4232f509b4e79676fe23fd0
Instruction Fuzzy Hash: AC01D8322242069BD320DF6D8848966FBA8EB54764F61422DEA69C7180F7309A05C7E2

Function 018EC460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a248f150fc8b5d77ab4dcc5e2f6caa16461ac480bf3a5923d53bf9f65747f229
Instruction ID: a469728c16d933c52dbc66c0585a7c7fd0394cfd52ee66ac1b2d659f72388cd0
Opcode Fuzzy Hash: a248f150fc8b5d77ab4dcc5e2f6caa16461ac480bf3a5923d53bf9f65747f229
Instruction Fuzzy Hash: 6F115B71A0120DABDF15EF68C884EAE7FB5EB49344F004099BD01E7340DB34EA11DB91

Function 018EC97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3657929af62613cf2b400e19a6600d0e2d607da8c8962d26f20654bd0163725b
Instruction ID: 6f5dbbdfcafb33afe205ffff91fa422b1620147f7d4b54af659bf59dfec8f82d
Opcode Fuzzy Hash: 3657929af62613cf2b400e19a6600d0e2d607da8c8962d26f20654bd0163725b
Instruction Fuzzy Hash: DC1179B1A083089FC700DF6DC441A5BBBE4EF99310F00451AB998D7391E730EA00CB92

Function 01934A80 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction ID: 05bd773c9957aa4b579a32dd18253e286e8aec6d6bf6a95eb17b681cabbc4a78
Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction Fuzzy Hash: 6501D4322046069FDB219A6DDC44F96BBEAFBC6210F094819E646CB650DAB4F882C794

Function 018ECA11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e94efa3a7b87615fa0f8380a9b95f381443fe52404ed9a3771d9fd9cadaf2daa
Instruction ID: 00fc647c373905e5cdb12f692b2451ee7586df9905fe470628466ad43a012e00
Opcode Fuzzy Hash: e94efa3a7b87615fa0f8380a9b95f381443fe52404ed9a3771d9fd9cadaf2daa
Instruction Fuzzy Hash: C21179B1A083089FC710DF6DC441A4BBBE4FF99350F00851AB958D73A0E730EA00CB92

Function 0187E016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: b411c2c892eb6fd306a6b42176c81ec6d2f071d3d1dafcb7789cf3355fc0d9a5
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: C6018F726015849FE323871DC948F667BE8FF4A758F0904A5FA09CBAA1D778DE40C622

Function 0185826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64b698fbefa9bf158f53b96388c6771f686633feba7dbf60b9778d8321daf9f1
Instruction ID: 8cb7a047370db4cfdcddb6e10accbf28fbcbf9ea0ad9ff61769401011b60372e
Opcode Fuzzy Hash: 64b698fbefa9bf158f53b96388c6771f686633feba7dbf60b9778d8321daf9f1
Instruction Fuzzy Hash: 4801D4317006099FD714DB6ED8089AEBBE9EF82390F45402A9E01E7644DE70DB01C792

Function 0190EB50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fb9eea45d9c8c70232285f418815dfa40a384374507d3d58efe9b9cd71b729d8
Instruction ID: 7ec0c258b06e9982123ddb0a055e0ca5e6a923d629cf5fe8d23d23708d85ac83
Opcode Fuzzy Hash: fb9eea45d9c8c70232285f418815dfa40a384374507d3d58efe9b9cd71b729d8
Instruction Fuzzy Hash: 3801A271644B05AFD3329F1AD841F02BBA9EF55B90F154C2AB60AAF390D6B0D9408B95

Function 01862582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b7845f1d20365347721b99c4f17460042082adbf5daf7cb48df02dd85d01e11
Instruction ID: ee71ddd08c21afe5302af511ecdbde39b15bd9f353b000eb1ba93cefe36c8022
Opcode Fuzzy Hash: 3b7845f1d20365347721b99c4f17460042082adbf5daf7cb48df02dd85d01e11
Instruction Fuzzy Hash: EDF0F432741A10B7C7319B5A8C44F47BEAEEBC4B90F044428BA0AD7600CA30EE01DBA1

Function 0188C073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: c9cd5079cc272a3e41bf13a6a912a93598a629c27e5a6c526ce1f1d0a6593404
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: 14F0C2B3A00611ABE324DF4DDC40E57FBEADBD1B80F048528E645C7220EA31DE05CB90

Function 0185C310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: 742d7a00d6f74a74f9bdaf5699a5dcdcba53a3b4f870090da07bdc5b9f5276f1
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: BBF0FC732047279BD772175D4880BABA69DCFD1B65F190035EE05DB201CBA18F02AAD2

Function 0189CA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: aeed75d15b9bb8dcf28230507f183435f1a751b717cdb9419963685f807308e2
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: 1E01F4722006899BD722971DC849F59BFD9EF42754F0C44A9FE04DB6A1D77DCA40C212

Function 019361E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b076bffe63d41686178c57b19bbdc529842cd0407dddc16539924747641b07fb
Instruction ID: f541539b4d0a9250efba07bcc40c5c0ad247fcba488c9650e189be658450c5dd
Opcode Fuzzy Hash: b076bffe63d41686178c57b19bbdc529842cd0407dddc16539924747641b07fb
Instruction Fuzzy Hash: B9014F71A01249ABDB04DFA9D445AEEBBF8BF58310F14405AE905F7280D774EB01CBA5

