Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fTq2vadDnr.exe

Overview

General Information

Sample name:fTq2vadDnr.exe
renamed because original name is a hash value
Original sample name:bedcc99f8319d0256e5ef3c87a4ba6c32a0caa5b13bc7fb4bae133d76314c974.exe
Analysis ID:1530785
MD5:2bd589148ebcd5e8f3e38e03dac1bcf2
SHA1:62fe9bd9f75aaca8f96864dd4d59ea19a21ed6cd
SHA256:bedcc99f8319d0256e5ef3c87a4ba6c32a0caa5b13bc7fb4bae133d76314c974
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Machine Learning detection for sample
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • fTq2vadDnr.exe (PID: 1384 cmdline: "C:\Users\user\Desktop\fTq2vadDnr.exe" MD5: 2BD589148EBCD5E8F3E38E03DAC1BCF2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2e6b3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x16712:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000000.00000002.1836586763.0000000000600000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.1836586763.0000000000600000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2c220:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1427f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.fTq2vadDnr.exe.1f0000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0.2.fTq2vadDnr.exe.1f0000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2e8b3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x16912:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: fTq2vadDnr.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: fTq2vadDnr.exeReversingLabs: Detection: 60%
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.fTq2vadDnr.exe.1f0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.1836586763.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: fTq2vadDnr.exeJoe Sandbox ML: detected
        Source: fTq2vadDnr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: fTq2vadDnr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: fTq2vadDnr.exe, 00000000.00000003.1506981705.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000003.1504944131.00000000008AB000.00000004.00000020.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000002.1836740359.0000000000DAE000.00000040.00001000.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: fTq2vadDnr.exe, fTq2vadDnr.exe, 00000000.00000003.1506981705.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000003.1504944131.00000000008AB000.00000004.00000020.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000002.1836740359.0000000000DAE000.00000040.00001000.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.fTq2vadDnr.exe.1f0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.1836586763.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0.2.fTq2vadDnr.exe.1f0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.1836586763.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_0021C933 NtClose,0_2_0021C933
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F1B11 NtProtectVirtualMemory,0_2_001F1B11
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82B60 NtClose,LdrInitializeThunk,0_2_00C82B60
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_00C82C70
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_00C82DF0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C835C0 NtCreateMutant,LdrInitializeThunk,0_2_00C835C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C84340 NtSetContextThread,0_2_00C84340
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C84650 NtSuspendThread,0_2_00C84650
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82AD0 NtReadFile,0_2_00C82AD0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82AF0 NtWriteFile,0_2_00C82AF0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82AB0 NtWaitForSingleObject,0_2_00C82AB0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82BE0 NtQueryValueKey,0_2_00C82BE0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82BF0 NtAllocateVirtualMemory,0_2_00C82BF0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82B80 NtQueryInformationFile,0_2_00C82B80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82BA0 NtEnumerateValueKey,0_2_00C82BA0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82CC0 NtQueryVirtualMemory,0_2_00C82CC0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82CF0 NtOpenProcess,0_2_00C82CF0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82CA0 NtQueryInformationToken,0_2_00C82CA0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82C60 NtCreateKey,0_2_00C82C60
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82C00 NtQueryInformationProcess,0_2_00C82C00
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82DD0 NtDelayExecution,0_2_00C82DD0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82DB0 NtEnumerateKey,0_2_00C82DB0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82D00 NtSetInformationFile,0_2_00C82D00
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82D10 NtMapViewOfSection,0_2_00C82D10
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82D30 NtUnmapViewOfSection,0_2_00C82D30
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82EE0 NtQueueApcThread,0_2_00C82EE0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82E80 NtReadVirtualMemory,0_2_00C82E80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82EA0 NtAdjustPrivilegesToken,0_2_00C82EA0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82E30 NtWriteVirtualMemory,0_2_00C82E30
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82FE0 NtCreateFile,0_2_00C82FE0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82F90 NtProtectVirtualMemory,0_2_00C82F90
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82FA0 NtQuerySection,0_2_00C82FA0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82FB0 NtResumeThread,0_2_00C82FB0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82F60 NtCreateProcessEx,0_2_00C82F60
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82F30 NtCreateSection,0_2_00C82F30
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C83090 NtSetValueKey,0_2_00C83090
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C83010 NtOpenDirectoryObject,0_2_00C83010
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C839B0 NtGetContextThread,0_2_00C839B0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C83D70 NtOpenThread,0_2_00C83D70
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C83D10 NtOpenProcessToken,0_2_00C83D10
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_002000C30_2_002000C3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F28F00_2_001F28F0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F32100_2_001F3210
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00206A7E0_2_00206A7E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00206A830_2_00206A83
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_002002E30_2_002002E3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001FE3630_2_001FE363
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F1C900_2_001F1C90
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001FE53B0_2_001FE53B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F25C00_2_001F25C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_0021EFA30_2_0021EFA3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE20000_2_00CE2000
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D081CC0_2_00D081CC
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D041A20_2_00D041A2
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D101AA0_2_00D101AA
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD81580_2_00CD8158
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C401000_2_00C40100
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEA1180_2_00CEA118
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD02C00_2_00CD02C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF02740_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5E3F00_2_00C5E3F0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D103E60_2_00D103E6
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0A3520_2_00D0A352
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CFE4F60_2_00CFE4F6
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D024460_2_00D02446
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF44200_2_00CF4420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D105910_2_00D10591
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C505350_2_00C50535
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6C6E00_2_00C6C6E0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4C7C00_2_00C4C7C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C747500_2_00C74750
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C507700_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E8F00_2_00C7E8F0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C368B80_2_00C368B8
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C528400_2_00C52840
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5A8400_2_00C5A840
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A00_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D1A9A60_2_00D1A9A6
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C669620_2_00C66962
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4EA800_2_00C4EA80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D06BD70_2_00D06BD7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0AB400_2_00D0AB40
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C40CF20_2_00C40CF2
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0CB50_2_00CF0CB5
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50C000_2_00C50C00
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4ADE00_2_00C4ADE0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C68DBF0_2_00C68DBF
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5AD000_2_00C5AD00
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CECD1F0_2_00CECD1F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0EEDB0_2_00D0EEDB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0CE930_2_00D0CE93
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C62E900_2_00C62E90
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50E590_2_00C50E59
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0EE260_2_00D0EE26
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C42FC80_2_00C42FC8
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5CFE00_2_00C5CFE0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCEFA00_2_00CCEFA0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC4F400_2_00CC4F40
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C92F280_2_00C92F28
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C70F300_2_00C70F30
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF2F300_2_00CF2F30
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CFF0CC0_2_00CFF0CC
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C570C00_2_00C570C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0F0E00_2_00D0F0E0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D070E90_2_00D070E9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5B1B00_2_00C5B1B0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C8516C0_2_00C8516C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3F1720_2_00C3F172
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D1B16B0_2_00D1B16B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6B2C00_2_00C6B2C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF12ED0_2_00CF12ED
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C552A00_2_00C552A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C9739A0_2_00C9739A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3D34C0_2_00C3D34C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0132D0_2_00D0132D
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C414600_2_00C41460
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0F43F0_2_00D0F43F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D195C30_2_00D195C3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CED5B00_2_00CED5B0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D075710_2_00D07571
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D016CC0_2_00D016CC
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C956300_2_00C95630
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0F7B00_2_00D0F7B0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C538E00_2_00C538E0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBD8000_2_00CBD800
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C599500_2_00C59950
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6B9500_2_00C6B950
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE59100_2_00CE5910
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CFDAC60_2_00CFDAC6
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEDAAC0_2_00CEDAAC
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C95AA00_2_00C95AA0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF1AA30_2_00CF1AA3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D07A460_2_00D07A46
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0FA490_2_00D0FA49
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC3A6C0_2_00CC3A6C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C8DBF90_2_00C8DBF9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC5BF00_2_00CC5BF0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6FB800_2_00C6FB80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0FB760_2_00D0FB76
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0FCF20_2_00D0FCF2
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC9C320_2_00CC9C32
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6FDC00_2_00C6FDC0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C53D400_2_00C53D40
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D01D5A0_2_00D01D5A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D07D730_2_00D07D73
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C59EB00_2_00C59EB0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C13FD20_2_00C13FD2
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C13FD50_2_00C13FD5
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C51F920_2_00C51F92
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0FFB10_2_00D0FFB1
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0FF090_2_00D0FF09
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: String function: 00C3B970 appears 280 times
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: String function: 00C85130 appears 58 times
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: String function: 00C97E54 appears 110 times
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: String function: 00CCF290 appears 105 times
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: String function: 00CBEA12 appears 86 times
        Source: fTq2vadDnr.exeStatic PE information: No import functions for PE file found
        Source: fTq2vadDnr.exe, 00000000.00000002.1836740359.0000000000EE1000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs fTq2vadDnr.exe
        Source: fTq2vadDnr.exe, 00000000.00000003.1504944131.00000000009CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs fTq2vadDnr.exe
        Source: fTq2vadDnr.exe, 00000000.00000003.1506981705.0000000000B8C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs fTq2vadDnr.exe
        Source: fTq2vadDnr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 0.2.fTq2vadDnr.exe.1f0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.1836586763.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: fTq2vadDnr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: fTq2vadDnr.exeStatic PE information: Section .text
        Source: classification engineClassification label: mal80.troj.winEXE@1/0@0/0
        Source: fTq2vadDnr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: fTq2vadDnr.exeReversingLabs: Detection: 60%
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeSection loaded: apphelp.dllJump to behavior
        Source: fTq2vadDnr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: fTq2vadDnr.exe, 00000000.00000003.1506981705.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000003.1504944131.00000000008AB000.00000004.00000020.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000002.1836740359.0000000000DAE000.00000040.00001000.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: fTq2vadDnr.exe, fTq2vadDnr.exe, 00000000.00000003.1506981705.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000003.1504944131.00000000008AB000.00000004.00000020.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000002.1836740359.0000000000DAE000.00000040.00001000.00020000.00000000.sdmp, fTq2vadDnr.exe, 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_0020682C push cs; iretd 0_2_0020688A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F1A15 pushad ; iretd 0_2_001F1A61
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_0020EA0E push ds; retf 0_2_0020EA93
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_0020EA13 push ds; retf 0_2_0020EA93
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F1A72 pushad ; iretd 0_2_001F1A61
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_0020EA4E push ds; retf 0_2_0020EA93
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F52FE push ebp; iretd 0_2_001F52FF
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F3490 push eax; ret 0_2_001F3492
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F15C1 push esi; ret 0_2_001F15E3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00205DD0 push cs; iretd 0_2_00205DDD
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F86C1 push ebx; iretd 0_2_001F86C2
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_001F4EE3 push edx; retf 0_2_001F4EE5
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C1225F pushad ; ret 0_2_00C127F9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C127FA pushad ; ret 0_2_00C127F9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C1283D push eax; iretd 0_2_00C12858
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C409AD push ecx; mov dword ptr [esp], ecx0_2_00C409B6
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C11355 push eax; iretd 0_2_00C11369
        Source: fTq2vadDnr.exeStatic PE information: section name: .text entropy: 7.994627303541561
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C8096E rdtsc 0_2_00C8096E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeAPI coverage: 0.7 %
        Source: C:\Users\user\Desktop\fTq2vadDnr.exe TID: 4476Thread sleep time: -30000s >= -30000sJump to behavior
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C8096E rdtsc 0_2_00C8096E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00207A33 LdrLoadDll,0_2_00207A33
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC20DE mov eax, dword ptr fs:[00000030h]0_2_00CC20DE
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3A0E3 mov ecx, dword ptr fs:[00000030h]0_2_00C3A0E3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC60E0 mov eax, dword ptr fs:[00000030h]0_2_00CC60E0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C480E9 mov eax, dword ptr fs:[00000030h]0_2_00C480E9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3C0F0 mov eax, dword ptr fs:[00000030h]0_2_00C3C0F0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C820F0 mov ecx, dword ptr fs:[00000030h]0_2_00C820F0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4208A mov eax, dword ptr fs:[00000030h]0_2_00C4208A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C380A0 mov eax, dword ptr fs:[00000030h]0_2_00C380A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD80A8 mov eax, dword ptr fs:[00000030h]0_2_00CD80A8
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D060B8 mov eax, dword ptr fs:[00000030h]0_2_00D060B8
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D060B8 mov ecx, dword ptr fs:[00000030h]0_2_00D060B8
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C42050 mov eax, dword ptr fs:[00000030h]0_2_00C42050
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC6050 mov eax, dword ptr fs:[00000030h]0_2_00CC6050
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6C073 mov eax, dword ptr fs:[00000030h]0_2_00C6C073
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC4000 mov ecx, dword ptr fs:[00000030h]0_2_00CC4000
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE2000 mov eax, dword ptr fs:[00000030h]0_2_00CE2000
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE2000 mov eax, dword ptr fs:[00000030h]0_2_00CE2000
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE2000 mov eax, dword ptr fs:[00000030h]0_2_00CE2000
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE2000 mov eax, dword ptr fs:[00000030h]0_2_00CE2000
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE2000 mov eax, dword ptr fs:[00000030h]0_2_00CE2000
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE2000 mov eax, dword ptr fs:[00000030h]0_2_00CE2000
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE2000 mov eax, dword ptr fs:[00000030h]0_2_00CE2000
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE2000 mov eax, dword ptr fs:[00000030h]0_2_00CE2000
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5E016 mov eax, dword ptr fs:[00000030h]0_2_00C5E016
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5E016 mov eax, dword ptr fs:[00000030h]0_2_00C5E016
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5E016 mov eax, dword ptr fs:[00000030h]0_2_00C5E016
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5E016 mov eax, dword ptr fs:[00000030h]0_2_00C5E016
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3A020 mov eax, dword ptr fs:[00000030h]0_2_00C3A020
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3C020 mov eax, dword ptr fs:[00000030h]0_2_00C3C020
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD6030 mov eax, dword ptr fs:[00000030h]0_2_00CD6030
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D061C3 mov eax, dword ptr fs:[00000030h]0_2_00D061C3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D061C3 mov eax, dword ptr fs:[00000030h]0_2_00D061C3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE1D0 mov eax, dword ptr fs:[00000030h]0_2_00CBE1D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE1D0 mov eax, dword ptr fs:[00000030h]0_2_00CBE1D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE1D0 mov ecx, dword ptr fs:[00000030h]0_2_00CBE1D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE1D0 mov eax, dword ptr fs:[00000030h]0_2_00CBE1D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE1D0 mov eax, dword ptr fs:[00000030h]0_2_00CBE1D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D161E5 mov eax, dword ptr fs:[00000030h]0_2_00D161E5
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C701F8 mov eax, dword ptr fs:[00000030h]0_2_00C701F8
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CFC188 mov eax, dword ptr fs:[00000030h]0_2_00CFC188
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CFC188 mov eax, dword ptr fs:[00000030h]0_2_00CFC188
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C80185 mov eax, dword ptr fs:[00000030h]0_2_00C80185
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE4180 mov eax, dword ptr fs:[00000030h]0_2_00CE4180
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE4180 mov eax, dword ptr fs:[00000030h]0_2_00CE4180
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC019F mov eax, dword ptr fs:[00000030h]0_2_00CC019F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC019F mov eax, dword ptr fs:[00000030h]0_2_00CC019F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC019F mov eax, dword ptr fs:[00000030h]0_2_00CC019F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC019F mov eax, dword ptr fs:[00000030h]0_2_00CC019F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3A197 mov eax, dword ptr fs:[00000030h]0_2_00C3A197
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3A197 mov eax, dword ptr fs:[00000030h]0_2_00C3A197
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3A197 mov eax, dword ptr fs:[00000030h]0_2_00C3A197
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD4144 mov eax, dword ptr fs:[00000030h]0_2_00CD4144
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD4144 mov eax, dword ptr fs:[00000030h]0_2_00CD4144
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD4144 mov ecx, dword ptr fs:[00000030h]0_2_00CD4144
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD4144 mov eax, dword ptr fs:[00000030h]0_2_00CD4144
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD4144 mov eax, dword ptr fs:[00000030h]0_2_00CD4144
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C46154 mov eax, dword ptr fs:[00000030h]0_2_00C46154
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C46154 mov eax, dword ptr fs:[00000030h]0_2_00C46154
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3C156 mov eax, dword ptr fs:[00000030h]0_2_00C3C156
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD8158 mov eax, dword ptr fs:[00000030h]0_2_00CD8158
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14164 mov eax, dword ptr fs:[00000030h]0_2_00D14164
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14164 mov eax, dword ptr fs:[00000030h]0_2_00D14164
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE10E mov eax, dword ptr fs:[00000030h]0_2_00CEE10E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE10E mov ecx, dword ptr fs:[00000030h]0_2_00CEE10E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE10E mov eax, dword ptr fs:[00000030h]0_2_00CEE10E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE10E mov eax, dword ptr fs:[00000030h]0_2_00CEE10E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE10E mov ecx, dword ptr fs:[00000030h]0_2_00CEE10E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE10E mov eax, dword ptr fs:[00000030h]0_2_00CEE10E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE10E mov eax, dword ptr fs:[00000030h]0_2_00CEE10E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE10E mov ecx, dword ptr fs:[00000030h]0_2_00CEE10E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE10E mov eax, dword ptr fs:[00000030h]0_2_00CEE10E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE10E mov ecx, dword ptr fs:[00000030h]0_2_00CEE10E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D00115 mov eax, dword ptr fs:[00000030h]0_2_00D00115
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEA118 mov ecx, dword ptr fs:[00000030h]0_2_00CEA118
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEA118 mov eax, dword ptr fs:[00000030h]0_2_00CEA118
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEA118 mov eax, dword ptr fs:[00000030h]0_2_00CEA118
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEA118 mov eax, dword ptr fs:[00000030h]0_2_00CEA118
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C70124 mov eax, dword ptr fs:[00000030h]0_2_00C70124
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A2C3 mov eax, dword ptr fs:[00000030h]0_2_00C4A2C3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A2C3 mov eax, dword ptr fs:[00000030h]0_2_00C4A2C3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A2C3 mov eax, dword ptr fs:[00000030h]0_2_00C4A2C3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A2C3 mov eax, dword ptr fs:[00000030h]0_2_00C4A2C3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A2C3 mov eax, dword ptr fs:[00000030h]0_2_00C4A2C3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D162D6 mov eax, dword ptr fs:[00000030h]0_2_00D162D6
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C502E1 mov eax, dword ptr fs:[00000030h]0_2_00C502E1
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C502E1 mov eax, dword ptr fs:[00000030h]0_2_00C502E1
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C502E1 mov eax, dword ptr fs:[00000030h]0_2_00C502E1
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E284 mov eax, dword ptr fs:[00000030h]0_2_00C7E284
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E284 mov eax, dword ptr fs:[00000030h]0_2_00C7E284
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC0283 mov eax, dword ptr fs:[00000030h]0_2_00CC0283
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC0283 mov eax, dword ptr fs:[00000030h]0_2_00CC0283
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC0283 mov eax, dword ptr fs:[00000030h]0_2_00CC0283
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C502A0 mov eax, dword ptr fs:[00000030h]0_2_00C502A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C502A0 mov eax, dword ptr fs:[00000030h]0_2_00C502A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD62A0 mov eax, dword ptr fs:[00000030h]0_2_00CD62A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD62A0 mov ecx, dword ptr fs:[00000030h]0_2_00CD62A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD62A0 mov eax, dword ptr fs:[00000030h]0_2_00CD62A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD62A0 mov eax, dword ptr fs:[00000030h]0_2_00CD62A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD62A0 mov eax, dword ptr fs:[00000030h]0_2_00CD62A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD62A0 mov eax, dword ptr fs:[00000030h]0_2_00CD62A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D1625D mov eax, dword ptr fs:[00000030h]0_2_00D1625D
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC8243 mov eax, dword ptr fs:[00000030h]0_2_00CC8243
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC8243 mov ecx, dword ptr fs:[00000030h]0_2_00CC8243
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3A250 mov eax, dword ptr fs:[00000030h]0_2_00C3A250
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C46259 mov eax, dword ptr fs:[00000030h]0_2_00C46259
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CFA250 mov eax, dword ptr fs:[00000030h]0_2_00CFA250
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CFA250 mov eax, dword ptr fs:[00000030h]0_2_00CFA250
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C44260 mov eax, dword ptr fs:[00000030h]0_2_00C44260
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C44260 mov eax, dword ptr fs:[00000030h]0_2_00C44260
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C44260 mov eax, dword ptr fs:[00000030h]0_2_00C44260
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3826B mov eax, dword ptr fs:[00000030h]0_2_00C3826B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF0274 mov eax, dword ptr fs:[00000030h]0_2_00CF0274
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3823B mov eax, dword ptr fs:[00000030h]0_2_00C3823B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CFC3CD mov eax, dword ptr fs:[00000030h]0_2_00CFC3CD
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A3C0 mov eax, dword ptr fs:[00000030h]0_2_00C4A3C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A3C0 mov eax, dword ptr fs:[00000030h]0_2_00C4A3C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A3C0 mov eax, dword ptr fs:[00000030h]0_2_00C4A3C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A3C0 mov eax, dword ptr fs:[00000030h]0_2_00C4A3C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A3C0 mov eax, dword ptr fs:[00000030h]0_2_00C4A3C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A3C0 mov eax, dword ptr fs:[00000030h]0_2_00C4A3C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C483C0 mov eax, dword ptr fs:[00000030h]0_2_00C483C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C483C0 mov eax, dword ptr fs:[00000030h]0_2_00C483C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C483C0 mov eax, dword ptr fs:[00000030h]0_2_00C483C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C483C0 mov eax, dword ptr fs:[00000030h]0_2_00C483C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC63C0 mov eax, dword ptr fs:[00000030h]0_2_00CC63C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE3DB mov eax, dword ptr fs:[00000030h]0_2_00CEE3DB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE3DB mov eax, dword ptr fs:[00000030h]0_2_00CEE3DB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE3DB mov ecx, dword ptr fs:[00000030h]0_2_00CEE3DB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEE3DB mov eax, dword ptr fs:[00000030h]0_2_00CEE3DB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE43D4 mov eax, dword ptr fs:[00000030h]0_2_00CE43D4
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE43D4 mov eax, dword ptr fs:[00000030h]0_2_00CE43D4
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C503E9 mov eax, dword ptr fs:[00000030h]0_2_00C503E9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C503E9 mov eax, dword ptr fs:[00000030h]0_2_00C503E9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C503E9 mov eax, dword ptr fs:[00000030h]0_2_00C503E9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C503E9 mov eax, dword ptr fs:[00000030h]0_2_00C503E9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C503E9 mov eax, dword ptr fs:[00000030h]0_2_00C503E9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C503E9 mov eax, dword ptr fs:[00000030h]0_2_00C503E9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C503E9 mov eax, dword ptr fs:[00000030h]0_2_00C503E9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C503E9 mov eax, dword ptr fs:[00000030h]0_2_00C503E9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5E3F0 mov eax, dword ptr fs:[00000030h]0_2_00C5E3F0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5E3F0 mov eax, dword ptr fs:[00000030h]0_2_00C5E3F0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5E3F0 mov eax, dword ptr fs:[00000030h]0_2_00C5E3F0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C763FF mov eax, dword ptr fs:[00000030h]0_2_00C763FF