Function 018E63C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: 4bac27bb6d25efb3819fc61b818f0fe5e3ea1eb09c13702bc5d4c4139d08ef11
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: 22F0FF7210001DBFEF019F94DD80DAF7BBDEB55398B104125BA1192160D631DE21A7A1

Function 018EA4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f639e1e1a780c6f42e84717694f0e45ac49239dc2a1f51c4227b10a5df530d2
Instruction ID: f64d59e0bfbc6bb539e0c7a67a192fe320514a3779c3bb38925d2cade4fbab60
Opcode Fuzzy Hash: 2f639e1e1a780c6f42e84717694f0e45ac49239dc2a1f51c4227b10a5df530d2
Instruction Fuzzy Hash: 6F018536110219ABCF129E94D844EDA3FA6FB4CB64F068105FE18A6220C332DA70EB91

Function 0185C0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12cfc4a26bb1b2fe26c3e8697f087b0a7bc4d921c00fe985fceb701a4671af01
Instruction ID: 0e851132294604f4865ad64e60ea3469b78a8180eac23ec83b8d43e79d3ad076
Opcode Fuzzy Hash: 12cfc4a26bb1b2fe26c3e8697f087b0a7bc4d921c00fe985fceb701a4671af01
Instruction Fuzzy Hash: 1CF024B23847455BF7A4961D8C01B22329EE7C0791F29806AEF05CB2C1FB70DE018B94

Function 0189656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b8d15748512a9609ac58a680fcfd12d3f697adc1001a8d2a911d94d353419f2
Instruction ID: dadc7ad04767b18bc3f4bc1aef6e5ebd560ee56288f1a326c236b424a6c58ed0
Opcode Fuzzy Hash: 9b8d15748512a9609ac58a680fcfd12d3f697adc1001a8d2a911d94d353419f2
Instruction Fuzzy Hash: 2801AFB0204785DFFB369B6CCD48F293BE8BB40B04F5C0194BA11DBAD6EB78D6418612

Function 0190437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: 5a034d6febbb33082e2a5bb292ffa7a196c94f26772b9bdd53c9c5326ecd65a2
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: D4F089353819134BEB77AA2D9A20B2EA75E9F90E52B09252C9759CB6C0DF60D8018791

Function 018EC89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fb75d9e4ae190666a836cd5393bc3cdaa36ea9aa2cfc6061cf69e082a951eaa
Instruction ID: 808f48b97bbeac63213fb9f64ee200eba888f8933f48907c13422cb841ea83cf
Opcode Fuzzy Hash: 3fb75d9e4ae190666a836cd5393bc3cdaa36ea9aa2cfc6061cf69e082a951eaa
Instruction Fuzzy Hash: F2F0AF716097049FD310EF28C945A1ABBE4FF98710F80465ABC98DB390E734EA00C797

Function 018EE872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: d0d06dd227a6457bcdb1ecbdcb8c25697f90fbc131315c068b8656a867901c4b
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: E7F082337116329BE3319A5ECC84F16B7E8EFD6B60F590165AA08DB264C760ED01D7D1

Function 01890854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: 85fe59eb6f5cf158da96034bf3b856023b30145dd2f54c3914523e745d0fab61
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: BAF0B472614204EFE714DB25CC01F56B6EDEF98744F188478A945DB260FAB0DE01C654

Function 018EC912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac45a1ba7dcbedf0a5b81d4ee29856d72f0d47a036abe52edb0dfe5b44c3a7b6
Instruction ID: 87b7550bc7849bb7931d0f69995e6686d7b4c0897ce5d2445af4838f86b325dd
Opcode Fuzzy Hash: ac45a1ba7dcbedf0a5b81d4ee29856d72f0d47a036abe52edb0dfe5b44c3a7b6
Instruction Fuzzy Hash: 34F04F70A01249AFDB04EF69C515A5EB7F4EF18300F408055A955EB385DA78EB01CB61

Function 018647FB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fd35b826b605c8b2ff35bbbca7c89df082d12acab08f417dd6925d225976c20
Instruction ID: 9c0ddda46cffb5a72c45fbd614b08842f9befc378f8a63cc33472d3401fde5d8
Opcode Fuzzy Hash: 7fd35b826b605c8b2ff35bbbca7c89df082d12acab08f417dd6925d225976c20
Instruction Fuzzy Hash: A1F052319023E4CFE733CBECC048B69BBCC9B48B34F08886AC589C7502CB24DA80C650

Function 01920115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0f24dbb07334dd826ffdb016c1773dbcd6a72eb72a57ff62caaad8a17c24e71
Instruction ID: 6439f90a311de9e9c9b2ad23502e3d155630b948e36504b3f5bfb804f254a280
Opcode Fuzzy Hash: d0f24dbb07334dd826ffdb016c1773dbcd6a72eb72a57ff62caaad8a17c24e71
Instruction Fuzzy Hash: 73F0277641A79506CB325B2C74602D16F78B782110F6D1485E8A87720FC6748483C320

Function 0189C5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ec2df2eb7b9cbe96050ab370fdcf7cf9b58165d4e77db0193ad2ba3060f29f8
Instruction ID: d74f60074ce1528e9f461aba1d071170b829c41c28ff6e18054ad9226dbe2ebe
Opcode Fuzzy Hash: 4ec2df2eb7b9cbe96050ab370fdcf7cf9b58165d4e77db0193ad2ba3060f29f8
Instruction Fuzzy Hash: 6FF0E2716116519FEF33979CC148B517BD49B807A4F0D942DD506C7552C761FB80CAD1

Function 018A2619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: c78db8a7db3aa7d4c5d29eb7829f1c1ec36f21a2858d0fdd0d86c96324e48079
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: 31E092323416012BE7219E5D8C80F47776E9F92B10F440479B6049E251C9E2DE0982A5

Function 018F6030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: ed9753b370396955b0149883881204bc11cdd70556354f09abc4c76523160ae8
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: 45F0A0721002049FE3208F09D840F52B7F8EB55368F25C129E708EB160E33AED40CBA0

Function 01860710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: ffccefc2245c9dcc5daa57726e773614f65464473e93a2f0de1331140f6123fb
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: 0EF0E5392043459FDB1ACF19D050AD57BA8FB41360F004094FC46CB301D736EB81CB95

Function 018949D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: 5153e7afc93dcc967da5abdeef100ea61246689e38cc1ab69750209788614ecc
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: 70E0D833244149AFDB211A5D8900B6677E5DBD27A0F1D0429E202DB151DB78DE42C7D8

Function 0190678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: 7fd675733be6f0e4d2f153336ad4905eecc2ee46fca47eb0debe12877969e712
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: 50E0DF32A00214BFDB2297998E01F9ABEBCDB90FA0F090058B604E70D0E630DF00C690

Function 018625E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 03738cb30e3e20bf3991c04ed20b721ac9cf9fcaac3cd002590760b694906e02
Instruction ID: 3225f4b18801f48265648a0d506b2a4a82691740a69dc3fd3147f91173081a9e
Opcode Fuzzy Hash: 03738cb30e3e20bf3991c04ed20b721ac9cf9fcaac3cd002590760b694906e02
Instruction Fuzzy Hash: 88E092321006549BC321BB2DDD01F8A779AEBA0364F014515B115971A0CA30AE10C795

Function 0191A456 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction ID: e81c3a24030f68cf81371ceece07b1f7b3ca9dd0f84db3bd52dc55015acb0704
Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction Fuzzy Hash: 3BE09231051651DFE7326F2EC848B52BAE5BF50B12F148C2CA19E424F0C7759DC1DA41

Function 018E4000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: 4a76d3d78dc925c233afe1c9e4f202c0df19ab5c19b63cf59249f3906d839e67
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: 16E0AE343002058BE755CF1AC044B627BA6BFD6B10F28C078A9488F205EB32A9428A40

Function 0189CA38 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3de513aadebbcc39811d50ec301e15a5d34075da58c82198b6631182de3f4e1a
Instruction ID: 8d12239636aa18c6e7b97c3e351986b6126d776ae3efaa48241502279db39c57
Opcode Fuzzy Hash: 3de513aadebbcc39811d50ec301e15a5d34075da58c82198b6631182de3f4e1a
Instruction Fuzzy Hash: EFD02B724850606ACF36F11C7C04F973ADAAB50770F094C60F108D2010D759CE8193C4

Function 0185823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: 0c384ce3766c7e3ed7ead31bea841abd72a6733b4cb037b3a9695677baa7392a
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: 2EE08C31104A14EFEB322E2BDC00B517BA2FF95B90F10482AE482864A48670AA82DA46

Function 01862050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ac4f2e4de0ee9cbba0d351c0d51b48cfbde077107ce294824e84243d5a3d9f1
Instruction ID: b729edb7e3eb86a83ea39dca488b180e7604203ceec5a1a56f0f8d559b2cc663
Opcode Fuzzy Hash: 4ac4f2e4de0ee9cbba0d351c0d51b48cfbde077107ce294824e84243d5a3d9f1
Instruction Fuzzy Hash: 03E0C2331015506BC311FB6DDD41F4A739EEFA4360F000221F151D72E0CA20EE00C796

Function 01898A90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: 2f85b015491076f397f015e2976138c339f390a9b9ffc277d9e8edb78631f64e
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: 23E08633111A188BC728DE18D512B7277E4EF46720F09463EA61387780C534E544C795

Function 018B6AA4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction ID: 19d3ed3a5fe45c8cd3d52b6843063e2a4e136be0df45fa7ab45a04d7ccfa86ef
Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction Fuzzy Hash: 59D05E36511A50AFD7329F1BEE40C53BBF9FBC4B10705062EA54583A20C670E906DBA1

Function 0189E59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: cd511628931613b0d14ca2a3ba076f8ac2785bfa2ab5cee2f3280edec34b3b66
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: 67D02233604620AFE732AA2CFC00FC333E8BB98720F060459F018C7050C360EC81DA84

Function 018DE908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: 158bbe4ca53f8e868881e579790dfbfa263ae371051a1971e441fd1d3d765038
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: 14E0EC35951784AFDF12DF6DC640F5EBBB9BB94B40F550054A5089F660C624EA00DB81

Function 0185A0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: 2db5ac1c2f2dd1c6d1c3381130e86fa8cd54d163d8b68635adc7d5b7b1d90626
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: B5D0223222203093DB2C56696880F637905FBC0B94F0A012C3C0AD3800C0048D43E2E1