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6438F mov eax, dword ptr fs:[00000030h]0_2_00C6438F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6438F mov eax, dword ptr fs:[00000030h]0_2_00C6438F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3E388 mov eax, dword ptr fs:[00000030h]0_2_00C3E388
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3E388 mov eax, dword ptr fs:[00000030h]0_2_00C3E388
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3E388 mov eax, dword ptr fs:[00000030h]0_2_00C3E388
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C38397 mov eax, dword ptr fs:[00000030h]0_2_00C38397
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C38397 mov eax, dword ptr fs:[00000030h]0_2_00C38397
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C38397 mov eax, dword ptr fs:[00000030h]0_2_00C38397
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0A352 mov eax, dword ptr fs:[00000030h]0_2_00D0A352
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC2349 mov eax, dword ptr fs:[00000030h]0_2_00CC2349
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC035C mov eax, dword ptr fs:[00000030h]0_2_00CC035C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC035C mov eax, dword ptr fs:[00000030h]0_2_00CC035C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC035C mov eax, dword ptr fs:[00000030h]0_2_00CC035C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC035C mov ecx, dword ptr fs:[00000030h]0_2_00CC035C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC035C mov eax, dword ptr fs:[00000030h]0_2_00CC035C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC035C mov eax, dword ptr fs:[00000030h]0_2_00CC035C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE8350 mov ecx, dword ptr fs:[00000030h]0_2_00CE8350
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D1634F mov eax, dword ptr fs:[00000030h]0_2_00D1634F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE437C mov eax, dword ptr fs:[00000030h]0_2_00CE437C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A30B mov eax, dword ptr fs:[00000030h]0_2_00C7A30B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A30B mov eax, dword ptr fs:[00000030h]0_2_00C7A30B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A30B mov eax, dword ptr fs:[00000030h]0_2_00C7A30B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3C310 mov ecx, dword ptr fs:[00000030h]0_2_00C3C310
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C60310 mov ecx, dword ptr fs:[00000030h]0_2_00C60310
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D18324 mov eax, dword ptr fs:[00000030h]0_2_00D18324
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D18324 mov ecx, dword ptr fs:[00000030h]0_2_00D18324
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D18324 mov eax, dword ptr fs:[00000030h]0_2_00D18324
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D18324 mov eax, dword ptr fs:[00000030h]0_2_00D18324
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C404E5 mov ecx, dword ptr fs:[00000030h]0_2_00C404E5
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CFA49A mov eax, dword ptr fs:[00000030h]0_2_00CFA49A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C464AB mov eax, dword ptr fs:[00000030h]0_2_00C464AB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C744B0 mov ecx, dword ptr fs:[00000030h]0_2_00C744B0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCA4B0 mov eax, dword ptr fs:[00000030h]0_2_00CCA4B0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E443 mov eax, dword ptr fs:[00000030h]0_2_00C7E443
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E443 mov eax, dword ptr fs:[00000030h]0_2_00C7E443
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E443 mov eax, dword ptr fs:[00000030h]0_2_00C7E443
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E443 mov eax, dword ptr fs:[00000030h]0_2_00C7E443
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E443 mov eax, dword ptr fs:[00000030h]0_2_00C7E443
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E443 mov eax, dword ptr fs:[00000030h]0_2_00C7E443
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E443 mov eax, dword ptr fs:[00000030h]0_2_00C7E443
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E443 mov eax, dword ptr fs:[00000030h]0_2_00C7E443
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CFA456 mov eax, dword ptr fs:[00000030h]0_2_00CFA456
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6245A mov eax, dword ptr fs:[00000030h]0_2_00C6245A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3645D mov eax, dword ptr fs:[00000030h]0_2_00C3645D
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCC460 mov ecx, dword ptr fs:[00000030h]0_2_00CCC460
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6A470 mov eax, dword ptr fs:[00000030h]0_2_00C6A470
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6A470 mov eax, dword ptr fs:[00000030h]0_2_00C6A470
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6A470 mov eax, dword ptr fs:[00000030h]0_2_00C6A470
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C78402 mov eax, dword ptr fs:[00000030h]0_2_00C78402
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C78402 mov eax, dword ptr fs:[00000030h]0_2_00C78402
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C78402 mov eax, dword ptr fs:[00000030h]0_2_00C78402
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3E420 mov eax, dword ptr fs:[00000030h]0_2_00C3E420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3E420 mov eax, dword ptr fs:[00000030h]0_2_00C3E420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3E420 mov eax, dword ptr fs:[00000030h]0_2_00C3E420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3C427 mov eax, dword ptr fs:[00000030h]0_2_00C3C427
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC6420 mov eax, dword ptr fs:[00000030h]0_2_00CC6420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC6420 mov eax, dword ptr fs:[00000030h]0_2_00CC6420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC6420 mov eax, dword ptr fs:[00000030h]0_2_00CC6420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC6420 mov eax, dword ptr fs:[00000030h]0_2_00CC6420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC6420 mov eax, dword ptr fs:[00000030h]0_2_00CC6420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC6420 mov eax, dword ptr fs:[00000030h]0_2_00CC6420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC6420 mov eax, dword ptr fs:[00000030h]0_2_00CC6420
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A430 mov eax, dword ptr fs:[00000030h]0_2_00C7A430
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E5CF mov eax, dword ptr fs:[00000030h]0_2_00C7E5CF
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E5CF mov eax, dword ptr fs:[00000030h]0_2_00C7E5CF
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C465D0 mov eax, dword ptr fs:[00000030h]0_2_00C465D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A5D0 mov eax, dword ptr fs:[00000030h]0_2_00C7A5D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A5D0 mov eax, dword ptr fs:[00000030h]0_2_00C7A5D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E5E7 mov eax, dword ptr fs:[00000030h]0_2_00C6E5E7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E5E7 mov eax, dword ptr fs:[00000030h]0_2_00C6E5E7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E5E7 mov eax, dword ptr fs:[00000030h]0_2_00C6E5E7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E5E7 mov eax, dword ptr fs:[00000030h]0_2_00C6E5E7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E5E7 mov eax, dword ptr fs:[00000030h]0_2_00C6E5E7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E5E7 mov eax, dword ptr fs:[00000030h]0_2_00C6E5E7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E5E7 mov eax, dword ptr fs:[00000030h]0_2_00C6E5E7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E5E7 mov eax, dword ptr fs:[00000030h]0_2_00C6E5E7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C425E0 mov eax, dword ptr fs:[00000030h]0_2_00C425E0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7C5ED mov eax, dword ptr fs:[00000030h]0_2_00C7C5ED
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7C5ED mov eax, dword ptr fs:[00000030h]0_2_00C7C5ED
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C42582 mov eax, dword ptr fs:[00000030h]0_2_00C42582
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C42582 mov ecx, dword ptr fs:[00000030h]0_2_00C42582
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C74588 mov eax, dword ptr fs:[00000030h]0_2_00C74588
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7E59C mov eax, dword ptr fs:[00000030h]0_2_00C7E59C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC05A7 mov eax, dword ptr fs:[00000030h]0_2_00CC05A7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC05A7 mov eax, dword ptr fs:[00000030h]0_2_00CC05A7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC05A7 mov eax, dword ptr fs:[00000030h]0_2_00CC05A7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C645B1 mov eax, dword ptr fs:[00000030h]0_2_00C645B1
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C645B1 mov eax, dword ptr fs:[00000030h]0_2_00C645B1
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C48550 mov eax, dword ptr fs:[00000030h]0_2_00C48550
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C48550 mov eax, dword ptr fs:[00000030h]0_2_00C48550
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7656A mov eax, dword ptr fs:[00000030h]0_2_00C7656A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7656A mov eax, dword ptr fs:[00000030h]0_2_00C7656A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7656A mov eax, dword ptr fs:[00000030h]0_2_00C7656A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD6500 mov eax, dword ptr fs:[00000030h]0_2_00CD6500
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14500 mov eax, dword ptr fs:[00000030h]0_2_00D14500
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14500 mov eax, dword ptr fs:[00000030h]0_2_00D14500
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14500 mov eax, dword ptr fs:[00000030h]0_2_00D14500
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14500 mov eax, dword ptr fs:[00000030h]0_2_00D14500
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14500 mov eax, dword ptr fs:[00000030h]0_2_00D14500
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14500 mov eax, dword ptr fs:[00000030h]0_2_00D14500
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14500 mov eax, dword ptr fs:[00000030h]0_2_00D14500
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50535 mov eax, dword ptr fs:[00000030h]0_2_00C50535
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50535 mov eax, dword ptr fs:[00000030h]0_2_00C50535
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50535 mov eax, dword ptr fs:[00000030h]0_2_00C50535
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50535 mov eax, dword ptr fs:[00000030h]0_2_00C50535
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50535 mov eax, dword ptr fs:[00000030h]0_2_00C50535
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50535 mov eax, dword ptr fs:[00000030h]0_2_00C50535
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E53E mov eax, dword ptr fs:[00000030h]0_2_00C6E53E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E53E mov eax, dword ptr fs:[00000030h]0_2_00C6E53E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E53E mov eax, dword ptr fs:[00000030h]0_2_00C6E53E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E53E mov eax, dword ptr fs:[00000030h]0_2_00C6E53E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E53E mov eax, dword ptr fs:[00000030h]0_2_00C6E53E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A6C7 mov ebx, dword ptr fs:[00000030h]0_2_00C7A6C7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A6C7 mov eax, dword ptr fs:[00000030h]0_2_00C7A6C7
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE6F2 mov eax, dword ptr fs:[00000030h]0_2_00CBE6F2
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE6F2 mov eax, dword ptr fs:[00000030h]0_2_00CBE6F2
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE6F2 mov eax, dword ptr fs:[00000030h]0_2_00CBE6F2
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE6F2 mov eax, dword ptr fs:[00000030h]0_2_00CBE6F2
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC06F1 mov eax, dword ptr fs:[00000030h]0_2_00CC06F1
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC06F1 mov eax, dword ptr fs:[00000030h]0_2_00CC06F1
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C44690 mov eax, dword ptr fs:[00000030h]0_2_00C44690
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C44690 mov eax, dword ptr fs:[00000030h]0_2_00C44690
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7C6A6 mov eax, dword ptr fs:[00000030h]0_2_00C7C6A6
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C766B0 mov eax, dword ptr fs:[00000030h]0_2_00C766B0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5C640 mov eax, dword ptr fs:[00000030h]0_2_00C5C640
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A660 mov eax, dword ptr fs:[00000030h]0_2_00C7A660
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A660 mov eax, dword ptr fs:[00000030h]0_2_00C7A660
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C72674 mov eax, dword ptr fs:[00000030h]0_2_00C72674
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0866E mov eax, dword ptr fs:[00000030h]0_2_00D0866E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0866E mov eax, dword ptr fs:[00000030h]0_2_00D0866E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE609 mov eax, dword ptr fs:[00000030h]0_2_00CBE609
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5260B mov eax, dword ptr fs:[00000030h]0_2_00C5260B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5260B mov eax, dword ptr fs:[00000030h]0_2_00C5260B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5260B mov eax, dword ptr fs:[00000030h]0_2_00C5260B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5260B mov eax, dword ptr fs:[00000030h]0_2_00C5260B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5260B mov eax, dword ptr fs:[00000030h]0_2_00C5260B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5260B mov eax, dword ptr fs:[00000030h]0_2_00C5260B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5260B mov eax, dword ptr fs:[00000030h]0_2_00C5260B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82619 mov eax, dword ptr fs:[00000030h]0_2_00C82619
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C5E627 mov eax, dword ptr fs:[00000030h]0_2_00C5E627
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C76620 mov eax, dword ptr fs:[00000030h]0_2_00C76620
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C78620 mov eax, dword ptr fs:[00000030h]0_2_00C78620
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4262C mov eax, dword ptr fs:[00000030h]0_2_00C4262C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4C7C0 mov eax, dword ptr fs:[00000030h]0_2_00C4C7C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC07C3 mov eax, dword ptr fs:[00000030h]0_2_00CC07C3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C627ED mov eax, dword ptr fs:[00000030h]0_2_00C627ED
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C627ED mov eax, dword ptr fs:[00000030h]0_2_00C627ED
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C627ED mov eax, dword ptr fs:[00000030h]0_2_00C627ED
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCE7E1 mov eax, dword ptr fs:[00000030h]0_2_00CCE7E1
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C447FB mov eax, dword ptr fs:[00000030h]0_2_00C447FB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C447FB mov eax, dword ptr fs:[00000030h]0_2_00C447FB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE678E mov eax, dword ptr fs:[00000030h]0_2_00CE678E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C407AF mov eax, dword ptr fs:[00000030h]0_2_00C407AF
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF47A0 mov eax, dword ptr fs:[00000030h]0_2_00CF47A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7674D mov esi, dword ptr fs:[00000030h]0_2_00C7674D
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7674D mov eax, dword ptr fs:[00000030h]0_2_00C7674D
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7674D mov eax, dword ptr fs:[00000030h]0_2_00C7674D
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCE75D mov eax, dword ptr fs:[00000030h]0_2_00CCE75D
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C40750 mov eax, dword ptr fs:[00000030h]0_2_00C40750
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82750 mov eax, dword ptr fs:[00000030h]0_2_00C82750
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C82750 mov eax, dword ptr fs:[00000030h]0_2_00C82750
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC4755 mov eax, dword ptr fs:[00000030h]0_2_00CC4755
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C48770 mov eax, dword ptr fs:[00000030h]0_2_00C48770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50770 mov eax, dword ptr fs:[00000030h]0_2_00C50770
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7C700 mov eax, dword ptr fs:[00000030h]0_2_00C7C700
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C40710 mov eax, dword ptr fs:[00000030h]0_2_00C40710
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C70710 mov eax, dword ptr fs:[00000030h]0_2_00C70710
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7C720 mov eax, dword ptr fs:[00000030h]0_2_00C7C720
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7C720 mov eax, dword ptr fs:[00000030h]0_2_00C7C720
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBC730 mov eax, dword ptr fs:[00000030h]0_2_00CBC730
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7273C mov eax, dword ptr fs:[00000030h]0_2_00C7273C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7273C mov ecx, dword ptr fs:[00000030h]0_2_00C7273C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7273C mov eax, dword ptr fs:[00000030h]0_2_00C7273C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6E8C0 mov eax, dword ptr fs:[00000030h]0_2_00C6E8C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D108C0 mov eax, dword ptr fs:[00000030h]0_2_00D108C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0A8E4 mov eax, dword ptr fs:[00000030h]0_2_00D0A8E4
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7C8F9 mov eax, dword ptr fs:[00000030h]0_2_00C7C8F9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7C8F9 mov eax, dword ptr fs:[00000030h]0_2_00C7C8F9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C40887 mov eax, dword ptr fs:[00000030h]0_2_00C40887
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCC89D mov eax, dword ptr fs:[00000030h]0_2_00CCC89D
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C52840 mov ecx, dword ptr fs:[00000030h]0_2_00C52840
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C70854 mov eax, dword ptr fs:[00000030h]0_2_00C70854
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C44859 mov eax, dword ptr fs:[00000030h]0_2_00C44859
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C44859 mov eax, dword ptr fs:[00000030h]0_2_00C44859
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD6870 mov eax, dword ptr fs:[00000030h]0_2_00CD6870
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD6870 mov eax, dword ptr fs:[00000030h]0_2_00CD6870
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCE872 mov eax, dword ptr fs:[00000030h]0_2_00CCE872
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCE872 mov eax, dword ptr fs:[00000030h]0_2_00CCE872
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCC810 mov eax, dword ptr fs:[00000030h]0_2_00CCC810
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C62835 mov eax, dword ptr fs:[00000030h]0_2_00C62835
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C62835 mov eax, dword ptr fs:[00000030h]0_2_00C62835
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C62835 mov eax, dword ptr fs:[00000030h]0_2_00C62835
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C62835 mov ecx, dword ptr fs:[00000030h]0_2_00C62835
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C62835 mov eax, dword ptr fs:[00000030h]0_2_00C62835
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C62835 mov eax, dword ptr fs:[00000030h]0_2_00C62835
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE483A mov eax, dword ptr fs:[00000030h]0_2_00CE483A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE483A mov eax, dword ptr fs:[00000030h]0_2_00CE483A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7A830 mov eax, dword ptr fs:[00000030h]0_2_00C7A830
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0A9D3 mov eax, dword ptr fs:[00000030h]0_2_00D0A9D3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD69C0 mov eax, dword ptr fs:[00000030h]0_2_00CD69C0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A9D0 mov eax, dword ptr fs:[00000030h]0_2_00C4A9D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A9D0 mov eax, dword ptr fs:[00000030h]0_2_00C4A9D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A9D0 mov eax, dword ptr fs:[00000030h]0_2_00C4A9D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A9D0 mov eax, dword ptr fs:[00000030h]0_2_00C4A9D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A9D0 mov eax, dword ptr fs:[00000030h]0_2_00C4A9D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4A9D0 mov eax, dword ptr fs:[00000030h]0_2_00C4A9D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C749D0 mov eax, dword ptr fs:[00000030h]0_2_00C749D0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCE9E0 mov eax, dword ptr fs:[00000030h]0_2_00CCE9E0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C729F9 mov eax, dword ptr fs:[00000030h]0_2_00C729F9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C729F9 mov eax, dword ptr fs:[00000030h]0_2_00C729F9
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C529A0 mov eax, dword ptr fs:[00000030h]0_2_00C529A0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C409AD mov eax, dword ptr fs:[00000030h]0_2_00C409AD
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C409AD mov eax, dword ptr fs:[00000030h]0_2_00C409AD
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC89B3 mov esi, dword ptr fs:[00000030h]0_2_00CC89B3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC89B3 mov eax, dword ptr fs:[00000030h]0_2_00CC89B3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC89B3 mov eax, dword ptr fs:[00000030h]0_2_00CC89B3
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC0946 mov eax, dword ptr fs:[00000030h]0_2_00CC0946
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14940 mov eax, dword ptr fs:[00000030h]0_2_00D14940
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C66962 mov eax, dword ptr fs:[00000030h]0_2_00C66962
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C66962 mov eax, dword ptr fs:[00000030h]0_2_00C66962
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C66962 mov eax, dword ptr fs:[00000030h]0_2_00C66962
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C8096E mov eax, dword ptr fs:[00000030h]0_2_00C8096E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C8096E mov edx, dword ptr fs:[00000030h]0_2_00C8096E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C8096E mov eax, dword ptr fs:[00000030h]0_2_00C8096E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCC97C mov eax, dword ptr fs:[00000030h]0_2_00CCC97C
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE4978 mov eax, dword ptr fs:[00000030h]0_2_00CE4978
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE4978 mov eax, dword ptr fs:[00000030h]0_2_00CE4978
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE908 mov eax, dword ptr fs:[00000030h]0_2_00CBE908
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBE908 mov eax, dword ptr fs:[00000030h]0_2_00CBE908
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C38918 mov eax, dword ptr fs:[00000030h]0_2_00C38918
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C38918 mov eax, dword ptr fs:[00000030h]0_2_00C38918
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCC912 mov eax, dword ptr fs:[00000030h]0_2_00CCC912
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CC892A mov eax, dword ptr fs:[00000030h]0_2_00CC892A
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD892B mov eax, dword ptr fs:[00000030h]0_2_00CD892B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C96ACC mov eax, dword ptr fs:[00000030h]0_2_00C96ACC
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C96ACC mov eax, dword ptr fs:[00000030h]0_2_00C96ACC
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C96ACC mov eax, dword ptr fs:[00000030h]0_2_00C96ACC
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C40AD0 mov eax, dword ptr fs:[00000030h]0_2_00C40AD0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C74AD0 mov eax, dword ptr fs:[00000030h]0_2_00C74AD0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C74AD0 mov eax, dword ptr fs:[00000030h]0_2_00C74AD0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7AAEE mov eax, dword ptr fs:[00000030h]0_2_00C7AAEE
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7AAEE mov eax, dword ptr fs:[00000030h]0_2_00C7AAEE
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4EA80 mov eax, dword ptr fs:[00000030h]0_2_00C4EA80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4EA80 mov eax, dword ptr fs:[00000030h]0_2_00C4EA80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4EA80 mov eax, dword ptr fs:[00000030h]0_2_00C4EA80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4EA80 mov eax, dword ptr fs:[00000030h]0_2_00C4EA80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4EA80 mov eax, dword ptr fs:[00000030h]0_2_00C4EA80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4EA80 mov eax, dword ptr fs:[00000030h]0_2_00C4EA80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4EA80 mov eax, dword ptr fs:[00000030h]0_2_00C4EA80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4EA80 mov eax, dword ptr fs:[00000030h]0_2_00C4EA80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C4EA80 mov eax, dword ptr fs:[00000030h]0_2_00C4EA80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14A80 mov eax, dword ptr fs:[00000030h]0_2_00D14A80
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C78A90 mov edx, dword ptr fs:[00000030h]0_2_00C78A90
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C48AA0 mov eax, dword ptr fs:[00000030h]0_2_00C48AA0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C48AA0 mov eax, dword ptr fs:[00000030h]0_2_00C48AA0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C96AA4 mov eax, dword ptr fs:[00000030h]0_2_00C96AA4
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C46A50 mov eax, dword ptr fs:[00000030h]0_2_00C46A50
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C46A50 mov eax, dword ptr fs:[00000030h]0_2_00C46A50
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C46A50 mov eax, dword ptr fs:[00000030h]0_2_00C46A50
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C46A50 mov eax, dword ptr fs:[00000030h]0_2_00C46A50
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C46A50 mov eax, dword ptr fs:[00000030h]0_2_00C46A50
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C46A50 mov eax, dword ptr fs:[00000030h]0_2_00C46A50
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C46A50 mov eax, dword ptr fs:[00000030h]0_2_00C46A50
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50A5B mov eax, dword ptr fs:[00000030h]0_2_00C50A5B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50A5B mov eax, dword ptr fs:[00000030h]0_2_00C50A5B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7CA6F mov eax, dword ptr fs:[00000030h]0_2_00C7CA6F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7CA6F mov eax, dword ptr fs:[00000030h]0_2_00C7CA6F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7CA6F mov eax, dword ptr fs:[00000030h]0_2_00C7CA6F
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEEA60 mov eax, dword ptr fs:[00000030h]0_2_00CEEA60
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBCA72 mov eax, dword ptr fs:[00000030h]0_2_00CBCA72
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBCA72 mov eax, dword ptr fs:[00000030h]0_2_00CBCA72
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCCA11 mov eax, dword ptr fs:[00000030h]0_2_00CCCA11
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7CA24 mov eax, dword ptr fs:[00000030h]0_2_00C7CA24
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6EA2E mov eax, dword ptr fs:[00000030h]0_2_00C6EA2E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C64A35 mov eax, dword ptr fs:[00000030h]0_2_00C64A35
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C64A35 mov eax, dword ptr fs:[00000030h]0_2_00C64A35
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C7CA38 mov eax, dword ptr fs:[00000030h]0_2_00C7CA38
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C40BCD mov eax, dword ptr fs:[00000030h]0_2_00C40BCD
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C40BCD mov eax, dword ptr fs:[00000030h]0_2_00C40BCD
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C40BCD mov eax, dword ptr fs:[00000030h]0_2_00C40BCD
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C60BCB mov eax, dword ptr fs:[00000030h]0_2_00C60BCB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C60BCB mov eax, dword ptr fs:[00000030h]0_2_00C60BCB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C60BCB mov eax, dword ptr fs:[00000030h]0_2_00C60BCB
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEEBD0 mov eax, dword ptr fs:[00000030h]0_2_00CEEBD0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C48BF0 mov eax, dword ptr fs:[00000030h]0_2_00C48BF0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C48BF0 mov eax, dword ptr fs:[00000030h]0_2_00C48BF0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C48BF0 mov eax, dword ptr fs:[00000030h]0_2_00C48BF0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C6EBFC mov eax, dword ptr fs:[00000030h]0_2_00C6EBFC
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CCCBF0 mov eax, dword ptr fs:[00000030h]0_2_00CCCBF0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50BBE mov eax, dword ptr fs:[00000030h]0_2_00C50BBE
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C50BBE mov eax, dword ptr fs:[00000030h]0_2_00C50BBE
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF4BB0 mov eax, dword ptr fs:[00000030h]0_2_00CF4BB0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF4BB0 mov eax, dword ptr fs:[00000030h]0_2_00CF4BB0
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF4B4B mov eax, dword ptr fs:[00000030h]0_2_00CF4B4B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CF4B4B mov eax, dword ptr fs:[00000030h]0_2_00CF4B4B
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D12B57 mov eax, dword ptr fs:[00000030h]0_2_00D12B57
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D12B57 mov eax, dword ptr fs:[00000030h]0_2_00D12B57
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D12B57 mov eax, dword ptr fs:[00000030h]0_2_00D12B57
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D12B57 mov eax, dword ptr fs:[00000030h]0_2_00D12B57
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CE8B42 mov eax, dword ptr fs:[00000030h]0_2_00CE8B42
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD6B40 mov eax, dword ptr fs:[00000030h]0_2_00CD6B40
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CD6B40 mov eax, dword ptr fs:[00000030h]0_2_00CD6B40
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D0AB40 mov eax, dword ptr fs:[00000030h]0_2_00D0AB40
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C38B50 mov eax, dword ptr fs:[00000030h]0_2_00C38B50
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CEEB50 mov eax, dword ptr fs:[00000030h]0_2_00CEEB50
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00C3CB7E mov eax, dword ptr fs:[00000030h]0_2_00C3CB7E
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00D14B00 mov eax, dword ptr fs:[00000030h]0_2_00D14B00
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBEB1D mov eax, dword ptr fs:[00000030h]0_2_00CBEB1D
        Source: C:\Users\user\Desktop\fTq2vadDnr.exeCode function: 0_2_00CBEB1D mov eax, dword ptr fs:[00000030h]0_2_00CBEB1D
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.fTq2vadDnr.exe.1f0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.1836586763.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.fTq2vadDnr.exe.1f0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.1836586763.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        DLL Side-Loading        		1
        DLL Side-Loading        		2
        Virtualization/Sandbox Evasion        		OS Credential Dumping2
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
        Software Packing        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Deobfuscate/Decode Files or Information        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        System Information Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
        Obfuscated Files or Information        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        fTq2vadDnr.exe61%ReversingLabsWin32.Backdoor.FormBook
        fTq2vadDnr.exe100%AviraTR/Crypt.ZPACK.Gen
        fTq2vadDnr.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        s-part-0017.t-0009.t-msedge.net
        		13.107.246.45
        		truefalse
          		unknown