Function 0189A830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: 813e57a6811fb33eac8cf7934c5051011562cda9ca06aaf5d65c7298ed711717
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: 9AD012371D054DBBDB119F66DC01F957BA9E7A4BA0F444020B904C75A0C63AE950E585

Function 0189CA24 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6663605e2b76167def25a93d8c0a4ec530411a51373694f053462f167cb6753
Instruction ID: ad80ab8aa349c00fb3a88d50de29c84613a0a87c929df50d5090942ef0c0f7de
Opcode Fuzzy Hash: d6663605e2b76167def25a93d8c0a4ec530411a51373694f053462f167cb6753
Instruction Fuzzy Hash: 0AD0A930606202CBEF2ACF18CA90E2E3BB1FF10740B84006CEB00E2020E32ADE01DB10

Function 018702A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction ID: 1b86a6ec9ecb5449a3cddcd15897754d0504e786c1de184933e4dad02b2c9fc3
Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction Fuzzy Hash: 86D0C936626E80CFD61BCB0CC5A4B1533A4BB45F48F810490F401CBB22E63CDA80CA00

Function 0189C700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: 019abd13f4d6263e639d48de9c7ab23eae861f67aab8ab58ec454f5ea429901d
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: 69C01232290648AFD712AAA9CD01F027BA9EBA8B40F000021F6048B670C631E920EA86

Function 01880310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 9ad0e48b9f4b01c22ca869574b8eb317647351d7f3b56962f51522e93b6a8524
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 98D01236100249EFCB02EF45D890D9A772AFBD8710F108019FD19076108A31ED62DB50

Function 01860750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: 710e16a4cbc04f8209697d0596433ca3982db3c287cba06cfe4138d24d456505
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: 89C04C757115418FCF15DB1DD2D4F8977E4F744740F150890E805DB721E724E941DA12

Function 018A4340 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95da57dea59217b02367e5a7bb4aee3d81b9fe3a5609cd13ae1832819dd4fbc2
Instruction ID: bd8a1795daef4b3cddff84a8c5b7a59145caa971803f39105b98914b8742c21f
Opcode Fuzzy Hash: 95da57dea59217b02367e5a7bb4aee3d81b9fe3a5609cd13ae1832819dd4fbc2
Instruction Fuzzy Hash: E790023160580016914071584CC45864009A7E1301B55D011E1429564CCA148B5E5762

Function 018A4650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31807a34f7b18529507c21abb5d709b62355f3ae4f7a4eae43f46b16fd7cebc4
Instruction ID: 2332f337d6cca572a0c598001c4f755099f5f95ad7d1a866555f5eb6b7216c7b
Opcode Fuzzy Hash: 31807a34f7b18529507c21abb5d709b62355f3ae4f7a4eae43f46b16fd7cebc4
Instruction Fuzzy Hash: D190026160150046414071584C444466009A7E2301395D115A1559570CC6188A5D976A

Function 018A2B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a75f16b36fec44bd7664bc0bd67e0066d755a7f66c02b742113e9a96bbac977
Instruction ID: f4868a672c092634e62eaa317c63b51cdc75ab744532338beaf9fe6029a6f078
Opcode Fuzzy Hash: 5a75f16b36fec44bd7664bc0bd67e0066d755a7f66c02b742113e9a96bbac977
Instruction Fuzzy Hash: 4D90023120140806D10471584C446C6000997D1301F55D011A7029665ED6658A997632

Function 018A2BA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 387941cc3d9ead37390c8fa03c11a44338d0e37a1a868a5e4832f2bd456abaff
Instruction ID: db9a1d26bb9356501573ee70ed6ef20ccb300257ea97376d4dd2d11d732d5f4e
Opcode Fuzzy Hash: 387941cc3d9ead37390c8fa03c11a44338d0e37a1a868a5e4832f2bd456abaff
Instruction Fuzzy Hash: 8690023160540806D15071584854786000997D1301F55D011A1029664DC7558B5D7BA2

Function 018A2BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc59b7fde517867bd953a15ac3ade4cfb846bd5e277521736bb8b3c9e4e3b47
Instruction ID: 242b7171aeb29661a3dd002297d451330e3826d44fb65aec84edf8e440b39135
Opcode Fuzzy Hash: abc59b7fde517867bd953a15ac3ade4cfb846bd5e277521736bb8b3c9e4e3b47
Instruction Fuzzy Hash: DC90023120544846D14071584844A86001997D1305F55D011A10696A4DD6258F5DBB62

Function 018A2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47f58f72c80b1f52cd17e4b10c0dbfe5d830b2d6565d7424dcb9085cfd16a102
Instruction ID: f9adcfa4a9e199f55b546c9bcd4e6d4cb41f557cb011ef34981696b50b52a31b
Opcode Fuzzy Hash: 47f58f72c80b1f52cd17e4b10c0dbfe5d830b2d6565d7424dcb9085cfd16a102
Instruction Fuzzy Hash: 4D90023120140806D1807158484468A000997D2301F95D015A102A664DCA158B5D7BA2

Function 018A2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b67033f0f6deb182830fa180763aa0bdb91a594d9b5cde8cdec4496a777915c
Instruction ID: bdfd9bf4adf5db0cca183e5fa6029d1d76a9ae1982cbb144e341c2485c6f5986
Opcode Fuzzy Hash: 4b67033f0f6deb182830fa180763aa0bdb91a594d9b5cde8cdec4496a777915c
Instruction Fuzzy Hash: 3C9002A1201540964500B2588844B4A450997E1301B55D016E2059570CC5258A599636

Function 018A2AD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3c247444864a281cfcc63b3da29ac24e82777d9c1ff5d54048db88102837512
Instruction ID: d505e9827c6a0bdeb685b6cf2b579e46504ac82849b5706ef98737e292f67296
Opcode Fuzzy Hash: e3c247444864a281cfcc63b3da29ac24e82777d9c1ff5d54048db88102837512
Instruction Fuzzy Hash: 2F900225211400070105B5580B44547004A97D6351355D021F201A560CD6218A695622

Function 018A2AF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5697d33aad45207c7a50dccebc0fa59e337f1b5901f189e5ade8f9cee6550a95
Instruction ID: ca21d4cb26c386bb0ecd70e14be343ddf250e07f25e447fc98441ebfbe225e73
Opcode Fuzzy Hash: 5697d33aad45207c7a50dccebc0fa59e337f1b5901f189e5ade8f9cee6550a95
Instruction Fuzzy Hash: A7900225221400060145B5580A4454B0449A7D7351395D015F241B5A0CC6218A6D5722

Function 018A2DB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1634ca87bac1a292948bb196e323ec6363eba845819b313dd805da46b229563c
Instruction ID: 432302f11cb08f6cf6ac331ec8444e30948e3620d735e01a077c875aa4f88ed6
Opcode Fuzzy Hash: 1634ca87bac1a292948bb196e323ec6363eba845819b313dd805da46b229563c
Instruction Fuzzy Hash: BF90023124140406D14171584844646000DA7D1341F95D012A1429564EC6558B5EAF62

Function 018A2DD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c6090c702074e7600f7667a967b775902eced5628729783ea5a6b4b55a294d6
Instruction ID: 0209eb781f89321a2850b295600e24ef9143722ba5dc988b414084c96e05862c
Opcode Fuzzy Hash: 8c6090c702074e7600f7667a967b775902eced5628729783ea5a6b4b55a294d6
Instruction Fuzzy Hash: 48900221242441565545B1584844547400AA7E1341795D012A2419960CC5269A5EDB22

Function 018A2D00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f893a658d6131684763dec48aa70d89f8d9d142371afe8b90f7dd8faaad3dd46
Instruction ID: e23c7ea29546540d04fe1580bacf859cd375d3d34b81950020f66ed642e1ed04
Opcode Fuzzy Hash: f893a658d6131684763dec48aa70d89f8d9d142371afe8b90f7dd8faaad3dd46
Instruction Fuzzy Hash: F390022120544446D10075585848A46000997D1305F55E011A20695A5DC6358A59A632

Function 018A2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da5fa15e2c8bea8f824633f376f63d82644de1a156642cf0257634839fff4dc8
Instruction ID: 2e462dc878ecbd150c9096c09ed222934a2aa6781a720de8eeacbf97d7a1bc90
Opcode Fuzzy Hash: da5fa15e2c8bea8f824633f376f63d82644de1a156642cf0257634839fff4dc8
Instruction Fuzzy Hash: D190022921340006D1807158584864A000997D2302F95E415A101A568CC9158A6D5722

Function 018A2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aea45ff08788c44c649b0c24e148f1e79f757833b578fa8206debe8a1b12b7c
Instruction ID: a35df927c6f40fc26ab84bda67cb498e1826f8b4b938e3d2a6a6d6f99dd8667e
Opcode Fuzzy Hash: 9aea45ff08788c44c649b0c24e148f1e79f757833b578fa8206debe8a1b12b7c
Instruction Fuzzy Hash: 9C90022130140007D140715858586464009E7E2301F55E011E1419564CD9158A5E5723

Function 018A2CA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b99a61b2c009b7979d2a828191964db1ebb4de7e659ea0e44fbabec509815b5f
Instruction ID: 40e786307af66b9a7da6780d74093491591a6eb8a03c32679ce4757a69b9ddc9
Opcode Fuzzy Hash: b99a61b2c009b7979d2a828191964db1ebb4de7e659ea0e44fbabec509815b5f
Instruction Fuzzy Hash: DB90023120140406D10075985848686000997E1301F55E011A6029565EC6658A996632

Function 018A2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bbd9c4a3f62d3df78fdebd87c6b93aa49512bdde0df3928f965ff159e1286a4
Instruction ID: 104dfc23f476e55835fded525c2355680aa20b03b7be8113575346af5cd64e6f
Opcode Fuzzy Hash: 9bbd9c4a3f62d3df78fdebd87c6b93aa49512bdde0df3928f965ff159e1286a4
Instruction Fuzzy Hash: 5190022160540406D14071585858746001997D1301F55E011A1029564DC6598B5D6BA2

Function 018A2CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6edc828046d245c74260a2e894110b849d6722b5f9814f93803f5b7b5259e23
Instruction ID: e08f8192d0cc025d4160cc1bb88e1ad293b0262042509f625c6a90ee9c93c015
Opcode Fuzzy Hash: e6edc828046d245c74260a2e894110b849d6722b5f9814f93803f5b7b5259e23
Instruction Fuzzy Hash: 7390023120140407D10071585948747000997D1301F55E411A1429568DD6568A596622