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1530785
          Start date and time:2024-10-10 14:41:38 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 5m 58s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Run name:Run with higher sleep bypass
          Number of analysed new started processes analysed:7
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:fTq2vadDnr.exe
          renamed because original name is a hash value
          Original Sample Name:bedcc99f8319d0256e5ef3c87a4ba6c32a0caa5b13bc7fb4bae133d76314c974.exe
          Detection:MAL
          Classification:mal80.troj.winEXE@1/0@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 92%
          • Number of executed functions: 11
          • Number of non-executed functions: 334
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing disassembly code.
          • VT rate limit hit for: fTq2vadDnr.exe

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          s-part-0017.t-0009.t-msedge.nethttps://www.google.es/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Foilproductionpower.com%2Fddd%2Ff3E2tG5ASlq4OLZ8xJKHkkFY/TExQQG5vdm96eW1lcy5jb20=Get hashmaliciousHTMLPhisherBrowse
          • 13.107.246.45
          jQw7LVWJYw.exeGet hashmaliciousUnknownBrowse
          • 13.107.246.45
          SecuriteInfo.com.Trojan-Ransom.Win32.Zerber.gkca.4990.15640.exeGet hashmaliciousUnknownBrowse
          • 13.107.246.45
          SecuriteInfo.com.Win32.CrypterX-gen.327.26539.exeGet hashmaliciousFormBookBrowse
          • 13.107.246.45
          https://trendydigitalbuzze.com.de/YrWXF/Get hashmaliciousUnknownBrowse
          • 13.107.246.45
          http://beststarsoffers.click/img/FJHpEbd9pzMLCgDTGet hashmaliciousUnknownBrowse
          • 13.107.246.45
          http://beststarsoffers.click/img/BftYnyQgrWDRxBpxGet hashmaliciousUnknownBrowse
          • 13.107.246.45
          https://loadfile.komanda.cl/Get hashmaliciousUnknownBrowse
          • 13.107.246.45
          file.exeGet hashmaliciousStealcBrowse
          • 13.107.246.45
          https://or4t.iednationusa.com/sYyRdjOUGet hashmaliciousUnknownBrowse
          • 13.107.246.45

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):7.9904933959421
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.98%
          • DOS Executable Generic (2002/1) 0.02%
          File name:fTq2vadDnr.exe
          File size:285'696 bytes
          MD5:2bd589148ebcd5e8f3e38e03dac1bcf2
          SHA1:62fe9bd9f75aaca8f96864dd4d59ea19a21ed6cd
          SHA256:bedcc99f8319d0256e5ef3c87a4ba6c32a0caa5b13bc7fb4bae133d76314c974
          SHA512:75977deb93955b32e25560e68cf0ddd2a9e92e5e2e2d063e9f9f7a648d4512e6c4bf305a5c4a43af60a39158b3cddd3d8417128f3f7c7b6dcb5f936c9743ba76
          SSDEEP:6144:jSD1EKGIJpyHbHowsHh+c4QbppXIkef5uoAuGW+hTh:BIJpy77Kh+XuTXbeB9Auv
          TLSH:B1542237D41AA97EC3346A758197736AB1E2236E774436512468BC078273C3BBFA6309
          File Content Preview:MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L......^.................X..........p........p....@................

          File Icon

          Icon Hash:00928e8e8686b000

          Static PE Info

          General

          Entrypoint:0x401470
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Time Stamp:0x5E8FC99A [Fri Apr 10 01:19:22 2020 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:6
          OS Version Minor:0
          File Version Major:6
          File Version Minor:0
          Subsystem Version Major:6
          Subsystem Version Minor:0
          Import Hash:

          Entrypoint Preview

          Instruction
          push ebp
          mov ebp, esp
          sub esp, 000002E4h
          push ebx
          push esi
          push edi
          push 000002C0h
          lea eax, dword ptr [ebp-000002E0h]
          push 00000000h
          push eax
          mov dword ptr [ebp-000002E4h], 00000000h
          call 00007F31788D9BBCh
          mov esi, 0000534Bh
          add esp, 0Ch
          mov ecx, 00005E85h
          mov dword ptr [ebp-20h], esi
          lea esp, dword ptr [esp+00000000h]
          mov eax, 043B3D5Bh
          imul ecx
          sar edx, 02h
          mov ecx, edx
          shr ecx, 1Fh
          add ecx, edx
          jne 00007F31788D7E9Fh
          xor ebx, ebx
          inc ebx
          mov eax, 55555556h
          imul ebx
          mov eax, edx
          shr eax, 1Fh
          add eax, edx
          mov ecx, ebx
          lea eax, dword ptr [eax+eax*2]
          sub ecx, eax
          jne 00007F31788D7EB3h
          inc ebx
          cmp ebx, 00001FC4h
          jl 00007F31788D7E91h
          xor esi, esi
          inc esi
          mov eax, 92492493h
          imul esi
          add edx, esi
          sar edx, 02h
          mov eax, edx
          shr eax, 1Fh
          add eax, edx
          lea ecx, dword ptr [00000000h+eax*8]
          sub ecx, eax
          mov eax, esi
          sub eax, ecx
          jne 00007F31788D7EB5h
          add esi, 02h
          cmp esi, 00007AB0h
          jl 00007F31788D7E84h
          call 00007F31788D9E2Ah
          mov dword ptr [ebp-000002D4h], eax
          mov eax, 000068DAh
          cdq
          and edx, 03h
          add eax, edx
          sar eax, 02h
          test eax, eax
          jne 00007F31788D7EA5h
          lea eax, dword ptr [ebp+00FFFD30h]

          Rich Headers

          Programming Language:
          • [C++] VS2012 build 50727
          • [ASM] VS2012 build 50727
          • [LNK] VS2012 build 50727

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x456940x458000f2497267f1703bfb1ceefa5ffe0cb09False0.9878737634892086data7.994627303541561IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

          Network Behavior

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Oct 10, 2024 14:42:25.645960093 CEST1.1.1.1192.168.2.90xd7beNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
          Oct 10, 2024 14:42:25.645960093 CEST1.1.1.1192.168.2.90xd7beNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:08:42:29
          Start date:10/10/2024
          Path:C:\Users\user\Desktop\fTq2vadDnr.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\fTq2vadDnr.exe"
          Imagebase:0x1f0000
          File size:285'696 bytes
          MD5 hash:2BD589148EBCD5E8F3E38E03DAC1BCF2
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1836586763.0000000000600000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1836586763.0000000000600000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
          Reputation:low
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:0.8%
            Dynamic/Decrypted Code Coverage:6.2%
            Signature Coverage:11.5%
            Total number of Nodes:113
            Total number of Limit Nodes:10
            execution_graph 94904 21fc03 94905 21fc13 94904->94905 94906 21fc19 94904->94906 94909 21eb23 94906->94909 94908 21fc3f 94912 21cc53 94909->94912 94911 21eb3e 94911->94908 94913 21cc70 94912->94913 94914 21cc81 RtlAllocateHeap 94913->94914 94914->94911 94915 21fc63 94918 21ea43 94915->94918 94921 21cca3 94918->94921 94920 21ea5c 94922 21ccc0 94921->94922 94923 21ccd1 RtlFreeHeap 94922->94923 94923->94920 94924 214cc3 94925 214cdf 94924->94925 94926 214d07 94925->94926 94927 214d1b 94925->94927 94928 21c933 NtClose 94926->94928 94934 21c933 94927->94934 94930 214d10 94928->94930 94931 214d24 94937 21eb63 RtlAllocateHeap 94931->94937 94933 214d2f 94935 21c94d 94934->94935 94936 21c95e NtClose 94935->94936 94936->94931 94937->94933 95016 21bf13 95017 21bf2d 95016->95017 95020 c82df0 LdrInitializeThunk 95017->95020 95018 21bf55 95020->95018 95021 215053 95026 21506c 95021->95026 95022 2150fc 95023 2150b4 95024 21ea43 RtlFreeHeap 95023->95024 95025 2150c4 95024->95025 95026->95022 95026->95023 95027 2150f7 95026->95027 95028 21ea43 RtlFreeHeap 95027->95028 95028->95022 94938 203ce3 94941 21cbb3 94938->94941 94942 21cbd0 94941->94942 94945 c82c70 LdrInitializeThunk 94942->94945 94943 203d05 94945->94943 94946 203ec3 94947 203ee3 94946->94947 94949 203f4c 94947->94949 94951 20b6b3 RtlFreeHeap LdrInitializeThunk 94947->94951 94950 203f42 94951->94950 95029 207a33 95031 207a57 95029->95031 95030 207a5e 95031->95030 95032 207a7d 95031->95032 95036 21ffe3 95031->95036 95034 207a93 LdrLoadDll 95032->95034 95035 207aaa 95032->95035 95034->95035 95038 220009 95036->95038 95037 22005b 95037->95032 95038->95037 95041 219e23 95038->95041 95040 2200b0 95040->95032 95042 219e81 95041->95042 95044 219e95 95042->95044 95045 207ab3 95042->95045 95044->95040 95047 207a8b 95045->95047 95046 207aaa 95046->95044 95047->95045 95047->95046 95048 207a93 LdrLoadDll 95047->95048 95048->95046 94952 c82b60 LdrInitializeThunk 94953 1f1bf7 94954 1f1c33 94953->94954 94957 2200d3 94954->94957 94960 21e5c3 94957->94960 94961 21e5e9 94960->94961 94970 1f75d3 94961->94970 94963 21e612 94964 1f1c87 94963->94964 94973 20b3a3 94963->94973 94966 21e631 94967 21e646 94966->94967 94968 21ccf3 ExitProcess 94966->94968 94984 21ccf3 94967->94984 94968->94967 94987 2066e3 94970->94987 94972 1f75e0 94972->94963 94974 20b3cf 94973->94974 95005 20b293 94974->95005 94977 20b414 94980 20b430 94977->94980 94982 21c933 NtClose 94977->94982 94978 20b3fc 94979 20b407 94978->94979 94981 21c933 NtClose 94978->94981 94979->94966 94980->94966 94981->94979 94983 20b426 94982->94983 94983->94966 94985 21cd10 94984->94985 94986 21cd21 ExitProcess 94985->94986 94986->94964 94988 206700 94987->94988 94990 206719 94988->94990 94991 21d383 94988->94991 94990->94972 94993 21d39d 94991->94993 94992 21d3cc 94992->94990 94993->94992 94998 21bf63 94993->94998 94996 21ea43 RtlFreeHeap 94997 21d445 94996->94997 94997->94990 94999 21bf7d 94998->94999 95002 c82c0a 94999->95002 95000 21bfa9 95000->94996 95003 c82c1f LdrInitializeThunk 95002->95003 95004 c82c11 95002->95004 95003->95000 95004->95000 95006 20b389 95005->95006 95007 20b2ad 95005->95007 95006->94977 95006->94978 95011 21c003 95007->95011 95010 21c933 NtClose 95010->95006 95012 21c020 95011->95012 95015 c835c0 LdrInitializeThunk 95012->95015 95013 20b37d 95013->95010 95015->95013

            Executed Functions

            Function 00207A33 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 58 207a33-207a5c call 21f743 61 207a62-207a70 call 21fd43 58->61 62 207a5e-207a61 58->62 65 207a80-207a91 call 21e093 61->65 66 207a72-207a78 call 21ffe3 61->66 71 207a93-207aa7 LdrLoadDll 65->71 72 207aaa-207aad 65->72 69 207a7d 66->69 69->65 71->72
            APIs
            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00207AA5
            Memory Dump Source
            • Source File: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
            • Associated: 00000000.00000002.1836507572.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1f0000_fTq2vadDnr.jbxd
            Yara matches
            Similarity
            • API ID: Load
            • String ID:
            • API String ID: 2234796835-0
            • Opcode ID: b5941047abcb2dd0c0d4caa8a322ddd4714e5f804c4b6bfaa926e623e5ba137e
            • Instruction ID: c299150e7ccefb031d61933b61cf66f44c3ffadcc54305902a9681d53a2c918f
            • Opcode Fuzzy Hash: b5941047abcb2dd0c0d4caa8a322ddd4714e5f804c4b6bfaa926e623e5ba137e
            • Instruction Fuzzy Hash: 090152B1E1020DABDF50DAA4DD42FDDB7B89B54304F0081A5E91897281F671EB548B91
            Function 0021C933 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 78 21c933-21c96c call 1f4933 call 21db83 NtClose
            APIs
            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0021C967
            Memory Dump Source
            • Source File: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
            • Associated: 00000000.00000002.1836507572.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1f0000_fTq2vadDnr.jbxd
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: 842f0e8750844be854ac0ab7b9c4f6c56cc613398eb8caec3f44fd5029d32770
            • Instruction ID: 0e00255499c42a4d83c368b12aaa4f256d3ee45a4455c825293836391d926080
            • Opcode Fuzzy Hash: 842f0e8750844be854ac0ab7b9c4f6c56cc613398eb8caec3f44fd5029d32770
            • Instruction Fuzzy Hash: B4E046362502087BC220AA59DC01FAB77ACEFD6764F004419FA09A7241C6B1BA1186E0
            Function 00C82B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 92 c82b60-c82b6c LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 7ed3da0a8244b513e2c2b5833fd78a4e5284e98c8fadd116cf6286b87902edab
            • Instruction ID: 14d326acd7d4d82415af531deaa5c3aef3207d906afc6712857f107836556e65
            • Opcode Fuzzy Hash: 7ed3da0a8244b513e2c2b5833fd78a4e5284e98c8fadd116cf6286b87902edab
            • Instruction Fuzzy Hash: 6F9002A1202400034A0571584418616400A87E1701B55C032E1018690DCD2589957129
            Function 00C82C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 93 c82c70-c82c7c LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 85fd9b85d334f2e6f6267b4fb855dc148b8b0c7e3050b1e28bf8987abcdec511
            • Instruction ID: 1ee88894e86032523658a9beb7cd630905ebf94407fb597915618dabc89ef6a9
            • Opcode Fuzzy Hash: 85fd9b85d334f2e6f6267b4fb855dc148b8b0c7e3050b1e28bf8987abcdec511
            • Instruction Fuzzy Hash: CE90027120148802DA107158840874A000587D1701F59C422A4428758D8E9589957125
            Function 00C82DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 94 c82df0-c82dfc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: f95943c3838c8525262aa2865c0a080e42569964a3eea5334c8ef60fd09720f8
            • Instruction ID: cb2276ef797a726d857f5d3e5667e01a673223a248a7ba6caee1138fe449e35c
            • Opcode Fuzzy Hash: f95943c3838c8525262aa2865c0a080e42569964a3eea5334c8ef60fd09720f8
            • Instruction Fuzzy Hash: 4A90027120140413DA1171584508707000987D1741F95C423A0428658D9E568A56B125
            Function 00C835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 95 c835c0-c835cc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 46a80ae41ca3f078c7a86c9759d04d033e4ec7ba525639b3100e62b795f17b69
            • Instruction ID: 5a887de35bd6929db56b2dc6139077d3cb255c5b70389f24e9056dd92e5d5ba6
            • Opcode Fuzzy Hash: 46a80ae41ca3f078c7a86c9759d04d033e4ec7ba525639b3100e62b795f17b69
            • Instruction Fuzzy Hash: F990027160550402DA0071584518706100587D1701F65C422A0428668D8F958A5575A6
            Function 0021CCA3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 21 21cca3-21cce7 call 1f4933 call 21db83 RtlFreeHeap
            APIs
            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0021CCE2
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
            • Associated: 00000000.00000002.1836507572.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1f0000_fTq2vadDnr.jbxd
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID: wg
            • API String ID: 3298025750-3207428719
            • Opcode ID: 2c95a680e9f5e74f3fc195fc944efdb7c3126490cccb3e07d623ae19928476b8
            • Instruction ID: 88e07340cda345344161c6afccaa4559e10ed90375db605d2d8498ba39c0d079
            • Opcode Fuzzy Hash: 2c95a680e9f5e74f3fc195fc944efdb7c3126490cccb3e07d623ae19928476b8
            • Instruction Fuzzy Hash: B4E06D71204208BBD610EE58DC41FAB77ACEFC9710F004418F909A7241C7B0BA108AB4
            Function 00207AB3 Relevance: 1.6, APIs: 1, Instructions: 52libraryloaderCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 51 207ab3-207ac1 52 207ac3-207ad0 51->52 53 207a8b-207a91 51->53 54 207ad2-207b07 52->54 55 207aaf-207ab2 52->55 56 207a93-207aa7 LdrLoadDll 53->56 57 207aaa-207aad 53->57 55->51 56->57
            APIs
            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00207AA5
            Memory Dump Source
            • Source File: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
            • Associated: 00000000.00000002.1836507572.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1f0000_fTq2vadDnr.jbxd
            Yara matches
            Similarity
            • API ID: Load
            • String ID:
            • API String ID: 2234796835-0
            • Opcode ID: e625ea7452a8ed1284839d4d0524bec8cd99c0ea38ec24f1fe8b229ecc464619
            • Instruction ID: 0bf9c99e77b51fa9a4269901590d7284092590e069f01d2ddb8478827fc72cde
            • Opcode Fuzzy Hash: e625ea7452a8ed1284839d4d0524bec8cd99c0ea38ec24f1fe8b229ecc464619
            • Instruction Fuzzy Hash: F701DB30954219EFDF11DE98C846FAABBB8EF45740F004158E9559B145D73069168B91
            Function 0021CC53 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 73 21cc53-21cc97 call 1f4933 call 21db83 RtlAllocateHeap
            APIs
            • RtlAllocateHeap.NTDLL(?,0020E85E,?,?,00000000,?,0020E85E,?,?,?), ref: 0021CC92
            Memory Dump Source
            • Source File: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
            • Associated: 00000000.00000002.1836507572.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1f0000_fTq2vadDnr.jbxd
            Yara matches
            Similarity
            • API ID: AllocateHeap
            • String ID:
            • API String ID: 1279760036-0
            • Opcode ID: a270ed4f4c0522eee9f59e824f707add8710f62ed5b35fdd2fd05db54df3fff9
            • Instruction ID: 79543f76fb898c9696c5c5cde972dd23d7203239a66b7a8ffd1f52f803642235
            • Opcode Fuzzy Hash: a270ed4f4c0522eee9f59e824f707add8710f62ed5b35fdd2fd05db54df3fff9
            • Instruction Fuzzy Hash: 1CE09271654208BBD610EF59DC41FEB33ACEFC9710F004428F909A7241C670BA108BF5
            Function 0021CCF3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 83 21ccf3-21cd2f call 1f4933 call 21db83 ExitProcess
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1836519392.00000000001F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001F0000, based on PE: true
            • Associated: 00000000.00000002.1836507572.00000000001F0000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1f0000_fTq2vadDnr.jbxd
            Yara matches
            Similarity
            • API ID: ExitProcess
            • String ID:
            • API String ID: 621844428-0
            • Opcode ID: 338c028a0d0c1c0eebb7af44e2fde1e7b5837cff5a48c6a7eac6c7188106b738
            • Instruction ID: cb6c44e05b084f1787790021b761eda9268faa320c5cefce422ea97e1c1c592e
            • Opcode Fuzzy Hash: 338c028a0d0c1c0eebb7af44e2fde1e7b5837cff5a48c6a7eac6c7188106b738
            • Instruction Fuzzy Hash: 2AE046362402087BD220AA69DC01FEB77ACDFC5724F008019FA08AB242CBB0BA1186F0
            Function 00C82C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 88 c82c0a-c82c0f 89 c82c1f-c82c26 LdrInitializeThunk 88->89 90 c82c11-c82c18 88->90
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: d297f579b0aaf5d5d7b76afc4ce90469dc488124ccbcdb70103767212a337b6e
            • Instruction ID: 4a037703ee0c010dc329ae6498fb2b20a6e37b4fbb720f5774527dd1e6651284
            • Opcode Fuzzy Hash: d297f579b0aaf5d5d7b76afc4ce90469dc488124ccbcdb70103767212a337b6e
            • Instruction Fuzzy Hash: 70B09B719015C5C5EF11F760460C71B790067D1705F15C072D2134745E4B38C5D5F279