Function 018A2C60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d3cb131ce94196ebdde521af7751f96e2cbdf146343e86c131ca9eab6f74ba9
Instruction ID: ccb542d19543b9539815910c64c726e0c062bfa139b515ca94d0e3ad06261f95
Opcode Fuzzy Hash: 1d3cb131ce94196ebdde521af7751f96e2cbdf146343e86c131ca9eab6f74ba9
Instruction Fuzzy Hash: FB90023120140846D10071584844B86000997E1301F55D016A1129664DC615CA597A22

Function 018A2F90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d1810f2fd4ee5aa21d982251bb00b8e7ba291af5217e39b83fa0c775b6fd74b
Instruction ID: 6a0da59503dc9c6ac0f2ea1d8995925a6936f7f53f741efdf0a5f523952a87ff
Opcode Fuzzy Hash: 4d1810f2fd4ee5aa21d982251bb00b8e7ba291af5217e39b83fa0c775b6fd74b
Instruction Fuzzy Hash: 2790023120180406D10071584C5474B000997D1302F55D011A2169565DC6258A596A72

Function 018A2FA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ffa019f54ecbdedff10d10462c77645ac18c64aceda526f232be144720680f4
Instruction ID: ec35fdfdf13059428983a89dccce95521baf327f256994fc6683dc8f3f6f1f53
Opcode Fuzzy Hash: 5ffa019f54ecbdedff10d10462c77645ac18c64aceda526f232be144720680f4
Instruction Fuzzy Hash: FD90023120180406D10071584C48787000997D1302F55D011A6169565EC665CA996A32

Function 018A2FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feee6b708ad6c82c67830ad67633f4d4ab563eb32e85d0bf2bb0efe057e7e3c1
Instruction ID: 73817803902f14d5a9da092b51401f8c99fadb764405b8a99700725588f8e946
Opcode Fuzzy Hash: feee6b708ad6c82c67830ad67633f4d4ab563eb32e85d0bf2bb0efe057e7e3c1
Instruction Fuzzy Hash: AC90022160140046414071688C849464009BBE2311755D121A199D560DC5598A6D5B66

Function 018A2FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b05251befa2f165bdc8518c16b354ff5b189139a84a8f3208ad2873f672f64ac
Instruction ID: 08b6df357c573eeb9f4257ad32672b0af59d0b12c1bedfc3cf5d03db4fa175c5
Opcode Fuzzy Hash: b05251befa2f165bdc8518c16b354ff5b189139a84a8f3208ad2873f672f64ac
Instruction Fuzzy Hash: 33900221211C0046D20075684C54B47000997D1303F55D115A1159564CC9158A695A22

Function 018A2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 408c01b55724bfbe1ad41e6ae1cf02a77f0a07c6261db834ff038f27a568eb4c
Instruction ID: dd38998439b02301ac736be90c0ff5df40d102d8584912a6ffe237dc2f08667a
Opcode Fuzzy Hash: 408c01b55724bfbe1ad41e6ae1cf02a77f0a07c6261db834ff038f27a568eb4c
Instruction Fuzzy Hash: C190026134140446D10071584854B460009D7E2301F55D015E2069564DC619CE5A6627

Function 018A2F60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8859ecd6c9073f731bc50e783a4da1f94c6c8f391b168ae20e4ba4c69c000c2e
Instruction ID: dc24e854d8b23fb14759b99b0679a4e045222eca798760ee8ce835b66d7c05a0
Opcode Fuzzy Hash: 8859ecd6c9073f731bc50e783a4da1f94c6c8f391b168ae20e4ba4c69c000c2e
Instruction Fuzzy Hash: 0790026121140046D10471584844746004997E2301F55D012A3159564CC5298E695626

Function 018A2E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59dae94a2d46c2972b4d7f9f216c15f29656ae6e6fccffac3d8e7cef746139e3
Instruction ID: b280621807846a3e18efc8b2b5cc9459a92b91932851ca6c277b44a7ac7113a5
Opcode Fuzzy Hash: 59dae94a2d46c2972b4d7f9f216c15f29656ae6e6fccffac3d8e7cef746139e3
Instruction Fuzzy Hash: EA90022160140506D10171584844656000E97D1341F95D022A2029565ECA258B9AA632

Function 018A2EA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13c16656afe9707267f4dc34ad1f76fd07e5313356e822f4b3dd75c0c66e86c1
Instruction ID: e7751a25828bc7c7463bdc5a5f91970034cb361c79b0d60c22706c2a4ee5795e
Opcode Fuzzy Hash: 13c16656afe9707267f4dc34ad1f76fd07e5313356e822f4b3dd75c0c66e86c1
Instruction Fuzzy Hash: 6B90027120140406D14071584844786000997D1301F55D011A6069564EC6598FDD6B66

Function 018A2EE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3191241866ac120e660f0de327e85fc0a5dc809144be56c0262339c80a003608
Instruction ID: 5ba4826f5fd05252a55340d57cb3ad81fc43c2b0939edf4f9a30575b98242613
Opcode Fuzzy Hash: 3191241866ac120e660f0de327e85fc0a5dc809144be56c0262339c80a003608
Instruction Fuzzy Hash: 7290026120180407D14075584C44647000997D1302F55D011A3069565ECA298E596636

Function 018A2E30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a75e5224ba9c146593dc3a6e2f690f6c9d60b4c6373b1dce5d57aca229deffd7
Instruction ID: 5d9c7b8bf1bef92e38af7e0338cf9d089849895ea98d29e7f2c854eb05e64963
Opcode Fuzzy Hash: a75e5224ba9c146593dc3a6e2f690f6c9d60b4c6373b1dce5d57aca229deffd7
Instruction Fuzzy Hash: 2F90022130140406D10271584854646000DD7D2345F95D012E2429565DC6258B5BA633

Function 018A3090 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bb817cd96746a3126095dfab62f59c494724ba4a229dc059ecc3d5945485abf
Instruction ID: 2e18b69970a9b80ff06336e79b669f291bf21ed2385868fdd946923bd503c9aa
Opcode Fuzzy Hash: 3bb817cd96746a3126095dfab62f59c494724ba4a229dc059ecc3d5945485abf
Instruction Fuzzy Hash: 8E90022124140806D14071588854747000AD7D1701F55D011A1029564DC6168B6D6BB2

Function 018A3010 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c122689344fd0ebc2a56d8477b72818b2a52bfe4a83ee9a715e515465ee96d4
Instruction ID: 43120a35a0552f68918f9c1dd2b7ce62025e8bd8655cbc71e4f82d29dc80b8b2
Opcode Fuzzy Hash: 5c122689344fd0ebc2a56d8477b72818b2a52bfe4a83ee9a715e515465ee96d4
Instruction Fuzzy Hash: F690022120184446D14072584C44B4F410997E2302F95D019A515B564CC9158A5D5B22

Function 018A39B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d20969f2f34960f8fa1c76623e348aee613b52686794904b3fb0d6d285841fc1
Instruction ID: 03fb01c8d083812bdd08ced3b476842ff8550d0684e31d92c961884c174d83ad
Opcode Fuzzy Hash: d20969f2f34960f8fa1c76623e348aee613b52686794904b3fb0d6d285841fc1
Instruction Fuzzy Hash: 3290022124545106D150715C48446564009B7E1301F55D021A18195A4DC5558A5D6722

Function 018A3D10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b37f364ca163028ba253ab1d22f038758803670b358deb205e62f1d62352a661
Instruction ID: 3a8e21d84fdf1755b4dec124c85d9216e3c16341bd75099d64a15e78b608c61b
Opcode Fuzzy Hash: b37f364ca163028ba253ab1d22f038758803670b358deb205e62f1d62352a661
Instruction Fuzzy Hash: 5390023120240146954072585C44A8E410997E2302B95E415A101A564CC9148A695722

Function 018A2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 495660c6c6ebb40cda5277ddaf59ab26478b30a0221369676ecf7f655a56e0dd
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 018A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 018A293C
___swprintf_l.LIBCMT ref: 018A295E
___swprintf_l.LIBCMT ref: 018A29A3
___swprintf_l.LIBCMT ref: 018DA52E

Strings

::ffff:0:%u.%u.%u.%u, xrefs: 018DA54E
:%u.%u.%u.%u, xrefs: 018DA5B8
ffff:, xrefs: 018DA504
::%hs%u.%u.%u.%u, xrefs: 018DA527

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 4a32caf65a3db453b981b226abc97aea5978002fcff4fb4f17607b8c7e2b913d
Instruction ID: 405ee2b63be1e87b99eaef81be36d9ad88f1dac0735e08896355a61e03d99192
Opcode Fuzzy Hash: 4a32caf65a3db453b981b226abc97aea5978002fcff4fb4f17607b8c7e2b913d
Instruction Fuzzy Hash: E851F9B2A0021ABFDB25DB9C89D097EFBB9BB48740B948229F495D7641D334DF0087E0

Function 01912410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 019124A6
___swprintf_l.LIBCMT ref: 019124E2
___swprintf_l.LIBCMT ref: 0191257D
___swprintf_l.LIBCMT ref: 019125A3
___swprintf_l.LIBCMT ref: 019125C8
___swprintf_l.LIBCMT ref: 01912608

Strings

::ffff:0:%u.%u.%u.%u, xrefs: 019124DA
::%hs%u.%u.%u.%u, xrefs: 0191249E
:%u.%u.%u.%u, xrefs: 019125FF
ffff:, xrefs: 0191247D, 0191249D

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 59e87a61eb011a6e1281cd7d3359bc124b418f3f77e41ab29b1dd28dbb22841a
Instruction ID: 85f3fb51820a1b5a50e0cc5f3b2a7220a4ebc6063d379fe2a95485a3a8fa7039
Opcode Fuzzy Hash: 59e87a61eb011a6e1281cd7d3359bc124b418f3f77e41ab29b1dd28dbb22841a
Instruction Fuzzy Hash: 97512A71A006496ECB30EF5CC9D087FB7FCEB44301B648869F59AD7685E674DA808760

Function 01897630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

Execute=1, xrefs: 018D4713
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018D46FC
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 018D4742
ExecuteOptions, xrefs: 018D46A0
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 018D4655
CLIENT(ntdll): Processing section info %ws..., xrefs: 018D4787
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 018D4725