            Non-executed Functions

            Function 00CC2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2160512332
            • Opcode ID: 7b134fa46160152facb59f8185074b4e38b7242f403bfaa03d04e1f0baac93c6
            • Instruction ID: 6f2162544b3bc06b2a1853bbb7e3e3486c3805e14a6efecbb4f3853a50d1ddc0
            • Opcode Fuzzy Hash: 7b134fa46160152facb59f8185074b4e38b7242f403bfaa03d04e1f0baac93c6
            • Instruction Fuzzy Hash: 9192A971608381AFE720DF24C881F6BB7E8BB84754F14482DFAA5D7291D770EA44DB92
            Function 00C368B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-3089669407
            • Opcode ID: 096b11b30fbe5c906f583e521bc4d6cc3a2ca9147205ae78b3c7fe231843274f
            • Instruction ID: f96aef24d9e1e98b5f8cc593d92a8644fde743f7d43a5bc297dd8cd4f8d98e19
            • Opcode Fuzzy Hash: 096b11b30fbe5c906f583e521bc4d6cc3a2ca9147205ae78b3c7fe231843274f
            • Instruction Fuzzy Hash: 53811EB2D02619BFCB11EBA8EDD5EEEB7BDAB04710B544422B900F7210E770DD449BA1
            Function 00CE5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
            Download Yara Rule
            Strings
            • PreferredUILanguages, xrefs: 00CE63D1
            • LanguageConfigurationPending, xrefs: 00CE6221
            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00CE5FE1
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 00CE635D
            • @, xrefs: 00CE6027
            • @, xrefs: 00CE61B0
            • LanguageConfiguration, xrefs: 00CE6420
            • @, xrefs: 00CE63A0
            • PreferredUILanguagesPending, xrefs: 00CE61D2
            • InstallLanguageFallback, xrefs: 00CE6050
            • Control Panel\Desktop, xrefs: 00CE615E
            • @, xrefs: 00CE6277
            • @, xrefs: 00CE647A
            • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 00CE5A84
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
            • API String ID: 0-1325123933
            • Opcode ID: 3db4d7e1d3931f3d12232a7434c07ed59655d0c6afc70996fc94795b25212d9f
            • Instruction ID: 9e1d6617783126156e75234effa566e5dba31d7b75c382a4cab80e4afead3e1f
            • Opcode Fuzzy Hash: 3db4d7e1d3931f3d12232a7434c07ed59655d0c6afc70996fc94795b25212d9f
            • Instruction Fuzzy Hash: 527299716087808FD320DF2AC845BABB7E9FB88748F40492DF995D7250EB34DA45CB92
            Function 00C78620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
            Download Yara Rule
            Strings
            • Thread is in a state in which it cannot own a critical section, xrefs: 00CB5543
            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00CB54E2
            • Thread identifier, xrefs: 00CB553A
            • undeleted critical section in freed memory, xrefs: 00CB542B
            • double initialized or corrupted critical section, xrefs: 00CB5508
            • Address of the debug info found in the active list., xrefs: 00CB54AE, 00CB54FA
            • Critical section address., xrefs: 00CB5502
            • Critical section debug info address, xrefs: 00CB541F, 00CB552E
            • Critical section address, xrefs: 00CB5425, 00CB54BC, 00CB5534
            • corrupted critical section, xrefs: 00CB54C2
            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00CB540A, 00CB5496, 00CB5519
            • Invalid debug info address of this critical section, xrefs: 00CB54B6
            • 8, xrefs: 00CB52E3
            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00CB54CE
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
            • API String ID: 0-2368682639
            • Opcode ID: 93d6b8c8575310d85265ada6471f9c98d4e6cb1ab071fb5fce5dfd54e0ce6408
            • Instruction ID: d7a7e91c2509e137a79010ad55190692aa13d62fe8bbdd6fd782217b5a6fd678
            • Opcode Fuzzy Hash: 93d6b8c8575310d85265ada6471f9c98d4e6cb1ab071fb5fce5dfd54e0ce6408
            • Instruction Fuzzy Hash: F081B0B0A41758AFDB20CF95D845BEEBBB5FB08B14F204029F504B7690C775AD49CB60
            Function 00C729F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
            Download Yara Rule
            Strings
            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00CB24C0
            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00CB2602
            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00CB2506
            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00CB22E4
            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00CB2498
            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00CB2624
            • @, xrefs: 00CB259B
            • RtlpResolveAssemblyStorageMapEntry, xrefs: 00CB261F
            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00CB2412
            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00CB2409
            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00CB25EB
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
            • API String ID: 0-4009184096
            • Opcode ID: 954a6d8ad0b796299f415fc67ec89177aabd1c0fa64d20630e678a272804c3cc
            • Instruction ID: 05e0f55cd37f391809cceecbc691b33730e4c126977bc0f335fd20eed4c038e6
            • Opcode Fuzzy Hash: 954a6d8ad0b796299f415fc67ec89177aabd1c0fa64d20630e678a272804c3cc
            • Instruction Fuzzy Hash: AA024FB1D042289BEB31DB14CC81BDEB7B8AB54704F4041EAE64DA7241DB71AF84DF59
            Function 00C70F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
            • API String ID: 0-360209818
            • Opcode ID: 85ad34140213331edd6760f4d6dfd179cab8b1d47918df0d8dd471e5fb66c9fb
            • Instruction ID: 0bd1b86b559a8314b6224a818f2612f368e749f2b5b3e1eb81edd37bab81b425
            • Opcode Fuzzy Hash: 85ad34140213331edd6760f4d6dfd179cab8b1d47918df0d8dd471e5fb66c9fb
            • Instruction Fuzzy Hash: E1628FB5A002298FDB24CF19C8517E9B7B6BF95310F9982DAD85DAB280D7325ED1CF40
            Function 00CE8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
            • API String ID: 0-2515994595
            • Opcode ID: a6dc10d6c1a2cf2a6b9590c1ebfac74f7c336e9ccd3342540a0309f6575bab4f
            • Instruction ID: 8d7eabd38864ae2edb3a2d55e5ea181800c1fb45bc6a5f9ab2401350dc4dd14c
            • Opcode Fuzzy Hash: a6dc10d6c1a2cf2a6b9590c1ebfac74f7c336e9ccd3342540a0309f6575bab4f
            • Instruction Fuzzy Hash: C751E2711083919BC725DF1A8C44BABB7E8FF85740F204A1DF869C3280EB70DA48D7A2
            Function 00CF12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
            • API String ID: 0-3591852110
            • Opcode ID: 06cb44c6f2cd0972f9ace20d8a6bbe1628bd5931f9e7aa6a9a4e740afe84edcb
            • Instruction ID: 8773bf3dd16eefbeeef87dd32a58df0e47841f725155c748e0ee87590c142efa
            • Opcode Fuzzy Hash: 06cb44c6f2cd0972f9ace20d8a6bbe1628bd5931f9e7aa6a9a4e740afe84edcb
            • Instruction Fuzzy Hash: 8B12FF3060064ADFC765CF29C442BBABBF1FF49710F198459EA968B682D734ED80DB52
            Function 00C5AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
            • API String ID: 0-3197712848
            • Opcode ID: 2ec30dad365cdc56581b6034837e1db5d0bafe74374f17c415b3fdef4a76ac40
            • Instruction ID: 4ac2e863f8d849b55e9ce1fa9f51bb0277837abad2577e929e4dfd4dae38c566
            • Opcode Fuzzy Hash: 2ec30dad365cdc56581b6034837e1db5d0bafe74374f17c415b3fdef4a76ac40
            • Instruction Fuzzy Hash: 651200B56083418FD724DF25C841BAAB7E0FF85709F044629FD958B291EB30DE88DB66
            Function 00C3D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
            • API String ID: 0-3532704233
            • Opcode ID: b190b2c1d39b2d21216b6aac28ed7d5a9ee3cf7336ec133a5a5947fe8d91a530
            • Instruction ID: cf3aeb40925cf0ada18be5e0c166bb4ba9df99b40c383bd1cceb05e10e9b233f
            • Opcode Fuzzy Hash: b190b2c1d39b2d21216b6aac28ed7d5a9ee3cf7336ec133a5a5947fe8d91a530
            • Instruction Fuzzy Hash: 4FB1ABB25183519FCB21DF24D484A6FB7E8BF88744F01492EF89AD7240D730DE489B92
            Function 00CF0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
            • API String ID: 0-1357697941
            • Opcode ID: 3727bd0e9f3bd9ea54014ec1885cfe1d63a67e73973d1d02abb2de7be547ac63
            • Instruction ID: c610404a7e18012caa713e752b29fa255e2456acf742455f0b36055ea20a591a
            • Opcode Fuzzy Hash: 3727bd0e9f3bd9ea54014ec1885cfe1d63a67e73973d1d02abb2de7be547ac63
            • Instruction Fuzzy Hash: 71F12731A10689EFCB65CF68C441BBAB7F5FF09B04F188459EA9197242C730EE85DB52
            Function 00CF0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
            • API String ID: 0-1700792311
            • Opcode ID: 1453168a5b8dfc01567a82fbd1a2252be3f6827f825964afd2b64ed3c6e13581
            • Instruction ID: 3697b864a76ba95f058f4b5a81672220753c652774668e9b4b51591d2f90693a
            • Opcode Fuzzy Hash: 1453168a5b8dfc01567a82fbd1a2252be3f6827f825964afd2b64ed3c6e13581
            • Instruction Fuzzy Hash: EDD1CD31510689DFCB51DF68C442ABDBBF1EF4AB00F288059E6559B263C734EE80DB56
            Function 00CC89B3 Relevance: 10.3, Strings: 8, Instructions: 259COMMON
            Download Yara Rule
            Strings
            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 00CC8A67
            • ?f, xrefs: 00CC8A35, 00CC8A5F
            • HandleTraces, xrefs: 00CC8C8F
            • VerifierDebug, xrefs: 00CC8CA5
            • AVRF: -*- final list of providers -*- , xrefs: 00CC8B8F
            • VerifierFlags, xrefs: 00CC8C50
            • VerifierDlls, xrefs: 00CC8CBD
            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 00CC8A3D
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: ?f$AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
            • API String ID: 0-3150400357
            • Opcode ID: 40a224b73e9660dcb618b8552a94bc89ae9b990dcc17b139d087815c46115fa6
            • Instruction ID: 75575db1ab400f9c0523c95185b04614faf29d57c9b923791c6d15d8e6d15558
            • Opcode Fuzzy Hash: 40a224b73e9660dcb618b8552a94bc89ae9b990dcc17b139d087815c46115fa6
            • Instruction Fuzzy Hash: 119120B2601B11AFC721EF68EC81F5BB7A4AB44710F05456CF941AB391CB70AD09EBA5
            Function 00C763FF Relevance: 9.0, Strings: 7, Instructions: 261COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: ?f$Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2307714851
            • Opcode ID: b06bacf7f132698c55c2a47dc195607a1e4fa02233ca4f73ce0fddbc2118fe9a
            • Instruction ID: c8666aee178714c0ee2702dfb39d6c9c30fd4c8494fe90cd8d9608994784c7fa
            • Opcode Fuzzy Hash: b06bacf7f132698c55c2a47dc195607a1e4fa02233ca4f73ce0fddbc2118fe9a
            • Instruction Fuzzy Hash: FE917C70A04B10ABDB28DF54EC45BEE7BA0AF01B24F148128F815BB7D2D7749D41E7A1
            Function 00C3645D Relevance: 8.9, Strings: 7, Instructions: 150COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: ?f$Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-3576827680
            • Opcode ID: a32c160d7a6950d1c427a8190dfbd99c691e0809357863b38135987006f7c57a
            • Instruction ID: 788085624ecbccabeddfbefad568a47e043001a36bb74e85cded6f0713a33b8a
            • Opcode Fuzzy Hash: a32c160d7a6950d1c427a8190dfbd99c691e0809357863b38135987006f7c57a
            • Instruction Fuzzy Hash: C651E471218300AFD720DF28DC46BAB77E8EB84744F10492DF595972A1DB30EA44EBA2
            Function 00C4EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
            • API String ID: 0-1109411897
            • Opcode ID: 256a9752104091f84225cf0e6d1b32eb319416c9aed70c1eb48b9912f6063a30
            • Instruction ID: 0af979c62ecc3cd2eb65e1dfbd15d64c4cc50fd0a85de956f56502087af02706
            • Opcode Fuzzy Hash: 256a9752104091f84225cf0e6d1b32eb319416c9aed70c1eb48b9912f6063a30
            • Instruction Fuzzy Hash: DCA23974A0562ACFDB68DF19C8887ADB7B5BF89304F2442E9D81DA7250DB749E85CF00
            Function 00C3F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-523794902
            • Opcode ID: 10cfa6befdba997610c583d0335804d80bfebf31b2ec95e8211334330eb3d737
            • Instruction ID: b4801e2625e7c5dd39c3135a95c9c6c32fbbddf6a7bce1bc75bc5e336313aefe
            • Opcode Fuzzy Hash: 10cfa6befdba997610c583d0335804d80bfebf31b2ec95e8211334330eb3d737
            • Instruction Fuzzy Hash: 8942BC316187819FCB15DF29C884B2ABBE5BF88304F14496DF8968B352D730D986DB52
            Function 00C4ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
            • API String ID: 0-4098886588
            • Opcode ID: c90423dc5bd98ae0e255d08a98b36d36ea85065ad5424371320e50654ab374b6
            • Instruction ID: 86083dc43700e813f12df36d592aa20bfb2f0bd057732cde794235e08b89f6b3
            • Opcode Fuzzy Hash: c90423dc5bd98ae0e255d08a98b36d36ea85065ad5424371320e50654ab374b6
            • Instruction Fuzzy Hash: D732BE71D042A98BDF21CF15C8A8BEEBBB5BF45344F2040EAE859A7251DB719F819F40
            Function 00C5B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
            • API String ID: 0-122214566
            • Opcode ID: 81b1b5c7f7836e5e356603ae2c0cff49272cf8d9b530407a4083120e92e4ca8c
            • Instruction ID: df5afeb85838acc75f1567370b7c30d4e521ab599c9097bb85bd2d97b2d5b7e9
            • Opcode Fuzzy Hash: 81b1b5c7f7836e5e356603ae2c0cff49272cf8d9b530407a4083120e92e4ca8c
            • Instruction Fuzzy Hash: 94C16A75A002169BCF248F64CC91BBEBB65AF46305F144169EC12AB291DF74CECCE3A5
            Function 00C7C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrredirect.c, xrefs: 00CB8181, 00CB81F5
            • Loading import redirection DLL: '%wZ', xrefs: 00CB8170
            • minkernel\ntdll\ldrinit.c, xrefs: 00C7C6C3
            • LdrpInitializeProcess, xrefs: 00C7C6C4
            • LdrpInitializeImportRedirection, xrefs: 00CB8177, 00CB81EB
            • Unable to build import redirection Table, Status = 0x%x, xrefs: 00CB81E5
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-475462383
            • Opcode ID: 66de53b3475b4dd0ca7652291cd69a1188d492a718e74234af88ce7e2cc8421c
            • Instruction ID: 7d88f0cbef1065e6accad9bc9460a894ba43e40b11134ae93c759d852742158d
            • Opcode Fuzzy Hash: 66de53b3475b4dd0ca7652291cd69a1188d492a718e74234af88ce7e2cc8421c
            • Instruction Fuzzy Hash: 483128B1744355AFC210EF28DD87E5A7794EF85B10F04052CF844AB392EA20DD04E7A2
            Function 00C72674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • RtlGetAssemblyStorageRoot, xrefs: 00CB2160, 00CB219A, 00CB21BA
            • SXS: %s() passed the empty activation context, xrefs: 00CB2165
            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00CB2180
            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00CB219F
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00CB21BF
            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00CB2178
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
            • API String ID: 0-861424205
            • Opcode ID: 87fca5331df046d6ea6b8417955720f353d40fd45d79dfc082a0e7be57b1e2df
            • Instruction ID: 0a3257d9d9d4cdc6522d12260a90029f88c416a726858c6aebfe5a641fa470bc
            • Opcode Fuzzy Hash: 87fca5331df046d6ea6b8417955720f353d40fd45d79dfc082a0e7be57b1e2df
            • Instruction Fuzzy Hash: 47313832F40224B7EB218A99DC86F9F7779DB64B50F058169FA08BB281D6709F41D7A0
            Function 00C59950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
            • API String ID: 0-3393094623
            • Opcode ID: 8c01186335f7034523cc3f558e79fd3b4b99d42ef57c8908bf8c5374c24f8534
            • Instruction ID: 502875aea397fa5ca46bea0cc594679cc6954c226f01d7b2550337b99a5495bf
            • Opcode Fuzzy Hash: 8c01186335f7034523cc3f558e79fd3b4b99d42ef57c8908bf8c5374c24f8534
            • Instruction Fuzzy Hash: CC027979908342CBD720CF25C48476BB7E5FF89705F14895EEC9987250E770D988CB96
            Function 00C8096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 00C82DF0: LdrInitializeThunk.NTDLL ref: 00C82DFA
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C80BA3
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C80BB6
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C80D60
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C80D74
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
            • String ID:
            • API String ID: 1404860816-0
            • Opcode ID: 851f212ca33a96329a236ef25a1c8ff418577852e1b67448bca19d48b42bbab3
            • Instruction ID: 05e5beccb5ef2c01f121da0461bc6c70d48738f2398a5ee16ab805b964545eb9
            • Opcode Fuzzy Hash: 851f212ca33a96329a236ef25a1c8ff418577852e1b67448bca19d48b42bbab3
            • Instruction Fuzzy Hash: D7426A71900715DFDB60DF64C881BAAB7F4FF04304F1485AAE999EB242E770AA84DF60
            Function 00CC4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
            • API String ID: 0-2518169356
            • Opcode ID: a5247ec1b6481ed770d9aa2c5f61a4ec0c3856a5fcab4fd1b72036e309b06c72
            • Instruction ID: 202697cdbb2129933082ec8e4d993a6247b68b6553888d15a67e690b257a40e4
            • Opcode Fuzzy Hash: a5247ec1b6481ed770d9aa2c5f61a4ec0c3856a5fcab4fd1b72036e309b06c72
            • Instruction Fuzzy Hash: E291AF72D00A198BCB25CF99C881BAEB7B0EF48310F59416DE811E7350D775EE81DB90
            Function 00C570C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
            • API String ID: 0-3178619729
            • Opcode ID: afdb45bba0c09462bf2045b64b704ab45a36fdae529e90bd0cd482e8ded569ab
            • Instruction ID: 5998310fbee2d61144d7c56be3341417717a1b9462aef898d1d6d2ba6d61ebad
            • Opcode Fuzzy Hash: afdb45bba0c09462bf2045b64b704ab45a36fdae529e90bd0cd482e8ded569ab
            • Instruction Fuzzy Hash: 0C13A074A04655CFDB24CF69C8807A9BBF1FF48305F148169E859AB381DB34AD89CF94
            Function 00C5A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
            Download Yara Rule
            Strings
            • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 00CA7D03
            • SsHd, xrefs: 00C5A885
            • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 00CA7D39
            • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 00CA7D56
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
            • API String ID: 0-2905229100
            • Opcode ID: 9c57864126a6ecbdaf1c904d8abc436469dff33449b9e3a6f144d88a5024267d
            • Instruction ID: 173d57a69caa887cf5086c749752eaa7290554d508c1929ee9d872fb56ebd706
            • Opcode Fuzzy Hash: 9c57864126a6ecbdaf1c904d8abc436469dff33449b9e3a6f144d88a5024267d
            • Instruction Fuzzy Hash: 2AD1C039A0421ADFCB24CF9AD8C06ADB7B1FF48315F14426AEC15AB341D3319D85DBA6
            Function 00C4A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
            • API String ID: 0-379654539
            • Opcode ID: 5117cd2c408f32e8e80e4442e688f8e0977149c5f17d9a4d754ddff82444bdcf
            • Instruction ID: af61331c45919543d037fc4b13d151790c0f0173e1c92dcba066d6397b74df0e
            • Opcode Fuzzy Hash: 5117cd2c408f32e8e80e4442e688f8e0977149c5f17d9a4d754ddff82444bdcf
            • Instruction Fuzzy Hash: 8EC1A974548782CFD720CF19C144B6AB7E4FF85708F04986AF8A68B291E774CA49DB63
            Function 00C78402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 00C78421
            • LdrpInitializeProcess, xrefs: 00C78422
            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00C7855E
            • @, xrefs: 00C78591
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1918872054
            • Opcode ID: e24d8af8bb4be139b67cce224eeafe297d40cf1ba5fad58bfbd3e03ad617b14e
            • Instruction ID: f4c25b826d135ff60d7c84c014dc73898d4ca25c76ce17e45c4c84407a154734
            • Opcode Fuzzy Hash: e24d8af8bb4be139b67cce224eeafe297d40cf1ba5fad58bfbd3e03ad617b14e
            • Instruction Fuzzy Hash: 4791AF71548344AFE721EF20CC49FABBBE8BF84744F40492DFA88D2151E774DA489B66
            Function 00C50C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
            Download Yara Rule
            Strings
            • HEAP[%wZ]: , xrefs: 00CA54D1, 00CA5592
            • HEAP: , xrefs: 00CA54E0, 00CA55A1
            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00CA55AE
            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00CA54ED
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
            • API String ID: 0-1657114761
            • Opcode ID: 995701c65b61b33281ca479be09c7ea0c62f2f9c3b235969bff6139c68b51619
            • Instruction ID: fabce1667e2fae9ff64e8b677232befe17ee8d44e34dee630edfed52131800e5
            • Opcode Fuzzy Hash: 995701c65b61b33281ca479be09c7ea0c62f2f9c3b235969bff6139c68b51619
            • Instruction Fuzzy Hash: 06A1E138A006069FD724CF65C441BBAB7F1BF55305F348529E896CB282D730F988DB65
            Function 00C7273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
            Download Yara Rule
            Strings
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00CB22B6
            • SXS: %s() passed the empty activation context, xrefs: 00CB21DE
            • .Local, xrefs: 00C728D8
            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00CB21D9, 00CB22B1
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
            • API String ID: 0-1239276146
            • Opcode ID: b87c8a67a88b490374c2526303bf207832c6e8f189c758bc78f7f597dc536aeb
            • Instruction ID: c47d0fe4e75a048efd9deceff212022067a52bf6b1caf76a3e1af9a819067d21
            • Opcode Fuzzy Hash: b87c8a67a88b490374c2526303bf207832c6e8f189c758bc78f7f597dc536aeb
            • Instruction Fuzzy Hash: DFA19E35900229DBCB24CF65D884BA9B3B5BF58314F2981EAE918A7251D7309F81DF91
            Function 00C74AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
            Download Yara Rule
            Strings
            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 00CB3456
            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 00CB342A
            • RtlDeactivateActivationContext, xrefs: 00CB3425, 00CB3432, 00CB3451
            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 00CB3437
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
            • API String ID: 0-1245972979
            • Opcode ID: 15811739aec81b849ec8268d6c8ee7db1f97904b85dd853f24ba7d079416262e
            • Instruction ID: e420bef5dd22b0274687d1b5f6405646e3e76c6bdf0bf67a98f5b4b3d3ab7fe5
            • Opcode Fuzzy Hash: 15811739aec81b849ec8268d6c8ee7db1f97904b85dd853f24ba7d079416262e
            • Instruction Fuzzy Hash: 73613532640B519FC726CF19C842B7AB7A5EF90B60F15852DF8699B280DB30EE01DF95
            Function 00C464AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
            Download Yara Rule
            Strings
            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00CA106B
            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00CA1028
            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00CA0FE5
            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00CA10AE
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
            • API String ID: 0-1468400865
            • Opcode ID: ea1090eb49fae3a41fa029ddd27e329b8da4597643faca58ac138077383345a4
            • Instruction ID: 34af4d32cf9dda8715724e0424e54cfc4ad183ba53945ef76f7423e3a18d8e53
            • Opcode Fuzzy Hash: ea1090eb49fae3a41fa029ddd27e329b8da4597643faca58ac138077383345a4
            • Instruction Fuzzy Hash: B771EFB19043059FCB20EF54C885F9B7FA8EF46764F140468F9498B28AD734DA88DBD2
            Function 00C6245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
            Download Yara Rule
            Strings
            • apphelp.dll, xrefs: 00C62462
            • minkernel\ntdll\ldrinit.c, xrefs: 00CAA9A2
            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00CAA992
            • LdrpDynamicShimModule, xrefs: 00CAA998
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-176724104
            • Opcode ID: 4da7e706823bc1273a0609519d1929fa4259cd4d235d949a4241886147aeb9a5
            • Instruction ID: 66b203f4ccd84920be0861820c9f079aa422b9c3b77ff3ea86bc3e4f7a27314d
            • Opcode Fuzzy Hash: 4da7e706823bc1273a0609519d1929fa4259cd4d235d949a4241886147aeb9a5
            • Instruction Fuzzy Hash: F3310D72600302BBD7209F69DD85A7E77B4FB85704F154069F811AB351C7B49E41DBA1
            Function 00CC20DE Relevance: 5.0, Strings: 4, Instructions: 41COMMON
            Download Yara Rule
            Strings
            • LdrpInitializationFailure, xrefs: 00CC20FA
            • ?f, xrefs: 00CC20EB
            • minkernel\ntdll\ldrinit.c, xrefs: 00CC2104
            • Process initialization failed with status 0x%08lx, xrefs: 00CC20F3
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: ?f$LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
            • API String ID: 0-3151172323
            • Opcode ID: df05369b3901d128d353c6534ab8fd208fa686e50ada68fa0322dca848b1c9fd
            • Instruction ID: 7809c70f5974db8dcfb57f0a9fa7d4227e31ba47c22f1ed0165114c8a719a743
            • Opcode Fuzzy Hash: df05369b3901d128d353c6534ab8fd208fa686e50ada68fa0322dca848b1c9fd
            • Instruction Fuzzy Hash: A3F0C2B1640318BBD724EB4CDD57F993768EB41B54F140069FA00B76C1D2B0AE40D691
            Function 00C529A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
            Download Yara Rule
            Strings
            • HEAP[%wZ]: , xrefs: 00C53255
            • HEAP: , xrefs: 00C53264
            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00C5327D
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
            • API String ID: 0-617086771
            • Opcode ID: df8cad6dd328fd7fb16632c2b7312d5d256330a5597d012ac23b3d404c025bbb
            • Instruction ID: fba9f810df09258d72a26f97cbfcf328d2a4fb2a064b51902b6e99812d0d76cd
            • Opcode Fuzzy Hash: df8cad6dd328fd7fb16632c2b7312d5d256330a5597d012ac23b3d404c025bbb
            • Instruction Fuzzy Hash: F292EE74A04288DFDB25CF69C4407AEBBF1FF49301F148059E856AB392D734AA89DF54
            Function 00CD02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: """"$MitigationAuditOptions$MitigationOptions
            • API String ID: 0-1670051934
            • Opcode ID: feba91447ac8da8434f1f1681765bcfa5f89a9f7c82add43e9c6e149d8af2b93
            • Instruction ID: 85c571e5ad5be536ba5fe65121c292621dd10ebca7c103a33a5f1326d9f747e0
            • Opcode Fuzzy Hash: feba91447ac8da8434f1f1681765bcfa5f89a9f7c82add43e9c6e149d8af2b93
            • Instruction Fuzzy Hash: F0226E72A047018FD724CF2EC85572ABBE1BBD4310F25892FE6AA87790D771EA45CB41
            Function 00C50770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-4253913091
            • Opcode ID: 506ffc1fbab762dac00ac5d99012f97d6575dc41d0acfc88441aa4161369ff73
            • Instruction ID: 01ad7241ff06bf70e8859c3c34e5b578b4d90403ff4c5dcfbf69dc352c536699
            • Opcode Fuzzy Hash: 506ffc1fbab762dac00ac5d99012f97d6575dc41d0acfc88441aa4161369ff73
            • Instruction Fuzzy Hash: 04F1BC74A00A06DFDB14CF69C884B6AB7B1FF45304F248268E916DB392D734EE85DB94
            Function 00C41460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
            Download Yara Rule
            Strings
            • HEAP[%wZ]: , xrefs: 00C41712
            • HEAP: , xrefs: 00C41596
            • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 00C41728
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
            • API String ID: 0-3178619729
            • Opcode ID: dc18b2d069eab28cf1a23a7011cf86944fd3934d6a9e071b7847b341b8cdd027
            • Instruction ID: 5402e947a369ea0c443dacf7233b9e61aad9a158f85f4b60579bf16ee6603947
            • Opcode Fuzzy Hash: dc18b2d069eab28cf1a23a7011cf86944fd3934d6a9e071b7847b341b8cdd027
            • Instruction Fuzzy Hash: F8E1D130A046459BCB25CF69C455BBABBF1FF85300F28846DE9E6CB246D734EA81DB50
            Function 00C66962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: $@
            • API String ID: 0-1077428164
            • Opcode ID: 4cef6122dc80daee578619d18ce896af54c26255c05bec9319b884fbe0d14ecf
            • Instruction ID: 1bbeebb61df5dac0a1b9a3e9990c66bfea8fbe6c1b307e7e6becbd0a9ca227a8
            • Opcode Fuzzy Hash: 4cef6122dc80daee578619d18ce896af54c26255c05bec9319b884fbe0d14ecf
            • Instruction Fuzzy Hash: B3C298716083419FDB35CF25C881BABBBE5AF89708F048A2DF999C7241D734D944DB92
            Function 00C3A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: FilterFullPath$UseFilter$\??\
            • API String ID: 0-2779062949
            • Opcode ID: cf594cf056f584fa7e9746f4825006907ba4f5ed6a9392aa7a2b3854e0e1dce6
            • Instruction ID: e1ab4bd7065d1a78f1f257c52b6b44d1a6fec8407746f173ab9e8df7134729b1
            • Opcode Fuzzy Hash: cf594cf056f584fa7e9746f4825006907ba4f5ed6a9392aa7a2b3854e0e1dce6
            • Instruction Fuzzy Hash: B2A156719116299BDF31AB24CC8DBEAB7B8EF48710F1041EAE909A7250E7359F84CF54
            Function 00C60BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
            Download Yara Rule
            Strings
            • Failed to allocated memory for shimmed module list, xrefs: 00CAA10F
            • LdrpCheckModule, xrefs: 00CAA117
            • minkernel\ntdll\ldrinit.c, xrefs: 00CAA121
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
            • API String ID: 0-161242083
            • Opcode ID: f43d267e229c831b7a4637769c57feac016eb21e1d31f02f756bf3e6516156ac
            • Instruction ID: 0c8256032112f74b487760c6100618af27096a39dc82b665a5a6e02769610833
            • Opcode Fuzzy Hash: f43d267e229c831b7a4637769c57feac016eb21e1d31f02f756bf3e6516156ac
            • Instruction Fuzzy Hash: 3471AE71A00205EFCB24DF68C981ABEB7F4FB48704F248569E812EB751E734AE41DB51
            Function 00C50A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-1334570610
            • Opcode ID: 52d30a747736bf39204f823e09085c7b2697f9448eadfa2d5e423a598f9ccc51
            • Instruction ID: b799bcb9fe347f497e98d0484aff4e2b8f2d4d862b61cdf75c9b44b8b5ba082e
            • Opcode Fuzzy Hash: 52d30a747736bf39204f823e09085c7b2697f9448eadfa2d5e423a598f9ccc51
            • Instruction Fuzzy Hash: 4C61DD74600702EFDB28CF24C481B6ABBE1FF45309F248569E859CB292D770E985DBA5
            Function 00CEDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
            Download Yara Rule
            Strings
            • HEAP[%wZ]: , xrefs: 00CEDC12
            • HEAP: , xrefs: 00CEDC1F
            • Heap block at %p modified at %p past requested size of %Ix, xrefs: 00CEDC32
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
            • API String ID: 0-3815128232
            • Opcode ID: 0d2a0b8caaf2eb31133e8024e4e2919c5c375455852392d57b12a24eef36e626
            • Instruction ID: 269acb0b54e76e6d5bc1681c5ffae24354908ffad43a79fb9f7d1df3d4540222
            • Opcode Fuzzy Hash: 0d2a0b8caaf2eb31133e8024e4e2919c5c375455852392d57b12a24eef36e626
            • Instruction Fuzzy Hash: FB512235110290CBE764CF2BC84577273E2EF45384F26889AE4E3CB281E276DD42EB61
            Function 00C7C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 00CB82E8
            • Failed to reallocate the system dirs string !, xrefs: 00CB82D7
            • LdrpInitializePerUserWindowsDirectory, xrefs: 00CB82DE
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1783798831
            • Opcode ID: 81465c7b0b8e8c3520446d5286a563740b56a73959a92e9623d87efeb1f237cb
            • Instruction ID: c6b7754ffd02c7effceba6f8564643d06bd186b4c60a3a2be78d7f2e4f271f61
            • Opcode Fuzzy Hash: 81465c7b0b8e8c3520446d5286a563740b56a73959a92e9623d87efeb1f237cb
            • Instruction Fuzzy Hash: CE4112B5504301ABC724EB64DC82B9B77E8EF49790F04892EF958D32A1EB70D904DBA5
            Function 00CFC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
            Download Yara Rule
            Strings
            • @, xrefs: 00CFC1F1
            • PreferredUILanguages, xrefs: 00CFC212
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 00CFC1C5
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
            • API String ID: 0-2968386058
            • Opcode ID: 7ba69ff4a890e5f1424b7fb4f9debd0218f4b68f2ff20978e6de376806d1fcdd
            • Instruction ID: 9f67d33b14a9a97b9e51b3a50cd62611ced0a71618be4bc69fbcc1474d856791
            • Opcode Fuzzy Hash: 7ba69ff4a890e5f1424b7fb4f9debd0218f4b68f2ff20978e6de376806d1fcdd
            • Instruction Fuzzy Hash: BA417C72E0021EEBDB51DAD4C985FFEB7B8EB14704F10406AEA15B7280D7749F449B91
            Function 00CD4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
            • API String ID: 0-1373925480
            • Opcode ID: 41a87c1f36d05741036dcb7020c5c439a4042c7dbfb02ba252cd04b0f889c68f
            • Instruction ID: 6f8b3234e8e13db812907bdd89a4a2e4b7d2fde80803ce9d1da79e1907ff286c
            • Opcode Fuzzy Hash: 41a87c1f36d05741036dcb7020c5c439a4042c7dbfb02ba252cd04b0f889c68f
            • Instruction Fuzzy Hash: 094101719042988BEB29DBE5C845BADB7B9FF45340F24046AEB11EB792DB348A41CB10
            Function 00CC4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrredirect.c, xrefs: 00CC4899
            • LdrpCheckRedirection, xrefs: 00CC488F
            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 00CC4888
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-3154609507
            • Opcode ID: 8610ccb6ed139b5448596113bdf28fef7799aaabb2323c15811b78bdf377f433
            • Instruction ID: 4bebd458e33ca073eee1633a30cdc74f5e246843e99dc42bb10cd3cd2a125c20
            • Opcode Fuzzy Hash: 8610ccb6ed139b5448596113bdf28fef7799aaabb2323c15811b78bdf377f433
            • Instruction Fuzzy Hash: 7341DE32A043509BCB29CF29D860F66BBE4AF49B50B05826DEC68D77A1D330DD00DB91
            Function 00C50BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-2558761708
            • Opcode ID: 6f0691086fc76d2b40d5ffc320f95fc5ba17090b064e856d51dcea38171b132a
            • Instruction ID: 970394a1f8bef2e3172b076b93e9a10e269128804873f1408d352d1198a5b0d2
            • Opcode Fuzzy Hash: 6f0691086fc76d2b40d5ffc320f95fc5ba17090b064e856d51dcea38171b132a
            • Instruction Fuzzy Hash: 3511E131314A02DFCB18C615D482B7AB3A4EF4671AF35C169E816CB291DB30DCC4DB59
            Function 00C503E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: #%u
            • API String ID: 48624451-232158463
            • Opcode ID: e62dd32ecff4d273ee67a1ecdc8ee4dc5868049dcc7971813a30823f709caf51
            • Instruction ID: 8f90a0c6359f24fa652fdc58c4f6f0aee40e4a7d718f16cc29ae3d9be1187672
            • Opcode Fuzzy Hash: e62dd32ecff4d273ee67a1ecdc8ee4dc5868049dcc7971813a30823f709caf51
            • Instruction Fuzzy Hash: 48715971A0014A9FCB05DFA8C981BAEB7B8EF48744F240065E905E7251EB74EE45DB64
            Function 00C552A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: @$@
            • API String ID: 0-149943524
            • Opcode ID: d803eae51a4ed87298238337801744e51c93c6f2278f773c615db049d09c0679
            • Instruction ID: 7f6bad260902b5c39a6128c4d8723a736d5748c310d2550427a2aba5b1faae58
            • Opcode Fuzzy Hash: d803eae51a4ed87298238337801744e51c93c6f2278f773c615db049d09c0679
            • Instruction Fuzzy Hash: 6832CD785087528BC7248F15C4A073EB7E1EF89745F18492EFCA58B2A0E734DE88DB56
            Function 00C4A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
            Download Yara Rule
            Strings
            • LdrResSearchResource Exit, xrefs: 00C4AA25
            • LdrResSearchResource Enter, xrefs: 00C4AA13
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
            • API String ID: 0-4066393604
            • Opcode ID: 8f25390656faf3f9b08a73a69f80dc811f38878a7bb4b5a8e57a929a249eb562
            • Instruction ID: e3f656f3b84cabb8dabeac507ebe161fb3eb54c040cde66324c26ed0c2556a7c
            • Opcode Fuzzy Hash: 8f25390656faf3f9b08a73a69f80dc811f38878a7bb4b5a8e57a929a249eb562
            • Instruction Fuzzy Hash: C6E1AE71E80269AFEB21CF99C980BAEB7B9FF09314F10402AF911E7250D7349E41EB51
            Function 00C42FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: @4_w@4_w$PATH
            • API String ID: 0-1852745621
            • Opcode ID: 7b8853df16d695ba2a0c8a8d741aed88dcf8abe4fc13bbb5d5f29750f346e3e7
            • Instruction ID: 3ef61a8f11a9de417aba5fb0222b22bbd267b17e110a064dd042242a848bc3f9
            • Opcode Fuzzy Hash: 7b8853df16d695ba2a0c8a8d741aed88dcf8abe4fc13bbb5d5f29750f346e3e7
            • Instruction Fuzzy Hash: C1F19D71E00258EBCB25DF99D881ABEBBB1FF88700F548029E851EB351D774AE41DB64
            Function 00D0A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: `$`
            • API String ID: 0-197956300
            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction ID: 9398753f71f67e958e694d5922e878b523af56d0e4b8024ee160b8ee4593a8b7
            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction Fuzzy Hash: 9FC1CF312043429BDB24CF28C845B6BBBE5FFC4318F188A2DF5998A2D1D7B5D945CB62
            Function 00C40CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
            Download Yara Rule
            Strings
            • ResIdCount less than 2., xrefs: 00C9EEC9
            • Failed to retrieve service checksum., xrefs: 00C9EE56
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
            • API String ID: 0-863616075
            • Opcode ID: 3d7d717b7cb779451a2542ece4562133178a6ad001037abbdbf233c24d3bcf83
            • Instruction ID: 50d064d4b36be6d7ffcf043137d774babb408d67812f5510ec6db4c635c473f8
            • Opcode Fuzzy Hash: 3d7d717b7cb779451a2542ece4562133178a6ad001037abbdbf233c24d3bcf83
            • Instruction Fuzzy Hash: 68E102B19087849FE324CF15C441BABBBE4FB88314F108A2EE5998B391D7719949CF56
            Function 00CBE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Legacy$UEFI
            • API String ID: 2994545307-634100481
            • Opcode ID: d9c2f39bbddcab40e813b0fd8dbdc39a5a3c24b4616ee9730f7ada81e95e0e9e
            • Instruction ID: b6b5a03b8a7b2107d987adc654d87ab1c710dbef81d88accc439b1c347a63c19
            • Opcode Fuzzy Hash: d9c2f39bbddcab40e813b0fd8dbdc39a5a3c24b4616ee9730f7ada81e95e0e9e
            • Instruction Fuzzy Hash: E4613B71E006189FDB14DFA9C841BEEBBB5FB48B04F24806DE959EB291DB31AD40DB50
            Function 00CE43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: @$MUI
            • API String ID: 0-17815947
            • Opcode ID: e618d19e0882c77c1ba2a14ba77383c4554655e3049605538a4d3df2f4b24691
            • Instruction ID: 4c90d8b98a451f56ae37a41fb41b2ac2d416de7985647d0f74f446b0a9b993e6
            • Opcode Fuzzy Hash: e618d19e0882c77c1ba2a14ba77383c4554655e3049605538a4d3df2f4b24691
            • Instruction Fuzzy Hash: 625156B1E0125DAFDB11DFA5CC85EEEBBB8EB08754F10052AE911B7280D7309E45DBA0
            Function 00C404E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
            Download Yara Rule
            Strings
            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00C4063D
            • kLsE, xrefs: 00C40540
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
            • API String ID: 0-2547482624
            • Opcode ID: 8ed210d0aa897d80745e861d91cd6b6fa52cc8c41bf26fe51fcdb7339fb9a14d
            • Instruction ID: e56e40e945f0af44e4be3b09fdb9505f7e66cd08d81554abe7bd921dd82a9662
            • Opcode Fuzzy Hash: 8ed210d0aa897d80745e861d91cd6b6fa52cc8c41bf26fe51fcdb7339fb9a14d
            • Instruction Fuzzy Hash: CB51BE715547429BC724EF64C4456E7B7E8FF84304F20883EEAAA87241E770EA45CF96
            Function 00C4A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
            Download Yara Rule
            Strings
            • RtlpResUltimateFallbackInfo Exit, xrefs: 00C4A309
            • RtlpResUltimateFallbackInfo Enter, xrefs: 00C4A2FB
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
            • API String ID: 0-2876891731
            • Opcode ID: 653fb6a70c3a60eafa114fb2edd7365f4fa09b36729b43190c2863922655e35e
            • Instruction ID: 16eb5edaa41a44ec23854963cbb8acdee1f1bba2cf7ccec982c104762f7e447d
            • Opcode Fuzzy Hash: 653fb6a70c3a60eafa114fb2edd7365f4fa09b36729b43190c2863922655e35e
            • Instruction Fuzzy Hash: DE41DF70A40659CBCB21CF69D840BAE77B4FF86304F2440A9EC21DB2A1E335DE40DB51
            Function 00C7A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Cleanup Group$Threadpool!
            • API String ID: 2994545307-4008356553
            • Opcode ID: a2c66f8b6f77beaba65e2547ad9db967cd914cf466e9b7b5387b0410dd95f8ea
            • Instruction ID: 4cf3dc403fce2f970e01f17f858961342a96cbd1d39fc8c1c2e7c10e1b21b18c
            • Opcode Fuzzy Hash: a2c66f8b6f77beaba65e2547ad9db967cd914cf466e9b7b5387b0410dd95f8ea
            • Instruction Fuzzy Hash: 83018BB2240B00EFD311DF14CD4AB1A76E8E784715F048979B558C7190E334D945DB56
            Function 00C4C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: MUI
            • API String ID: 0-1339004836
            • Opcode ID: 5a98ddd495b0b63c4fca6b49a9f8016479e72cd64cff7a01a2c74dadf5810fa8
            • Instruction ID: e8bd3f6d361838aa598fa7d965e77efe0ab66def5991ed6e7de1d13725467560
            • Opcode Fuzzy Hash: 5a98ddd495b0b63c4fca6b49a9f8016479e72cd64cff7a01a2c74dadf5810fa8
            • Instruction Fuzzy Hash: 98825D75E012189FDB64DFA9C984BEDB7B1FF48710F148169E82AAB360D7709E81CB50
            Function 00C92F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: P`MwRbMw
            • API String ID: 0-3798419607
            • Opcode ID: 7a4c91951c6af37dac7dab16aa515b33c4d688989416ea7403018d2431b154a3
            • Instruction ID: efdde07673835692c3f879fb34f27e2db94bef3563d55a3cff5650d6a925d755
            • Opcode Fuzzy Hash: 7a4c91951c6af37dac7dab16aa515b33c4d688989416ea7403018d2431b154a3
            • Instruction Fuzzy Hash: 1942E271D042DAAADF29DFA9D84D6BDBBB1FF05310F24801AE461AB290D7348F81DB54
            Function 00CECD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: @
            • API String ID: 0-2766056989
            • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
            • Instruction ID: f5027c4a34d6c072ea8ba35de7d88788d6934eac4620e7643eff5a4ed80c693b
            • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
            • Instruction Fuzzy Hash: BF621770D012188FCB98DF9AC4D4AADB7B2FF8C311F608199E9816BB45C7356A16CF60
            Function 00C62E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: 0
            • API String ID: 0-4108050209
            • Opcode ID: 490e699cfb5f43b15b425e9417e06985d968dbca86f0c46ef0dd3ff3268b075b
            • Instruction ID: e26d14827975434359a3ff416e731c3baa4957156b239946c7b9c0306eb70f38
            • Opcode Fuzzy Hash: 490e699cfb5f43b15b425e9417e06985d968dbca86f0c46ef0dd3ff3268b075b
            • Instruction Fuzzy Hash: FFF1AB71608782CFCB35CF25C4D0A6ABBE1AF89714F14482DF8AA87251DB34DE49DB52
            Function 00CCEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: __aullrem
            • String ID:
            • API String ID: 3758378126-0
            • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
            • Instruction ID: 41a6bf574741dbea910d07c67c1d94753b382c3b9c0287d9dc952f11502d131d
            • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
            • Instruction Fuzzy Hash: 8F417F71F001199BCF18DFB9C880AAEB7E2BF88714B18827DD625E7281D6349D558790
            Function 00CF1AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: .
            • API String ID: 0-248832578
            • Opcode ID: bc4c5f8441341bc6888779b3bfe922aa3e9c336f7b5ef342a9436d95b1619afa
            • Instruction ID: dd09361a8f1839dcc019a7c6a268cedfa23db6686aa641fd9bc5ba927da5ac5c
            • Opcode Fuzzy Hash: bc4c5f8441341bc6888779b3bfe922aa3e9c336f7b5ef342a9436d95b1619afa
            • Instruction Fuzzy Hash: F4E18775D0026CCBCB64CFA9C4806BDB7B1FF48700F68815AED95AB290E7749E82DB51
            Function 00C5CFE0 Relevance: 1.6, Strings: 1, Instructions: 345COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: 8>f
            • API String ID: 0-808301098
            • Opcode ID: c2eba7aaef8102f20093fdd1cd122b30fce9e5198cecfe7bdbb327be49d78bb6
            • Instruction ID: fc43fe160987824ad727a749252af2cce812065980c8ced24f33c4fb99f04dee
            • Opcode Fuzzy Hash: c2eba7aaef8102f20093fdd1cd122b30fce9e5198cecfe7bdbb327be49d78bb6
            • Instruction Fuzzy Hash: DBD1D339A007198FEB34CB15CC91BAEB7B1BB44315F0440A9DD0AA7291DB74AEC9CF56
            Function 00C40100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 2611041d3b8ff11de12946054982067e5b7b3645db307e7e9d9234e530a0d963
            • Instruction ID: 26a3c3bf86c3f4a733e42f0f495643e58ee1d2a3fb188688d5d173a7a3e6722c
            • Opcode Fuzzy Hash: 2611041d3b8ff11de12946054982067e5b7b3645db307e7e9d9234e530a0d963
            • Instruction Fuzzy Hash: EFA16C31E843286BDF34DE258849BFE6BA47F65314F244099FF56A72D2C6B08E40DB54
            Function 00CF4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: d0568839fbaddb8770224509295ad554a8a2429e93d9c166ae041dd34f9058c5
            • Instruction ID: c29a301214daf13b6bf6b877f330e7c1e43ca2c085e42c06972dbe435cdf1f44
            • Opcode Fuzzy Hash: d0568839fbaddb8770224509295ad554a8a2429e93d9c166ae041dd34f9058c5
            • Instruction Fuzzy Hash: 5FA11531A0036C6ADFBCAB65C841BFB27A49F86714F140499BF569B2C1D774CE40DB62
            Function 00CC6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: f202bacb37f791d3f5b6d81cbf9b1d6e48f6814745a2956b247f24e4eb5accbd
            • Instruction ID: 54e29b6da43efad65e95f82b3d3efef4fe6804db50483f628d235ed9ab774240
            • Opcode Fuzzy Hash: f202bacb37f791d3f5b6d81cbf9b1d6e48f6814745a2956b247f24e4eb5accbd
            • Instruction Fuzzy Hash: 2F9193B1900619AFDB21DF95CD85FAEB7B8EF04B50F200069F601AB291D774EE44DBA4
            Function 00CEE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: a1d2c1210206e9b2dff305036e74ffcd2afd4368ddd4d59ccfa10fc9516ab50e
            • Instruction ID: 4db6829c89bc6f41cb1736ebe7da269aacd461479cc9a2c9dd3b42114f2e2f7d
            • Opcode Fuzzy Hash: a1d2c1210206e9b2dff305036e74ffcd2afd4368ddd4d59ccfa10fc9516ab50e
            • Instruction Fuzzy Hash: 3E91F332900689BBDB22AFA2CC45FAFBB7DEF45780F100025F511A7261EB749E45DB54
            Function 00C7A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: GlobalTags
            • API String ID: 0-1106856819
            • Opcode ID: 077a1a106b5a359237f8c1ce38f12496fc5d5ac95420374763176ae7c6056c42
            • Instruction ID: a6dd22f64bdccf93f0e687b4902671dd5889ecbf4fa6272d1731e31a13cdf371
            • Opcode Fuzzy Hash: 077a1a106b5a359237f8c1ce38f12496fc5d5ac95420374763176ae7c6056c42
            • Instruction Fuzzy Hash: 14716D75E0021A9FDF28CF99D5916EDBBB1BF48704F24812EE815B7281DB399D41CB60
            Function 00CE4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: .mui
            • API String ID: 0-1199573805
            • Opcode ID: 0e3c206bc00763466dc48990558094d33fa649541a8d3024a4febf0160fea45e
            • Instruction ID: 74025e43c86039a22580e89a2d9cad6816c67201f7250e0abd8b9dc5defa6b86
            • Opcode Fuzzy Hash: 0e3c206bc00763466dc48990558094d33fa649541a8d3024a4febf0160fea45e
            • Instruction Fuzzy Hash: 145190B2D00669DBCF18DF9AD844AAEB7B5AF04B10F054129F911BB341D7389D01EBA4
            Function 00C5E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: EXT-
            • API String ID: 0-1948896318
            • Opcode ID: 3c50af2b0ba7ccd61efe8518d28f98ed724dcd9b53f6202c15ada20577a46a80
            • Instruction ID: 8ff8d5edb0ccb9793983271881c372dc592667238cdcaceb7fdc97ef4b1ed9fd
            • Opcode Fuzzy Hash: 3c50af2b0ba7ccd61efe8518d28f98ed724dcd9b53f6202c15ada20577a46a80
            • Instruction Fuzzy Hash: 6441CF765083019BD724DA75C881B6BB7E8AF88745F040A2DFD84E7180EB74DB88D79A
            Function 00CBC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: BinaryHash
            • API String ID: 0-2202222882
            • Opcode ID: 2fcd153c8b0807ca48d2096af601caf59d974f4dfca9e41de25edd06d32ff9cb
            • Instruction ID: 228f566a765b4d6caa15c6fbd22416f826b5788f7e96c47a302dab2a93558869
            • Opcode Fuzzy Hash: 2fcd153c8b0807ca48d2096af601caf59d974f4dfca9e41de25edd06d32ff9cb
            • Instruction Fuzzy Hash: F54143B1D0112CABDB21DA50CC85FDEB77CAB44718F0045A5FA18AB181DB719E899FA8
            Function 00C6A470 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: f
            • API String ID: 0-3739981918
            • Opcode ID: 3fd2f872dc745787b2a27b02e086e3d676d73af40c266df1a51932e1fe130f9a
            • Instruction ID: 4138f25de243e2f08362645f9b67522c5250f2e2f61c188dada5205dd5cb751a
            • Opcode Fuzzy Hash: 3fd2f872dc745787b2a27b02e086e3d676d73af40c266df1a51932e1fe130f9a
            • Instruction Fuzzy Hash: B2417C32940615CFCB25DF68D8917AD77B0BF09354F180165E422BB392DB74AA40DFA5
            Function 00CD6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: #
            • API String ID: 0-1885708031
            • Opcode ID: 382c2d4cd229c883cbb08036b9d6d8dd4f61f8133f095429c6942a3e8707f90a
            • Instruction ID: 710aa3a95b424747b03440f0c8ce5dddb1a8233c4e944605c0f9cc94a4468d8b
            • Opcode Fuzzy Hash: 382c2d4cd229c883cbb08036b9d6d8dd4f61f8133f095429c6942a3e8707f90a
            • Instruction Fuzzy Hash: 613159316107199BDB21DF69CC50BEE77B8EF84704F10402AEA90AB382D775ED45CB50
            Function 00CBCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: BinaryName
            • API String ID: 0-215506332
            • Opcode ID: ac0ba519c8ace52bcec96fcd2ed10780239c6b87be4c7a4b1d8ffb3c17ba7592
            • Instruction ID: 72bcc4b4c360dd47542c90babb6c710977d9f6f362c20f15240f272494081f07
            • Opcode Fuzzy Hash: ac0ba519c8ace52bcec96fcd2ed10780239c6b87be4c7a4b1d8ffb3c17ba7592
            • Instruction Fuzzy Hash: 8C310476900519AFEB15DB59C897EBFBBB4EF80760F114129E815AB250D730AE04DBE0
            Function 00CBE609 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: <=f
            • API String ID: 0-470370613
            • Opcode ID: 049159c36f73dd7190a4951a95c4146f87c880f7a6b780a1817fd9b9a490a198
            • Instruction ID: 0c5679bd120c8937abf2591d9694403d084f44799232956cf43d309f3d9a2ff6
            • Opcode Fuzzy Hash: 049159c36f73dd7190a4951a95c4146f87c880f7a6b780a1817fd9b9a490a198
            • Instruction Fuzzy Hash: 30317C75A00209AFCB14CF18C8809EEB7B5EFA4704F15845AF80A9B391E731EE41CBA4
            Function 00CC06F1 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: ?f
            • API String ID: 0-990081443
            • Opcode ID: e5f56c46c2bf0e4c1c52b0e25c2f30965b3af9fe85cbf01a3b1139f7fb6283ec
            • Instruction ID: 42977e573ba5a4bc3edfeb2a29cd23e650af8466745cc95cf6c4817aa41f3d92
            • Opcode Fuzzy Hash: e5f56c46c2bf0e4c1c52b0e25c2f30965b3af9fe85cbf01a3b1139f7fb6283ec
            • Instruction Fuzzy Hash: 7621AD71900629DBCF14DF59C881ABEB7F8FF48740B500069F941EB250D738AE41DBA0
            Function 00CC0946 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: ?f
            • API String ID: 0-990081443
            • Opcode ID: f9a193de71666e08cdcd53c706f025d431981ba8675ba76b2983b30d9a4e77ef
            • Instruction ID: b1d0d6d90b4665d874e4763ef154f8df12e5781556a21c8a1ee3b08d5934c53f
            • Opcode Fuzzy Hash: f9a193de71666e08cdcd53c706f025d431981ba8675ba76b2983b30d9a4e77ef
            • Instruction Fuzzy Hash: F621E5B1E10318ABCB14DFAAE981AAEFBF8FF98710F10012EE415A7251D7709941CB64
            Function 00CC892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
            Download Yara Rule
            Strings
            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 00CC895E
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
            • API String ID: 0-702105204
            • Opcode ID: a6c4bf33cf900e476af12ac10297d561787df0cba9cfca7242c11f44ac12fbc6
            • Instruction ID: 26220b6534454d740f3f566e1c4b20bbb44f4f0dd2f6493cc6a8780bfb96949f
            • Opcode Fuzzy Hash: a6c4bf33cf900e476af12ac10297d561787df0cba9cfca7242c11f44ac12fbc6
            • Instruction Fuzzy Hash: 1B012B352107109FD724AB55EC85FBB7B65FF81390F04002CF54216562CF30AC89D6BA
            Function 00C7E8F0 Relevance: 1.0, Instructions: 985COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2af9c9f1fc4be49395e44d669220fb128d3780e22ad276e952b1b29ff11fb61a
            • Instruction ID: 6c8e5ffe73150c3fba5d4156fd9e6270ac9f6fab33044ea40555ad3a9a44fb08
            • Opcode Fuzzy Hash: 2af9c9f1fc4be49395e44d669220fb128d3780e22ad276e952b1b29ff11fb61a
            • Instruction Fuzzy Hash: E1821F72F102188BCB58CFADDC916DDB7F2FF88314B19812DE41AEB345DA34A8568B45
            Function 00C8516C Relevance: .8, Instructions: 785COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 077e1299628864541c5cc1e3b6b3f83007ffc60f97b03b6db9ed27fd99a6afac
            • Instruction ID: efce0ee2a0d5daac7ae83f700b72e708e839839b48efb72b8f5ae00ce70f6d29
            • Opcode Fuzzy Hash: 077e1299628864541c5cc1e3b6b3f83007ffc60f97b03b6db9ed27fd99a6afac
            • Instruction Fuzzy Hash: 6462B276904A4AAFCF15DF08D4905AEFB62BE61318B55C25CC8AA27704D3B1BE44CBD8
            Function 00CE2000 Relevance: .8, Instructions: 757COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5ecad871185486fc6256c09cb5a49bb2fcd1c679878d4288a417f8e313086423
            • Instruction ID: 4903a7c5241cbb432ed9a9bb96407709e32b9df07d337ddf0169c6d6e8fe7071
            • Opcode Fuzzy Hash: 5ecad871185486fc6256c09cb5a49bb2fcd1c679878d4288a417f8e313086423
            • Instruction Fuzzy Hash: 9542C0726083818BD725CF66C891B6FB7E9BF88300F18092DFA9297290D771DE45DB52
            Function 00C9739A Relevance: .7, Instructions: 705COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fc5904c00a08c31c06f3a050ab1e63840c9babffbbf95704f29e56e2ff31980f
            • Instruction ID: c0d477adc9b2676f154527eb9a8db608ec13d7df60ebad0f211ac89a189024e3
            • Opcode Fuzzy Hash: fc5904c00a08c31c06f3a050ab1e63840c9babffbbf95704f29e56e2ff31980f
            • Instruction Fuzzy Hash: EA42B171A156168FCF19CF59C4846BEB7B2FF88314B24865DE452AB381D734EE42CBA0
            Function 00C95AA0 Relevance: .7, Instructions: 652COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
            • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
            • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
            • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
            Function 00C6B2C0 Relevance: .6, Instructions: 629COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 38ca3847e9835a36bd63fb720fbb2c9770f52f331850dfd80f968c3f4aeebca5
            • Instruction ID: 48cbe08046239ab92077edd5f0ecefaf42eaaf74e1dbd3bdb3e7c06c52148a74
            • Opcode Fuzzy Hash: 38ca3847e9835a36bd63fb720fbb2c9770f52f331850dfd80f968c3f4aeebca5
            • Instruction Fuzzy Hash: 4E328E72E00219DBCB24DFA8D891BBEBBB5FF54714F184029E815AB391E7359D41CBA0
            Function 00CD8158 Relevance: .6, Instructions: 617COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e1c71fb72ae83fc18f595554eafde052fcc1ff95db718096239387a9d3adb58
            • Instruction ID: bf5acbe818727aa4da728ec6f76b0f5fed53d715a5acf54411420333e4a09fa8
            • Opcode Fuzzy Hash: 9e1c71fb72ae83fc18f595554eafde052fcc1ff95db718096239387a9d3adb58
            • Instruction Fuzzy Hash: 16424B75A002198FDB24CF69C881BADB7F5BF48310F15819AE959EB342DB349D89CF60
            Function 00C52840 Relevance: .6, Instructions: 605COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 781eaa09499a5a25dfacb17f363994e5a235362b57a9c23ce2bccd3125cfe26d
            • Instruction ID: db1df1795321291f1ce067d148b6b6139dc2c69e15744130c7136ac050ef2d9d
            • Opcode Fuzzy Hash: 781eaa09499a5a25dfacb17f363994e5a235362b57a9c23ce2bccd3125cfe26d
            • Instruction Fuzzy Hash: FD32F174A007568FDB24CF6AC8447BEBBF2BF86308F28411DE4669B381D735A946DB50
            Function 00CEA118 Relevance: .6, Instructions: 591COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ffaa6879f58001bba929272b5f5761b6fccec5ee9cca4a1ec00ac86a76b5a3c5
            • Instruction ID: e8007117ddb0266bb9f201feb70f6aa1046a5768567ec3d8e9267a2355feabb8
            • Opcode Fuzzy Hash: ffaa6879f58001bba929272b5f5761b6fccec5ee9cca4a1ec00ac86a76b5a3c5
            • Instruction Fuzzy Hash: F322E3742046D18FDB24CF2BC094376B7F1AF45300F18849AE8A68F296D775FA52DB62
            Function 00D016CC Relevance: .6, Instructions: 571COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 078d8e0d41cafa3b6b569c8e4deee5340de3be11e311e96eb70dca038664f135
            • Instruction ID: 68686534f9f9e4c44ef604ae83ee51071996dad2ed362f676ea49690ac4c7f3d
            • Opcode Fuzzy Hash: 078d8e0d41cafa3b6b569c8e4deee5340de3be11e311e96eb70dca038664f135
            • Instruction Fuzzy Hash: AE227239A002168FDB19CF59C4907AAB7F1FF89314B28856DD8599B385DB30ED42CBA0
            Function 00C6FB80 Relevance: .6, Instructions: 559COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c5dec0ec533581ee40cef51e83bca43bfdd7864483b64e81e796529ec9a7e277
            • Instruction ID: 97cd69859bcb585cb59bbbd32be99073404201896fa967bb0fcb50905c2f211d
            • Opcode Fuzzy Hash: c5dec0ec533581ee40cef51e83bca43bfdd7864483b64e81e796529ec9a7e277
            • Instruction Fuzzy Hash: 8E229375900209AFDB14DFA4C880BEFB7B5FF44310F248569E8259B285EB35EA85DB90
            Function 00C68DBF Relevance: .6, Instructions: 554COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 646a221bf11e68faec94d9c3545a05da8551be7024131eef58a9a2d54f6ef453
            • Instruction ID: 69332d1f04233a2e7c65db411c2e1ee72c4e3323f81fe4649f0dc72208a6df7f
            • Opcode Fuzzy Hash: 646a221bf11e68faec94d9c3545a05da8551be7024131eef58a9a2d54f6ef453
            • Instruction Fuzzy Hash: B6225E70E0021A9BCF24CF95C4809BEFBF6FF49704B14815AE8569B641EB34DE82DB65
            Function 00C46A50 Relevance: .5, Instructions: 548COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 66804794f2aef107c725589fd86129a48603e63e49a5e6122f53b32c5ef22c8c
            • Instruction ID: 450529919fc76676ad5cbd4f220f24a0af95ec27a3fe7e235f16574cd87b0104
            • Opcode Fuzzy Hash: 66804794f2aef107c725589fd86129a48603e63e49a5e6122f53b32c5ef22c8c
            • Instruction Fuzzy Hash: 6F32AB74A01605CFCB24CF69C480BAAB7F1FF49304F248569E966AB395DB34ED41CB91
            Function 00D02446 Relevance: .5, Instructions: 485COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 68dc8f3665db01da9314099d642f4d286a933c946c2c4c9520080e98e7ebbfb4
            • Instruction ID: f50c5b3246e98c68bbbc67d9ee5b84ffc5205b5f052978be103082681344aa08
            • Opcode Fuzzy Hash: 68dc8f3665db01da9314099d642f4d286a933c946c2c4c9520080e98e7ebbfb4
            • Instruction Fuzzy Hash: F3020434A016518BDB24CF2AC898375B7F1AF95300B59819AE8DECF6C2D335D946EB70
            Function 00C95630 Relevance: .5, Instructions: 458COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
            • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
            • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
            • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
            Function 00D041A2 Relevance: .5, Instructions: 452COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b2df26d72c5308e7d2cbbbcddbe3a2263e57b387c63924a91e48a20ce9bb1e53
            • Instruction ID: debfa5dbba650cd29f26652d0de0954d17432dc9714f3d208eb83b46ee0bbdfe
            • Opcode Fuzzy Hash: b2df26d72c5308e7d2cbbbcddbe3a2263e57b387c63924a91e48a20ce9bb1e53
            • Instruction Fuzzy Hash: A10260B1E00215DFCB04CF98C490BADBBB2FF99304F698569D659A7391E731AD42CB60
            Function 00D1B16B Relevance: .4, Instructions: 450COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 53cc53805ffe59e3b9b87f5eb7c063283f408686c3b73eb1d1435c825d39fa21
            • Instruction ID: 31f2c3d03c45f36726c8ce4cf02f09fbcd73f57889be0922fcc929cf4e1070d7
            • Opcode Fuzzy Hash: 53cc53805ffe59e3b9b87f5eb7c063283f408686c3b73eb1d1435c825d39fa21
            • Instruction Fuzzy Hash: 7BF10872E006119BCB18CF69D9916BDFBF6AF98320719416ED496DB381DB34ED80CB60
            Function 00D1A9A6 Relevance: .4, Instructions: 425COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 923141280bb1f8a7f78ec88fa987b24d6d1998ae7b6c86ddcc8a5da52a0a7bda
            • Instruction ID: b97ee8808acec4f4a3f03feb5d4ea7daefcffeba6dd232bf765f58d883027fc6
            • Opcode Fuzzy Hash: 923141280bb1f8a7f78ec88fa987b24d6d1998ae7b6c86ddcc8a5da52a0a7bda
            • Instruction Fuzzy Hash: 28F1E872E015266BCB18CF6CD5905BDFBF1AF55310719416AD856EB381DB34DD80CBA0
            Function 00C64A35 Relevance: .4, Instructions: 423COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction ID: 42a33cbb9a4259a42962c2f72c8280348db4d69ae09a1a69daa31a9347790cc0
            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction Fuzzy Hash: D8F19D70E0061A9BCF29CFA9C580BAEB7F6BF49704F148129E915AB341E774ED41CB60
            Function 00CF2F30 Relevance: .4, Instructions: 412COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8276a756e66a57b040c0c7f6bf6fed6cdcff0b460310a0883cef8438b410848a
            • Instruction ID: 6ae3bdd182c38ba15c2778521af38b2df91f15de96ff5d75e3fbab851f6a98f9
            • Opcode Fuzzy Hash: 8276a756e66a57b040c0c7f6bf6fed6cdcff0b460310a0883cef8438b410848a
            • Instruction Fuzzy Hash: ACE13731E00289AFDB64DFA8D4407FEBBF1AF44310F14801AE596AB281D735AB49CB52
            Function 00CD892B Relevance: .4, Instructions: 386COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 554e686268138167a92f2ad3e88082a0827e8bf6150538c2c46b676c6ace7830
            • Instruction ID: 0c808d4f89bef7b9ad1513cb83c751a20d04654b19d8aeb49b35daad9448506f
            • Opcode Fuzzy Hash: 554e686268138167a92f2ad3e88082a0827e8bf6150538c2c46b676c6ace7830
            • Instruction Fuzzy Hash: 71D1E371A0061A9BDF05CF59C841BBEB7F1AF88304F19816BDA55E7380DB35EA09CB60
            Function 00C465D0 Relevance: .4, Instructions: 383COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6cedfac95f2842e28a77a72bae1b3959fb54c214e6a4ba1b57ca8364be327d58
            • Instruction ID: 9235846a4c19346f26cb34065ce07268303c256feee781d5fb5e7c3228a54950
            • Opcode Fuzzy Hash: 6cedfac95f2842e28a77a72bae1b3959fb54c214e6a4ba1b57ca8364be327d58
            • Instruction Fuzzy Hash: 97E18F71508341CFC714CF28C490A6ABBE0FF9A318F158A6DF9A587355DB31EA49CB92
            Function 00C38397 Relevance: .4, Instructions: 380COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 675a005f12b12d192b019d4dc04c9a89c42b9493093a49bf02db2001ccadadf2
            • Instruction ID: 18e35b1ca4368c3d6c1c12b20d1546e13b96d16a56167a6cd5abbe29de2f9b8b
            • Opcode Fuzzy Hash: 675a005f12b12d192b019d4dc04c9a89c42b9493093a49bf02db2001ccadadf2
            • Instruction Fuzzy Hash: 36D11571A10706ABCF18DF65C991ABA77B5FF44304F144229F822DB281EB30EE48DB50
            Function 00C6C6E0 Relevance: .4, Instructions: 367COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 77b86ec524d8001f0f71116788df55bb63cb72ecebb57582c75a68eb419e7a9f
            • Instruction ID: 1385f048de30b580cbe31d05c565c1297b411fab02ef5901abf9d518fe57bc50
            • Opcode Fuzzy Hash: 77b86ec524d8001f0f71116788df55bb63cb72ecebb57582c75a68eb419e7a9f
            • Instruction Fuzzy Hash: DFD17E31E042598BDF38CE99C5C53BDBBB1FB59304F24802AD4A6E7285C7748E42EB94
            Function 00C538E0 Relevance: .3, Instructions: 349COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 363fab2b0c1c80d0cb55d3a3ebd9086ad6dd77474b6cd8cca78bb4bb00b6c6d7
            • Instruction ID: b85b1cc6eeef68b45b1bb4492762c2be4ebf0ecc7c8091b7f73c81d03429aacb
            • Opcode Fuzzy Hash: 363fab2b0c1c80d0cb55d3a3ebd9086ad6dd77474b6cd8cca78bb4bb00b6c6d7
            • Instruction Fuzzy Hash: 4BE1AE75A00245DFCB18CF59C880AAAB7F1FF58350F288199E855EB391D730EE85DBA4
            Function 00D195C3 Relevance: .3, Instructions: 326COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: daeb3de6bb93429bd0f786bf435363e4864cee81e3b820cddf6ab7a9b620c17f
            • Instruction ID: 015885262a368f4889e51eaf5c6139cdca5b50b1a3999e55b882a68c5f514806
            • Opcode Fuzzy Hash: daeb3de6bb93429bd0f786bf435363e4864cee81e3b820cddf6ab7a9b620c17f
            • Instruction Fuzzy Hash: D7B177B1A102257FEB299B24DC65FFBB2ACEB04754F044299B919E61C1DF709EC48B70
            Function 00CC8243 Relevance: .3, Instructions: 322COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction ID: 63bf1c634a737cfb7185debcb0a7ff2fa0dba6bd6993cc24966d579fd97d4ca3
            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction Fuzzy Hash: B5B19E74A00604AFDB24DB94C945FAFB7B9AF84304F14846EE91297791DE34EE4ADB10
            Function 00C50535 Relevance: .3, Instructions: 300COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction ID: ed61790078bbc3b4e8601f6520ab2761dc47c93980f88673b7141cc4600ce4f7
            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction Fuzzy Hash: 1AB15A356006469FDB25CFA4C840BBEB7F6EF85304F244169E952D7281DB30EE85DB94
            Function 00C483C0 Relevance: .3, Instructions: 281COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3272e8f578bd0bb3de3a4b1624526b676e3cb6c15ee72b594d7fdb21a91299b9
            • Instruction ID: 16c7b8763a8506fee316cded9d77514b453463feea823a62a7c6bd88586d8fa2
            • Opcode Fuzzy Hash: 3272e8f578bd0bb3de3a4b1624526b676e3cb6c15ee72b594d7fdb21a91299b9
            • Instruction Fuzzy Hash: ACC158746083818FD764CF19C495BAAB7E5FF88308F44492DE99987291DB74EA08CF92
            Function 00C3C427 Relevance: .3, Instructions: 280COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4ff6cf37a69fdfc7d4098648f6c094603ac28160248c865c9d6774c8f1865081
            • Instruction ID: ca363aeee568a8e0118fd7a6aaa85c3c52d73985e91df68e85aacd4ef146bb0d
            • Opcode Fuzzy Hash: 4ff6cf37a69fdfc7d4098648f6c094603ac28160248c865c9d6774c8f1865081
            • Instruction Fuzzy Hash: 5CB18270A102658BDB34DF65C890BADB3B1EF44704F1085E9E50AE7281EB30EEC6DB61
            Function 00C6E5E7 Relevance: .3, Instructions: 278COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 39f120980fe62272db12c447a37c135a3541c31617ba7a1d78581478fa856913
            • Instruction ID: 0b3b4f933a3fbfdd79936478510d8183271330db7aec4bcdd4c955eafb1e5cfc
            • Opcode Fuzzy Hash: 39f120980fe62272db12c447a37c135a3541c31617ba7a1d78581478fa856913
            • Instruction Fuzzy Hash: 3DA16A35E006199FDB31DB99C888FAEB7B4AF01718F14012AF921AB2D1D7749E81CBD5
            Function 00C80185 Relevance: .3, Instructions: 276COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 287494bfbcbb2b6396c8615c5ba751dc5c56fd1884e060a89b55e201e166ca30
            • Instruction ID: 58861c142785da2d8c8c92ea423437c917d70689e875dc094b781040908806df
            • Opcode Fuzzy Hash: 287494bfbcbb2b6396c8615c5ba751dc5c56fd1884e060a89b55e201e166ca30
            • Instruction Fuzzy Hash: E7A10070B007159FDB64EF65C890BAAB7B4FF54308F204029EA15D7282EB34ED05DB94
            Function 00D14500 Relevance: .3, Instructions: 275COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9cc4a8d27ece3c8fff210f15f98036e6d4109faba70edfcd9e3afa2ebac9cd64
            • Instruction ID: 4dfc6ad0a3559495e22ff730caedf66236c5f43e9f871f517f37eec8176dfd4c
            • Opcode Fuzzy Hash: 9cc4a8d27ece3c8fff210f15f98036e6d4109faba70edfcd9e3afa2ebac9cd64
            • Instruction Fuzzy Hash: 98A11E72A00641EFC711DF18D981BAAB7E9FF48344F180528F589DB261CB34ED85CBA5
            Function 00D12B57 Relevance: .3, Instructions: 266COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction ID: 57b8ee6119a58a1a28225fab22a659cfb926fc5546464a9b64f00bd4f938b50f
            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction Fuzzy Hash: 4DB13B71E0061AEFCF14CFA9D880AEDB7B5BF48310F148169E914A7354DB31AD91CBA4
            Function 00CC60E0 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a11f4f735e634bfa21b142e21746a137ab86f0213c22b1167f61b1a827b5d392
            • Instruction ID: 6df97ea081d92aa4dd85e5b2a5ae2c5d8d1541b793c94937cb6a1d3461839172
            • Opcode Fuzzy Hash: a11f4f735e634bfa21b142e21746a137ab86f0213c22b1167f61b1a827b5d392
            • Instruction Fuzzy Hash: B491AD71E00225AFCB15CFA8D985FAEBBB5AF48710F19416DE610EB351D734EE409BA0
            Function 00C5E3F0 Relevance: .3, Instructions: 261COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c76de3ed309e6220199aa333a7ebcf259cc525fc3a64b6bfc5de1cfbd868cb19
            • Instruction ID: 7827314a48642266b82588cce815b36c00e5957f032fdf89481c8c94e2135e8b
            • Opcode Fuzzy Hash: c76de3ed309e6220199aa333a7ebcf259cc525fc3a64b6bfc5de1cfbd868cb19
            • Instruction Fuzzy Hash: 8A91683AA002119BD728DB69C441B7E73A1EF8571AF148069EC15DB381E734DF85D764
            Function 00C74750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
            • Instruction ID: 34a19e10d7155297f037cd25758276ab6edafb5ebdf33efe75048f25b274ca21
            • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
            • Instruction Fuzzy Hash: 37815C31A443D58FDB294EADC8C02ADBB55EF53300F28867AD856DB382C364DE46D792
            Function 00C8DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
            • Instruction ID: cc44d2b340f33b2c2dc988ad2c15211140a0aca0832662e0db6baa8a2c3545a9
            • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
            • Instruction Fuzzy Hash: C5915E72610A068FD725DF2DC885666BBE0FF55329B248A19E4F7DB6E0C335EA11CB04
            Function 00D0F7B0 Relevance: .2, Instructions: 242COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 44e72c29862a1fc828d9dbcc420320afc550537955202b4f6005a0c5fa66e904
            • Instruction ID: d6de608f8458e7a2321b299b50b6430be93e71b4281ff86d000ad1a286d12f59
            • Opcode Fuzzy Hash: 44e72c29862a1fc828d9dbcc420320afc550537955202b4f6005a0c5fa66e904
            • Instruction Fuzzy Hash: 3491B171A00206ABDB24CF28C8807AAB7E5EF48310F29C578E859DB6D1D774ED45DBB0
            Function 00D0F43F Relevance: .2, Instructions: 241COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bf7415c451ca76a85b06df5573423498fed26f82cd6ad7092eea1ee430b86882
            • Instruction ID: 2742684c6963e6d091ef5d861325b79049b5a64ee8ed5e58d18f7d56d2ed51ca
            • Opcode Fuzzy Hash: bf7415c451ca76a85b06df5573423498fed26f82cd6ad7092eea1ee430b86882
            • Instruction Fuzzy Hash: B991C372A001159BCB18CF69C8916BEBBF1EF88311F298179E859DB396D734E905CB60
            Function 00D081CC Relevance: .2, Instructions: 232COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 579e35db7300cebe8ec0f58f6269c31ee22ee0e2107c0a55015621fc0ce090f2
            • Instruction ID: 80c5dee0428e6486165539709fad0528b08237f19965beccc5c7452072bd270d
            • Opcode Fuzzy Hash: 579e35db7300cebe8ec0f58f6269c31ee22ee0e2107c0a55015621fc0ce090f2
            • Instruction Fuzzy Hash: 6E81A671E006159BCB14CFB9C8806AEB7F1FF88314B29422AD8A5E72C0DB74DD51DBA4
            Function 00C50E59 Relevance: .2, Instructions: 231COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 26cacaa2a4432b021404ee066cd507fbc52913095be05cac44396a70f03df7bb
            • Instruction ID: 122a220db50c76bb80c473f78407c7b133e681480047c6fb3a58db78095a2830
            • Opcode Fuzzy Hash: 26cacaa2a4432b021404ee066cd507fbc52913095be05cac44396a70f03df7bb
            • Instruction Fuzzy Hash: 8F81C535A005199FCB24CE5AC8849AEBBB2FFC5311B38C299EC549B345D730EE85CB90
            Function 00C96ACC Relevance: .2, Instructions: 226COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d59bf64958b8e86f0652cb8f58e8724810f6b4f8ede3df037812917f930b74f
            • Instruction ID: 684bbea7a2d8e8cca498d41f4d5a4f744743daa1b10f25a98f7940ed879df96e
            • Opcode Fuzzy Hash: 8d59bf64958b8e86f0652cb8f58e8724810f6b4f8ede3df037812917f930b74f
            • Instruction Fuzzy Hash: 5381B4B1A006169FDF18CF69C954ABEB7F9FB48700F10852EE455E7680E734E941CBA4
            Function 00CFE4F6 Relevance: .2, Instructions: 224COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b671425231a822b7c11593d2e6e2596cf26342cc7993c5d717c0528dcf6974c1
            • Instruction ID: e051f46facbbbbe701db534d0151a6c863b81e97b1a458ed5ffc9863dee9e95b
            • Opcode Fuzzy Hash: b671425231a822b7c11593d2e6e2596cf26342cc7993c5d717c0528dcf6974c1
            • Instruction Fuzzy Hash: DA81B172E002199BCB58CF58C8916BDFBF2EF98310B15816AE916EB391D734DE41CB90
            Function 00D0AB40 Relevance: .2, Instructions: 222COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction ID: d7712610d699597d6c02e1e8235fd7769a4717a867bf1a5e1ac273fb96b14108
            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction Fuzzy Hash: 5F818F35A102099BDF18CF5DC490BAEB7B2EF84310F198169E81A9B385EB74E901DB65
            Function 00C7E284 Relevance: .2, Instructions: 212COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 73f5496d61af5e93a08f7d0cbe71fef30d06add6ae560913aa41a52be67cf703
            • Instruction ID: 69748ff04e0e954d1832363072732a1d6c21d6a335d8d853ee47aea8ec83c403
            • Opcode Fuzzy Hash: 73f5496d61af5e93a08f7d0cbe71fef30d06add6ae560913aa41a52be67cf703
            • Instruction Fuzzy Hash: 6B819F71A00609EFDB25DFA5C880BEEBBFAFF48354F108429E559A7210DB30AD45DB60
            Function 00C6B950 Relevance: .2, Instructions: 209COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cca444670585dddb64e73453b5cc7e8afa10f4796006ecc579bbd25e6eb3728
            • Instruction ID: 666312a543d2c38c11bd61c3f8ce7fcbc461deb999315fd9560c78a874c3348b
            • Opcode Fuzzy Hash: 4cca444670585dddb64e73453b5cc7e8afa10f4796006ecc579bbd25e6eb3728
            • Instruction Fuzzy Hash: 9C71F5303042558EE734CE2AC9C173673E2AB95708F24855DF9A6CB1C6D735ED82EBA1
            Function 00C5C640 Relevance: .2, Instructions: 206COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b3b20dadc0037f59d23446d1381e7252a6abf3c9958bfaab7e621beb591e3355
            • Instruction ID: 1c802966a8c0fac61065098600681be696052851738572568dfa841105df128f
            • Opcode Fuzzy Hash: b3b20dadc0037f59d23446d1381e7252a6abf3c9958bfaab7e621beb591e3355
            • Instruction Fuzzy Hash: 8771D179D00226DFCB25CF59D8907BEBBB0FF59714F24411AE852AB390DB349948CBA4
            Function 00CF47A0 Relevance: .2, Instructions: 202COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dec7b093805abbec103e3dc946d061b2e08d5c5c18bb393f4138316513d9cda8
            • Instruction ID: 7436213de9b42199af80b7ca38d6dd35ce4efe19f3c257d3c99148f2ca9c016c
            • Opcode Fuzzy Hash: dec7b093805abbec103e3dc946d061b2e08d5c5c18bb393f4138316513d9cda8
            • Instruction Fuzzy Hash: F0717D71A00308EFCB54DF99E945AABBBF8EB81310F10816AE614E7365C771CE40EB65
            Function 00CFDAC6 Relevance: .2, Instructions: 202COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c837c00c04b05b23d43d359beb9e68442529227aad112bbd5cb34e79c83c9109
            • Instruction ID: 3c9360f6b906930a6df4de7b0e051e12a0d5efed0258590132d7a647733d4591
            • Opcode Fuzzy Hash: c837c00c04b05b23d43d359beb9e68442529227aad112bbd5cb34e79c83c9109
            • Instruction Fuzzy Hash: 4281AB70E003499FCB64CF6AC444ABABBF2EF49704F10845DE6A6AB245D374D981EF61
            Function 00C5260B Relevance: .2, Instructions: 201COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fac23e753aa9f0cc284e33720f25d658bc3b2fee6733ea950368a1c9df12ab91
            • Instruction ID: 2e1e7b7800a233e82433461b28b3acb54213f957f7583c34233e7ca4d8660a8f
            • Opcode Fuzzy Hash: fac23e753aa9f0cc284e33720f25d658bc3b2fee6733ea950368a1c9df12ab91
            • Instruction Fuzzy Hash: 2771CF396046418FC311DF28C480B2AB7E5FF89315F0985A9F8A9CB352DB34DD8ADB95
            Function 00D070E9 Relevance: .2, Instructions: 201COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 319f9b08887bfc09aa6160497ffce44f501ba425d9f8655545d21a5ec731b0cc
            • Instruction ID: d0ad3c5e67b175bdbd008c7af03c15d4510ba3c23ef7a467a51451b0f3e9f7c2
            • Opcode Fuzzy Hash: 319f9b08887bfc09aa6160497ffce44f501ba425d9f8655545d21a5ec731b0cc
            • Instruction Fuzzy Hash: B861B375E042169BCB10AEB5C881BBFB369BF54300F144429E859AB2C1EB70FD459AB1
            Function 00CFF0CC Relevance: .2, Instructions: 199COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 856ac60597fb2d4b3f02fa7e899771c5f8d84063b2af9baf1fcaa81b9663e723
            • Instruction ID: 194acceafe574a8632ec42e235bf0ee02f18c6451d8b133166cb94ce11e39405
            • Opcode Fuzzy Hash: 856ac60597fb2d4b3f02fa7e899771c5f8d84063b2af9baf1fcaa81b9663e723
            • Instruction Fuzzy Hash: 1E718E79A0072ADBCBA4CF5AC48027EB3F1FF44705B64847EDA6297240D770AE52DB61
            Function 00CD62A0 Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8c332eaf3ef690ef76af5f427873034a21c7ba2596d3eb11ec3f2b3d33cc611e
            • Instruction ID: 11bf5a6eb2c252bb63d800fb307afa20799bd8e11e7664294b5e9617d5a3f201
            • Opcode Fuzzy Hash: 8c332eaf3ef690ef76af5f427873034a21c7ba2596d3eb11ec3f2b3d33cc611e
            • Instruction Fuzzy Hash: 5C710032200B01AFDB31DF14C885F6AB7E5EF40764F15492AE6269B3A1DB74EA84DB50
            Function 00CC035C Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction ID: f7e84ba94a5327e95d8699f1f342bf63e177880411a47d64c2e0b816e999da14
            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction Fuzzy Hash: 83719A71A00608EFCB10DFA9C985FAEBBB8FF48300F144569E905EB251DB34EA45DB94
            Function 00C48AA0 Relevance: .2, Instructions: 197COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ccb38a112f272737de9a0654d5f49b8db2f09e85a2d32611800bd13da26988a7
            • Instruction ID: d94a6254cd42ebaec4e5d4d564d8ffa80ef4313ba743fb56a356d22b51edf81e
            • Opcode Fuzzy Hash: ccb38a112f272737de9a0654d5f49b8db2f09e85a2d32611800bd13da26988a7
            • Instruction Fuzzy Hash: 3481B471A053168FCB14CF98D880BAD77B5FF49328F194269D810AB391C778AE45DBA4
            Function 00D07A46 Relevance: .2, Instructions: 193COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4e170167493727f8e1259c4e458e1d3f3a5b66bc177f8599f93517239c28967a
            • Instruction ID: fd5c31683338675d0c782b3e02f36cb47a5904edb453e9d14497f5018fd788c0
            • Opcode Fuzzy Hash: 4e170167493727f8e1259c4e458e1d3f3a5b66bc177f8599f93517239c28967a
            • Instruction Fuzzy Hash: 2F51F775E0412A5BCB149E69C880BBEB7E2EF88310B184159E859DF3C5DA34ED52C7B0
            Function 00D18324 Relevance: .2, Instructions: 192COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 34281fef582ec74acaab6561821983fdc2a11affb356580cddb6c29f0883e6dd
            • Instruction ID: 7dbf93e0ffaf82d8387b77a41352b2625aa88f3cf05ebd23005deec544e9e6c3
            • Opcode Fuzzy Hash: 34281fef582ec74acaab6561821983fdc2a11affb356580cddb6c29f0883e6dd
            • Instruction Fuzzy Hash: D3714A71E00209BFEB15DF94D845FEEBBB9FB04750F104229F920A7290DB74AA45DBA4
            Function 00D0132D Relevance: .2, Instructions: 188COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5798f4a51e54e63ad945cbb58558220d9a3b183e1ec56fd75776d0ca3b2f0c7b
            • Instruction ID: c4cdfea7ad735bb23ec0bf2bf423e4980d2cd403f8bed260a4e6e7ca9aa6b588
            • Opcode Fuzzy Hash: 5798f4a51e54e63ad945cbb58558220d9a3b183e1ec56fd75776d0ca3b2f0c7b
            • Instruction Fuzzy Hash: 03816075A00245DFCB09CF68C591AAEB7F1FF88300F1581A9E859EB395D734EA51CBA0
            Function 00CFA250 Relevance: .2, Instructions: 184COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 63d34cea1eb64fe5b856925c0b3bc97a51eebdad9ae3080ea0431304a12004c3
            • Instruction ID: 4a6db347a0db751f602b9fe6f9ec688d3eb25924f69006697bdf00b1b140143c
            • Opcode Fuzzy Hash: 63d34cea1eb64fe5b856925c0b3bc97a51eebdad9ae3080ea0431304a12004c3
            • Instruction Fuzzy Hash: 8951BEB2504616AFD351DE68C885B6BFBE8EB85750F010929BA58DB250D770ED08C7A3
            Function 00D0CE93 Relevance: .2, Instructions: 172COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
            • Instruction ID: ff2afdf87f3b3892d62d5f21e134d94866bb284252bce1b0dfa0c03b783c18e9
            • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
            • Instruction Fuzzy Hash: E45123326152028BC710DF29885176BBBD7AFC1350F19966DE89DC72C6EA30DC0A87B2
            Function 00CE8350 Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 099715b69717618c646b952d13fa9b3e2cbc9e905ed43af5a268597af7402125
            • Instruction ID: 23e4da5ebd5c0a81de82e00ff6a192946e443fac6dca86addf0dcc2f2852ff8a
            • Opcode Fuzzy Hash: 099715b69717618c646b952d13fa9b3e2cbc9e905ed43af5a268597af7402125
            • Instruction Fuzzy Hash: 5A51CF709007459FD721DF66C884A6BFBF8FF54710F20461EE19A576E1CBB0A949CB50
            Function 00C7E443 Relevance: .2, Instructions: 158COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a24bd5e77187258d45f53354df2d4f6436e257a3eee8d2c7785b22d2555fc4a1
            • Instruction ID: a73e3e2ca74749567116827ab04b82bb1bbf4c71e88de594804b9f2cb535d5e5
            • Opcode Fuzzy Hash: a24bd5e77187258d45f53354df2d4f6436e257a3eee8d2c7785b22d2555fc4a1
            • Instruction Fuzzy Hash: DA519E72200A44DFCB21EFA5C980EAAB3F9FF08784F404569E65697261D734FE44DB60
            Function 00CE4180 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d84ff1ca953188b8d3d917f37eb568c4805a184a3954c36dd5251fb550f96daa
            • Instruction ID: 892f0111cd640c0c28a6e3f73d1c4de52546f5912dd8f616ef80aaae66d6e678
            • Opcode Fuzzy Hash: d84ff1ca953188b8d3d917f37eb568c4805a184a3954c36dd5251fb550f96daa
            • Instruction Fuzzy Hash: 51515A716083819FC758DF2AC881A6BB7E5BFC8318F544A2DF595C7260EB30DA05CB56
            Function 00C645B1 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction ID: 767060f02c848e023a68e8306d8d5ab1782c9734c4a94636315311065814ac4a
            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction Fuzzy Hash: EE51BE71E0061AABCF29DF94C481BEEBBB9EF45354F14406AE911EB241D734DE44CBA0
            Function 00CC3A6C Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 54888c6dabd6baa014e8d7ec74d5d4c65461949356618e2afc0beffa54b577b2
            • Instruction ID: 3fa3a684831e99306113f2db8bd78010c0ee409007cd60732bff7a6378dbf331
            • Opcode Fuzzy Hash: 54888c6dabd6baa014e8d7ec74d5d4c65461949356618e2afc0beffa54b577b2
            • Instruction Fuzzy Hash: 15518C72E4015D4BEF24CA58E471BEFF3E2EB80310F44482AF955BB3C0C6A66E46D664
            Function 00CBD800 Relevance: .2, Instructions: 155COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 47843876436341a116d19142d78d906c7dec801d63d2f16526f0a561a77a0edf
            • Instruction ID: 6f1f33df522d2ac58e2bbde53ccee8381faaee8036ceac5e7f95dfedf5185f65
            • Opcode Fuzzy Hash: 47843876436341a116d19142d78d906c7dec801d63d2f16526f0a561a77a0edf
            • Instruction Fuzzy Hash: 7051BE70A00216ABCB14DFA9C480AFEB7B4FF45701F1441A9E952DB680FB759E50DB90
            Function 00CCE9E0 Relevance: .2, Instructions: 154COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction ID: 8d15049322afcfc4c53d90c5544cd82f1d48bb3bb85ed3193a8c767a0da6a188
            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction Fuzzy Hash: 3851B731D00219EFDF209F94C8A5FBEBB75AF02324F25466DE92267191D7349E40DB94
            Function 00D07571 Relevance: .2, Instructions: 153COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eb517c8af4060be9d3151ce989c2312e3c7b6a3cfa93d2d45b8f8e68bafbec92
            • Instruction ID: de34ad152edce4e6368669a09805599a19d0eb99dbf9c4c23f31aa06a54badfb
            • Opcode Fuzzy Hash: eb517c8af4060be9d3151ce989c2312e3c7b6a3cfa93d2d45b8f8e68bafbec92
            • Instruction Fuzzy Hash: 7A51E431E042199BCB14DB68D844BAEBBB5FF48340F584129E90AEB291DB71BD11CBE0
            Function 00CCCBF0 Relevance: .1, Instructions: 148COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3ed2c92156b4838de5532ba4aad40e055d0ac0a40395f422a126ed8f70e75e31
            • Instruction ID: c7b3589dbbce84606ea73da4f20020f52ecada29aea0cfd7572dfa07c774df0b
            • Opcode Fuzzy Hash: 3ed2c92156b4838de5532ba4aad40e055d0ac0a40395f422a126ed8f70e75e31
            • Instruction Fuzzy Hash: F8517C75900215EFCB20DFA9C9C0E9EBBB9FF48354B558569E51AA7301D730EE41CBA0
            Function 00CC5BF0 Relevance: .1, Instructions: 145COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d939730c6a766cd96efbbeca811b0c4318d7bf8ce3717bc0ae8e829a13562d1a
            • Instruction ID: ca30b98753d2172b84d22b29e3bdf64c92e24fb2decad74fecfcbffa83187dbf
            • Opcode Fuzzy Hash: d939730c6a766cd96efbbeca811b0c4318d7bf8ce3717bc0ae8e829a13562d1a
            • Instruction Fuzzy Hash: B541F471B40B04AB8B15FBB8D913F6E76E0AF09B11F10812EF803E7381DA74E94467A5
            Function 00C7A430 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e2847232ecd0bff0a27725ac48dc1e21002c44c862cec24c92dacdffb320b449
            • Instruction ID: 825c6c77b3eaed4cba49dc30faf455a5a9987e8368817d8a740096f97c9b9643
            • Opcode Fuzzy Hash: e2847232ecd0bff0a27725ac48dc1e21002c44c862cec24c92dacdffb320b449
            • Instruction Fuzzy Hash: 5E41F135740701ABCB18EF69DC92B6FB765AB95704F404028FD0ADB352DBB19D009769
            Function 00D0A9D3 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction ID: 53694bf84a41ae3340947cc7e56bf4317af5707d5f5c1eddcad761a54c500403
            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction Fuzzy Hash: 4841C9727047169FC724CF18C980B6AB7A9FF80310B19462DF95A876C1EB30ED14C7A5
            Function 00C701F8 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4c278244de4ff13fc27197ce4850c668072799436ab8adce592f8110fd7f90c8
            • Instruction ID: f04b27f48df1e260ef0fce9af1d64dcd639d4448e3167b5f7476807857667484
            • Opcode Fuzzy Hash: 4c278244de4ff13fc27197ce4850c668072799436ab8adce592f8110fd7f90c8
            • Instruction Fuzzy Hash: 8B41BD36A00219DBCB14DFA8C444AEEF7B5BF48710F34816AE829F7251E7359D41CBA4
            Function 00C6EBFC Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2af7ecdfedd43e8c11e169442d033291bcfe7fd44b6a8d80825445f7dfbbbde3
            • Instruction ID: 0098481053c14c3144b5a241c0df77bcd590c1846a802fac1712457d30334026
            • Opcode Fuzzy Hash: 2af7ecdfedd43e8c11e169442d033291bcfe7fd44b6a8d80825445f7dfbbbde3
            • Instruction Fuzzy Hash: 8E41CD75604301AFDB20DF64C885A2BB7E9FB89318F10483EE956C7211EB30E949DB54
            Function 00C82750 Relevance: .1, Instructions: 137COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction ID: 2ff4af1a424b5c1c23bd53692c220db225c78bdd5fac77c8dee5d9a151a34b02
            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction Fuzzy Hash: 94513775A002199FCB14CF99C580AAEF7B6FF85710F2481A9D8A5A7350D770AE82CB91
            Function 00C46154 Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3e3bebcbaef4c44f9cfd2fa02f42da701c91cec1bee3a1681e9788391c5e7357
            • Instruction ID: 7b9244ad87955262fedcae84cd2bed97adf25beeab1c9ebf1fe853c8f9ab761e
            • Opcode Fuzzy Hash: 3e3bebcbaef4c44f9cfd2fa02f42da701c91cec1bee3a1681e9788391c5e7357
            • Instruction Fuzzy Hash: AC51F670900216EBDB35DB64CC01BE8B7B1FF06318F2482A9E529A72D6D7749E81DF91
            Function 00C40BCD Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ad2dd1b96ca72dcc01496a13d306b24e2482c024fc8b32966807133ad466fc4d
            • Instruction ID: f0638dfb081e7a08702b78d9d4ef9a94a9de122c2de5a09b72228c3f14b6dcf1
            • Opcode Fuzzy Hash: ad2dd1b96ca72dcc01496a13d306b24e2482c024fc8b32966807133ad466fc4d
            • Instruction Fuzzy Hash: A741BF36A40228DBCF21EF64C985BEA77B8FF55740F1101A5E908AB241D734DE84DF96
            Function 00D0866E Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction ID: eb561f6b143ea44ddd41b4ba27c26e431768ecfc8666d461a76d7628a798597a
            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction Fuzzy Hash: 4C41A575B00215ABDB14DB99CC85BAFB7BAEF84300F694069E48997385DE70DD04DB70
            Function 00D0F0E0 Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bec7367a1376aa2acfc1e4808def1a2e8b3b754a2f1b82010958c81e5110b187
            • Instruction ID: 77a752fbae1013505f51a6a034b20a4b7d197644416c0ff552b049d3f48e6ca2
            • Opcode Fuzzy Hash: bec7367a1376aa2acfc1e4808def1a2e8b3b754a2f1b82010958c81e5110b187
            • Instruction Fuzzy Hash: 1941C1712083418BD714CF25D8A597ABBE1FFC9715F14896EF9998B382C734D809CBA1
            Function 00C40887 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cbe586b0c8e03b15ea3ddb5494156d3fbeb2a01bff6f769474d649819b3a99fb
            • Instruction ID: 726e88b05919be4fe0a1df03682ff7239bb3e13520276b835b21364f4bfcb321
            • Opcode Fuzzy Hash: cbe586b0c8e03b15ea3ddb5494156d3fbeb2a01bff6f769474d649819b3a99fb
            • Instruction Fuzzy Hash: 544113B16007019FD724DF25C480A22B7F9FF59304B208A6DEA57C7A52E730F945DB90
            Function 00CED5B0 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3e74749bf777b29e52760b3459e1387da18c411dfe323b56f582aaf57ff90c6e
            • Instruction ID: 762b80f83a85cec3f8badf3951785d93109a4507a86cf2beae77c40dda38fb89
            • Opcode Fuzzy Hash: 3e74749bf777b29e52760b3459e1387da18c411dfe323b56f582aaf57ff90c6e
            • Instruction Fuzzy Hash: 0E410530A082D59FCB14CF2AC4956BAFBF1FF59300F058899E4D68B246C735A956EB60
            Function 00C48BF0 Relevance: .1, Instructions: 124COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fa72be108f1ad5a0b9ce30bd8394d6b5d519dc5a128cfda8cb27063a1290356e
            • Instruction ID: b62fdc8b4ab67e736e5dda566f7ec66936ba1f36f14c288adc334682dfa7e4cd
            • Opcode Fuzzy Hash: fa72be108f1ad5a0b9ce30bd8394d6b5d519dc5a128cfda8cb27063a1290356e
            • Instruction Fuzzy Hash: 7241F531A01312CFCB14DF59C881A5EB7B5FF85714F28812AE8119B7A1CB79ED46DBA0
            Function 00C38918 Relevance: .1, Instructions: 123COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d61f124d513873bf9bcb85bdde3eec3bca6d21048db41bcb71f66226764585bf
            • Instruction ID: dfb3953a91efd9b89de4e63701aa2ce4f0f3594fb81bd15cd6b7de00e775428a
            • Opcode Fuzzy Hash: d61f124d513873bf9bcb85bdde3eec3bca6d21048db41bcb71f66226764585bf
            • Instruction Fuzzy Hash: 8D41AD31518706AFD311DF65D981B6BB7E8EF84B54F00092AF990D7250EB30DE488BA3
            Function 00C3A020 Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction ID: 2dbae5bd52b9f63ea77b03a8e7623556eab7fe731ab24a4affa833349f583c9f
            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction Fuzzy Hash: 48418035A00211FFDF14EE9599487BEB371EB50710F15806AE8968F240D7318F50DB91
            Function 00C409AD Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5e93fc6f9accc19ed8c1ee0a2ca3a2becc4f9d179afaaa3b054c558882fad0d8
            • Instruction ID: 03262ba59afe8cfef25611e133a4d62daa66d0017636caafd539511dc9fe71c4
            • Opcode Fuzzy Hash: 5e93fc6f9accc19ed8c1ee0a2ca3a2becc4f9d179afaaa3b054c558882fad0d8
            • Instruction Fuzzy Hash: E9417771A80700EFD721DF18C841B2AB7E4FF58314F24896AE9598B252E770EE42DB90
            Function 00C70710 Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction ID: b0a42bc8359b46b6d8e356613e4db039925eba1bdc423c5143b4d9d9a0eba5c8
            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction Fuzzy Hash: 85411975A00605EFCB24CF99C980AAAB7F4FF18700B20896DE56AD7691D330FA44DF50
            Function 00C4262C Relevance: .1, Instructions: 119COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a0a3c5da4846f5c4f6598f66ae4fecee95e7fe6debcd674e2eafb5e9f6cffd22
            • Instruction ID: 536774ab23dd693f913d060eee43240419373d41d17bf75fdea4eedf8206c651
            • Opcode Fuzzy Hash: a0a3c5da4846f5c4f6598f66ae4fecee95e7fe6debcd674e2eafb5e9f6cffd22
            • Instruction Fuzzy Hash: B941B070901700DFCB21EF25C942B69B7F1FF49310F6582A9F4169B2A1DB30AA81DB61
            Function 00C7C8F9 Relevance: .1, Instructions: 116COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 005440a5eeda5f39a860401480483b50d3e4db5fa26c37826cdb910ed9aca7fc
            • Instruction ID: adf69c177946004cbfcc78572b643f17a4cbd0d276f10423cc0fca6a1c02a876
            • Opcode Fuzzy Hash: 005440a5eeda5f39a860401480483b50d3e4db5fa26c37826cdb910ed9aca7fc
            • Instruction Fuzzy Hash: AF31A8B1A00205DFCB51CF98D040799BBF0EB08724F2081AEE119EB291D732DA42DF90
            Function 00CC07C3 Relevance: .1, Instructions: 114COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 86fb449860616c38d92531dc96a0cf36c85503844150235b413c33e1a6bb52fb
            • Instruction ID: b97132377ab9e279dbe88abf4c18959b38ac9a003070f50d97ad786976928385
            • Opcode Fuzzy Hash: 86fb449860616c38d92531dc96a0cf36c85503844150235b413c33e1a6bb52fb
            • Instruction Fuzzy Hash: A4416B72504311DBD320DF28C845B9BBBE8FF88724F108A2EF598D7291D7709904DB92
            Function 00D0EEDB Relevance: .1, Instructions: 113COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abed397de844af66f5cabccf3b2d892a2cc79478d5484c5740751fd4ca260c3b
            • Instruction ID: f98bb61891c4f74364788520aff39d9fdb0043351c52575cb0ea66891f9feebc
            • Opcode Fuzzy Hash: abed397de844af66f5cabccf3b2d892a2cc79478d5484c5740751fd4ca260c3b
            • Instruction Fuzzy Hash: 3E419433A0412A9BCB18CF68D4915B9B7F1FF48304B5641BDD909EB291DB74BD45CBA0
            Function 00D0FA49 Relevance: .1, Instructions: 113COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3aff06a486fdf5113e128caf5ce4730654ee9c1f936346599d04a54ff2dd412e
            • Instruction ID: bbd69fd2e38f2f1518e20e9bcd42e67c360d6de804de08205fd34bca213b853f
            • Opcode Fuzzy Hash: 3aff06a486fdf5113e128caf5ce4730654ee9c1f936346599d04a54ff2dd412e
            • Instruction Fuzzy Hash: 3B3114327001069BC728CF29CC44BA77B96EF99350F288538E91CCB6C5EA78D945C7B4
            Function 00C380A0 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d39e0b30e09c580c6aeb7a5d467c4660f2759d34053af690c330e9c313b25d0d
            • Instruction ID: 1af9d79b4b02bcece2e0256196f9e10f4cf83d1f6c2871d7c4bdd71dc2962f6e
            • Opcode Fuzzy Hash: d39e0b30e09c580c6aeb7a5d467c4660f2759d34053af690c330e9c313b25d0d
            • Instruction Fuzzy Hash: D741F271A25715AFCB00DF15C9416ADB7B1FF44760F248229F826A7290DF34EE4A9BD0
            Function 00CC05A7 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 56ca76d3f4b0ad65da9d793debb68a7c2c37a4deeb398b59a1ba1101d75ce36e
            • Instruction ID: 4d603b502c883ebad073fb4aa85fa45f87dd988ca4e9d59a5a76b207602c1561
            • Opcode Fuzzy Hash: 56ca76d3f4b0ad65da9d793debb68a7c2c37a4deeb398b59a1ba1101d75ce36e
            • Instruction Fuzzy Hash: E9419F726046519FC321DF68C841F6AB7A9FFC8740F24062DF8A597691E730EE14C7AA
            Function 00C44859 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 53086ee785f31ecd94042f66fce525971896d41fa56cb9211f134f6fc8ab3ab8
            • Instruction ID: cdb3b5b0c26a035971e86336eb006fd882b68616b7abf8790ebae7f0f69ff3a9
            • Opcode Fuzzy Hash: 53086ee785f31ecd94042f66fce525971896d41fa56cb9211f134f6fc8ab3ab8
            • Instruction Fuzzy Hash: AC41F5316003028BD728DF28D884B2BB7E9FF913A5F24442DF9658B2A1DB30DE45DB51
            Function 00C38B50 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3fac17b4bc674efd9f6ff47b9c59b5e2d792aea1bbc789e7254a6d1fc8f93746
            • Instruction ID: 7f81cb54c946f7c1f6cd403bc95049fb9e4ffaf74a67b614068f69790e17f630
            • Opcode Fuzzy Hash: 3fac17b4bc674efd9f6ff47b9c59b5e2d792aea1bbc789e7254a6d1fc8f93746
            • Instruction Fuzzy Hash: B741BEB1A11705DFCB14CF69D98099DB7F1FF88324F20862AF466A72A0DB34AD45DB50
            Function 00C502E1 Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction ID: 0ed7daf7960a4cf9ca49b839266b24a39d4d7278aa4070da9292bf5dcb5fbacb
            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction Fuzzy Hash: 69312835A01244AFDB118B68CC44B9ABFE9EF05354F144165F815D73A2C3B4D988DBA8
            Function 00CEE3DB Relevance: .1, Instructions: 105COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 18951cc73669ca21c1103b26d862a8ba6dcf66a0c020694f2106344efc59bbc1
            • Instruction ID: 8b54a5dcc99df29c258a5e7c8f48f4adccf6f1923a3d6615649915b7597739e8
            • Opcode Fuzzy Hash: 18951cc73669ca21c1103b26d862a8ba6dcf66a0c020694f2106344efc59bbc1
            • Instruction Fuzzy Hash: 5431C835750755ABD722AF968C81F6F76A8EF48B94F100028F600BB3D1DAA4DD44D7A4
            Function 00CF4B4B Relevance: .1, Instructions: 104COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f935a5753ec12980f6f19335389e5042d39902b5ef5ebbdc2f9a97b05fe27b6d
            • Instruction ID: dd935a2c4c07123c580a76954d3e4ec00d3668959f65a397136c9ca8f658facb
            • Opcode Fuzzy Hash: f935a5753ec12980f6f19335389e5042d39902b5ef5ebbdc2f9a97b05fe27b6d
            • Instruction Fuzzy Hash: CE31D2322056049FC728DF19D880E66B7F5FB81360F06846DEAA58B361D730ED05DBA6
            Function 00C44260 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1f3e074a35412c79b25238f2acf842def87c1b05862cf1491b1ac51e5ca0a00b
            • Instruction ID: 6de637f8f9a60f7abf570e0b52c2fb75c77d677c6669fbd192689a01e9a42d6e
            • Opcode Fuzzy Hash: 1f3e074a35412c79b25238f2acf842def87c1b05862cf1491b1ac51e5ca0a00b
            • Instruction Fuzzy Hash: 3441E031100B46DFC726CF24C885FD677E4BB4A794F208529E9698B260C774E944DB60
            Function 00CF4BB0 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 62fc41e31d330972a2d4bd18ad97a55c6237a61e640a7d99da73795a1b70a979
            • Instruction ID: 5d94ec1b8b1a2802f179710cf4ab90137489a6008c56c53d085be8b285d55031
            • Opcode Fuzzy Hash: 62fc41e31d330972a2d4bd18ad97a55c6237a61e640a7d99da73795a1b70a979
            • Instruction Fuzzy Hash: E1319A312053059FC728DF29D880A2BB3E5FB84720F054529FAA98B391E730ED048BA2
            Function 00CBEB1D Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 17735acbe9f1b73ed3503eede6d9ab3e2bd0d7d2f504332517f7659da4eae1d0
            • Instruction ID: c14556d070deeadfd427e565506ba6e246ddbf100ab630002b1d720e620816b3
            • Opcode Fuzzy Hash: 17735acbe9f1b73ed3503eede6d9ab3e2bd0d7d2f504332517f7659da4eae1d0
            • Instruction Fuzzy Hash: 6E31C4312016C19BE7225769CD49FE57BE8AB40F84F1D00A4BD569B6D2DB28DE80D22C
            Function 00D061C3 Relevance: .1, Instructions: 97COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fa5d3592047bf948f12b51dc9d871320bcc11226a2c06654e2593ffd39f48802
            • Instruction ID: 45432b026b71760339a58efddfdd267ea916d8e9811a511c43fc7626d8a5a342
            • Opcode Fuzzy Hash: fa5d3592047bf948f12b51dc9d871320bcc11226a2c06654e2593ffd39f48802
            • Instruction Fuzzy Hash: F531E175A0025AAFDB15DFA8CC41BAEB3B5FB44B40F454168F904EB285D770ED50CBA8
            Function 00CE483A Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 45ab98720c1ec2d59c1c5114227bfb1c5550f6f539fcc9d5e97720995f6196fd
            • Instruction ID: 634dbfa0036654f8543c41cf80cfb91fb1283fd8671dbbae3c6ab37aa56371da
            • Opcode Fuzzy Hash: 45ab98720c1ec2d59c1c5114227bfb1c5550f6f539fcc9d5e97720995f6196fd
            • Instruction Fuzzy Hash: 03318F36A4016CABCF21DF55DC89BDEB7BAEB98350F1000E5B908A7251CB30DE919F90
            Function 00D06BD7 Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4912f48be33928455d4bcc279fa5f5547e3baf25cb2245a5f726ec832fbdf63
            • Instruction ID: 3270be9c40d831eeef9fa5a04a1acb12a0b1f734b1c035f3e496c360d9496fbe
            • Opcode Fuzzy Hash: a4912f48be33928455d4bcc279fa5f5547e3baf25cb2245a5f726ec832fbdf63
            • Instruction Fuzzy Hash: BF3168316102049FDB14CF69D885A9B7BE4FF48340F8584AAF948DF28AD270E959CBA4
            Function 00D060B8 Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 40633ad6b6115295feb958aa738cefddd4ecbbd6faf6a4a401cbc2cab1b40887
            • Instruction ID: 5147ddcdfcf4ea696c588b06d65394d8e084536c135eebb5b3930f22fc0e7ba3
            • Opcode Fuzzy Hash: 40633ad6b6115295feb958aa738cefddd4ecbbd6faf6a4a401cbc2cab1b40887
            • Instruction Fuzzy Hash: DB31EE31B40705AFDB129FA8CC51BAAB7B9EF44754F140069F509DB392DA70ED009BB1
            Function 00C407AF Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 03faae5397eb3fed974f8ef92405e6aa19bbf59672cf5b6326183fb2a5761956
            • Instruction ID: 5945edf855e82ee2b53e6ca8f8da99b9e8d1f4eb7b6722642fb973efa44f2532
            • Opcode Fuzzy Hash: 03faae5397eb3fed974f8ef92405e6aa19bbf59672cf5b6326183fb2a5761956
            • Instruction Fuzzy Hash: D531E332A44711DBC711DE248980E6BBBA5BFD4360F214529FE55A7391EA30DC01A7E1
            Function 00C48550 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bf1704c238d81ebcb07e3d97881c4549e0362bb55e71cd1804ec5b4ac52cc155
            • Instruction ID: 7114776d2d7d33852be648616c67dd80ddc72b3d5efd78443f88c53fe79d4dc5
            • Opcode Fuzzy Hash: bf1704c238d81ebcb07e3d97881c4549e0362bb55e71cd1804ec5b4ac52cc155
            • Instruction Fuzzy Hash: 1E317A716093128FE320CF19C840B2BB7E4FB98B14F15496EF9A597291DB74ED48CB91
            Function 00C7A6C7 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction ID: 111737b6cb07f0cc14bdfc9bc6e3a7ab51ba7c30549b6c046b96aa9dac411d77
            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction Fuzzy Hash: 29313C72B00B00AFD764CF6ACD41B5BB7F8BB48B50F14492DA5AAC3650E630E900DB65
            Function 00CEEBD0 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f06404257dd0645717327adb087c377be0dc27f6ea0f0bcc776b629d76e1bf2c
            • Instruction ID: 416c4f1d87a012e78de8e9b8c8cf82682e6cb5a77e87e6c7bb2ddff0a7e1b9fc
            • Opcode Fuzzy Hash: f06404257dd0645717327adb087c377be0dc27f6ea0f0bcc776b629d76e1bf2c
            • Instruction Fuzzy Hash: F43198B16053819FC710DF1AC54091ABBF1FF8A354F1489AAE8989B351E330DE49CBA2
            Function 00C6438F Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1b1a77c3d9073b622fe76f5938ce1ac881c7e328e6d1ce4e3985c7620fb86e6
            • Instruction ID: 28aa7ac6dde80d24381ea3b5fb0af4e09025476def33a3e700d5c40c4a75d4f4
            • Opcode Fuzzy Hash: c1b1a77c3d9073b622fe76f5938ce1ac881c7e328e6d1ce4e3985c7620fb86e6
            • Instruction Fuzzy Hash: 9231D431B002059FC728EFA9C9C6B6EB7F9AB84304F108529E405D7691DB30EE45DB90
            Function 00C3CB7E Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction ID: 9e13b07156f7e839b0a44cd40bc3031c3cff894c5e417b1a2434e1d557f34466
            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction Fuzzy Hash: EE210136E5025AABCB119BB58841BAFB7B5EF04780F158035AD25FB350E230DE0087E1
            Function 00C3C156 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2820746b30feec78295970c33a82fa1d473e227ede4d941910ad83df9fb66409
            • Instruction ID: 599b58446bf6bc0889d2bf61b390401102c7219c449a8eaf87f93f8b16269bd2
            • Opcode Fuzzy Hash: 2820746b30feec78295970c33a82fa1d473e227ede4d941910ad83df9fb66409
            • Instruction Fuzzy Hash: D13149B55002009BCB20AF24CC46BA977B4EF41304F5481A9ED46AB342DA34DEC6DBA0
            Function 00CFC3CD Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction ID: a79f6501f5df37f9b5443e742fc7d42fe7ffc9fec3b9a46799684919968a8f16
            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction Fuzzy Hash: 2B217B3A70065DA6CB24AB94C951ABABBB4EF50700F40901AFAA587691E634DD44D361
            Function 00C3E420 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0486d898031ba9e9093a59458735ef77770c0ee39970ca9c1a5ea09573d1ba4c
            • Instruction ID: d8513615ff87166e121e3db806e32aa6ad5748ecd569bf2335a6338f37ec2c24
            • Opcode Fuzzy Hash: 0486d898031ba9e9093a59458735ef77770c0ee39970ca9c1a5ea09573d1ba4c
            • Instruction Fuzzy Hash: 8131D432A1152C9BDB31DB54CC42FEE77B9EB15780F0101A1F655A72D0D674AE809FA0
            Function 00C744B0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3bb8e07fa1ceac8889941eff2cbac9c6675cd0038895c6c9f3ba252d258ecb35
            • Instruction ID: 82ce87ebe29119221572302a0ca3674c62461782100f3e7d51681905589d8c63
            • Opcode Fuzzy Hash: 3bb8e07fa1ceac8889941eff2cbac9c6675cd0038895c6c9f3ba252d258ecb35
            • Instruction Fuzzy Hash: FD21D2726047459BCB26DF58C881B6BB7E5FF88760F008519FD58AB241D730EE01DBA2
            Function 00C74588 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction ID: 90b95a799ee980d9cfd82336b20f06a795a7ae18d486017c328368ce7310944a
            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction Fuzzy Hash: 5C218D36A00608ABCB19CF98C980A9EBBA5FF49314F10C069FD299B241D770EE458B90
            Function 00D103E6 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9f34bd66c7380b4138094a6c47536b13a441200611c04f9b312d7a61e39be72f
            • Instruction ID: 71559dc831aff53e4fcb89864635a889cfdfab4dfef2329af9ca5d84825faa72
            • Opcode Fuzzy Hash: 9f34bd66c7380b4138094a6c47536b13a441200611c04f9b312d7a61e39be72f
            • Instruction Fuzzy Hash: 94312F71A00219BFCB08DBA4D994ADFBBB9FB8C354F454169E905E7241DB70AD84CBB0
            Function 00C3E388 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction ID: 80a5b4ed3245ba7e79fde67c2486db93fdc22cc9760397e62dc9fd8ead7b128f
            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction Fuzzy Hash: 8131BC31610644EFDB21DFA9C884F6AB7F8EF44354F2045A9E552DB291E730EE42DB50
            Function 00D10591 Relevance: .1, Instructions: 84COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c7292fe869021501b894baf3eb39e33db58e479238f8e974326c67707ea70ca5
            • Instruction ID: 9c771a5f7ac5ccfe588d53abe6bea46d938415cf8e7900461ab954c6bec8faf2
            • Opcode Fuzzy Hash: c7292fe869021501b894baf3eb39e33db58e479238f8e974326c67707ea70ca5
            • Instruction Fuzzy Hash: 7121E6326042059FE718DE29E8806E67BA6EFD4310F594438E944CB241DBB4FCD5CB70
            Function 00CC019F Relevance: .1, Instructions: 78COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b2b0a62f2682cb20f141c7d79a52044afe89ad930dfe52e4ddeb5ccaee29215
            • Instruction ID: 931f100a9968e61e8f89cc380a49a0b5cd1ced4805dc2baf9e2b874d09508740
            • Opcode Fuzzy Hash: 0b2b0a62f2682cb20f141c7d79a52044afe89ad930dfe52e4ddeb5ccaee29215
            • Instruction Fuzzy Hash: 84219A71600644EFC715DF68D845F6AB7B8FF48780F240069F904DB6A1D638EE40CBA8
            Function 00CC0283 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4689fbd432a482a876e182ab53406c33d024fc4017c8daa24a9ae4644cf64419
            • Instruction ID: e97cb29205672aa1637a978626252c13b34589e5183838bc883e1978a4aec118
            • Opcode Fuzzy Hash: 4689fbd432a482a876e182ab53406c33d024fc4017c8daa24a9ae4644cf64419
            • Instruction Fuzzy Hash: 4D21AF72904385DBC711EF59C848F6BBBECAF91340F18046AFC90CB262D734DA49D6A6
            Function 00C62835 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b10d6abc9c1016249d6cab030bf0de26d95d2cea017ababe260310edec0fc7bb
            • Instruction ID: 0cfa9c67d772976250647b2ef8f9100a84f9027f6bbf9276b8856e5635a7b315
            • Opcode Fuzzy Hash: b10d6abc9c1016249d6cab030bf0de26d95d2cea017ababe260310edec0fc7bb
            • Instruction Fuzzy Hash: 37210B32A05AC19BE3325768CC45B2877A4AF46778F280364F9719BAE2D768CE41D215
            Function 00D101AA Relevance: .1, Instructions: 71COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 98dc57712259653d0ed43f726f601dd52d15aa65154f04a4f6576017144377bf
            • Instruction ID: fcf79d5e63391887d619138cd23e080b395dee578ecc9ae86ff3d2c37e47f144
            • Opcode Fuzzy Hash: 98dc57712259653d0ed43f726f601dd52d15aa65154f04a4f6576017144377bf
            • Instruction Fuzzy Hash: FB21A2612042545FD705CB5A98F44F6BFE9EF9B225719C1E6DA84CB343C6349846CBA0
            Function 00C7A30B Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 34d6c79589fb8e88e32f9e02d83c09da9e645e63b5d0400f461323bf567f78aa
            • Instruction ID: 1b06e4d9b6e617be29cb1a386d7e79ec2e81f0934a7071f09c4a6e7ef62f9b11
            • Opcode Fuzzy Hash: 34d6c79589fb8e88e32f9e02d83c09da9e645e63b5d0400f461323bf567f78aa
            • Instruction Fuzzy Hash: 4F21BE39200A40AFC725DF29CC01B4673F5EF48744F248468A419CBB61E335ED46CB98
            Function 00CFA49A Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9770bbdb52bc5331cf081b411be6a9c810d96ec07b4694b42efc688e95c517ee
            • Instruction ID: 9aea08cd14ca3f491b3f6394c7e990a851c9edb6b52148f0f7ab7f5342fdbad9
            • Opcode Fuzzy Hash: 9770bbdb52bc5331cf081b411be6a9c810d96ec07b4694b42efc688e95c517ee