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: e574790721ea0dbc361ba05222f98e1319ad9ffc8d9ff3a8e79e129f4d1ec3dd
Instruction ID: 672e325399dc7e4e60828f12a082a32e844e3b8c2cf5da90e6cdca7e4f7c3457
Opcode Fuzzy Hash: e574790721ea0dbc361ba05222f98e1319ad9ffc8d9ff3a8e79e129f4d1ec3dd
Instruction Fuzzy Hash: 3251093165021D7BEF21AFA8DC89FAD77A8AF55304F0800A9D605EB181EB70AB45CF95

Function 018AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 018AB6BF

Strings

-, xrefs: 018AB650
0, xrefs: 018AB66F
+, xrefs: 018AB65A
0, xrefs: 018AB695

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction ID: 3b5e5b8a5e5c4832d1f5056523aa9ef1fc3ed7699cd2bc86bae7de93d48bcdca
Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction Fuzzy Hash: CD81AF70E052499FFF298E6CC8917FEBFB1AF45360F984219D861E7291C7749A40CB51

Function 019120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0191214F
___swprintf_l.LIBCMT ref: 01912172

Strings

]:%u, xrefs: 01912169
[, xrefs: 0191212B
%%%u, xrefs: 01912146

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: b857b117e89db5b7dc6a2dd863d5ab5e285adf1dcf5d46506b0794b26016388a
Instruction ID: ad5e58f75c554b30c5e7a9618ea15bd7f6ff8762533bc1d7881886703d0900a9
Opcode Fuzzy Hash: b857b117e89db5b7dc6a2dd863d5ab5e285adf1dcf5d46506b0794b26016388a
Instruction Fuzzy Hash: 3F214F7AA0011DABDB11EF69C840AEEBBFDEF54754F580126E909E3204E730DA418BA1

Function 0188F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018D02E7
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018D02BD
RTL: Re-Waiting, xrefs: 018D031E

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: 3aea30c28acdaaa878c568356c621fe7c82970f05415f022188b928b6445fc89
Instruction ID: 3b45dea7df11fddf30f3819c062f054df513c34675e45dda47f8d9c59d0cc6e6
Opcode Fuzzy Hash: 3aea30c28acdaaa878c568356c621fe7c82970f05415f022188b928b6445fc89
Instruction Fuzzy Hash: E5E18C306087429FE725EF2CC884B2ABBE0BB85318F140A5DF6A5CB2D1D774DA45CB52

Function 0189B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018D728C

Strings

RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 018D7294
RTL: Resource at %p, xrefs: 018D72A3
RTL: Re-Waiting, xrefs: 018D72C1

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: be0e6ca860be2148885babd6cf124c434543861580e76c2b1cee43e286543ad9
Instruction ID: 57be1ebb26e989b460472533eee0e708e4eb18a5e7b9830f888afb4b745bf629
Opcode Fuzzy Hash: be0e6ca860be2148885babd6cf124c434543861580e76c2b1cee43e286543ad9
Instruction Fuzzy Hash: B5411131700346ABDB21DE29CC81F6AB7A5FF95718F140619FA56EB240DB31FA428BD1

Function 01912300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0191238D
___swprintf_l.LIBCMT ref: 019123B3

Strings

%%%u, xrefs: 01912384
]:%u, xrefs: 019123AA

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: c4bb41950e83d5ef92e719e0ba6fa357ff93f6320842bf954dc9e15d0cb5587e
Instruction ID: 57d9816d619ef909ceb83edff5f3d2c2647594135042fae8198bdd361d9d11c3
Opcode Fuzzy Hash: c4bb41950e83d5ef92e719e0ba6fa357ff93f6320842bf954dc9e15d0cb5587e
Instruction Fuzzy Hash: 44317372A002199FDB20DF2DCC40BEEB7B8EB54751F940555E949E3244EB30AA458BA1

Function 01869126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 01869175
$, xrefs: 01869191

Memory Dump Source

Source File: 00000000.00000002.2114902781.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_qWfJQYqN3A.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 36f474deb1c9c282b4d2f9cd221f0a94258abc5044f7f57fbfe66fc818f720c4
Instruction ID: 52043a69ad0d5edee13e60bd6cc29fda7bf025da813aa1335014c7a95a6ec065
Opcode Fuzzy Hash: 36f474deb1c9c282b4d2f9cd221f0a94258abc5044f7f57fbfe66fc818f720c4
Instruction Fuzzy Hash: 67810B71D00269DBDB25DB58CC44BEAB7B8AB48714F0041DAEA19F7280D7309F85CF61

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report qWfJQYqN3A.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

E-Banking Fraud

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: qWfJQYqN3A.exePID: 7552, Parent PID: 4056

General

Chronological Activities

Disassembly

Analysis Process: qWfJQYqN3A.exePID: 7552, Parent PID: 4056COMMON

Execution Graph

Graph

Executed Functions

Function 00A77553 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Control-flow Graph

Function 00A8C413 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON

Control-flow Graph

Windows Analysis Report
qWfJQYqN3A.exe

Function 00A77553 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Function 00A8C413 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Function 018A2B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 018A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 018A2C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Function 018A35C0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00A8C723 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 00A8C773 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Function 00A8C7C3 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Function 018A2C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE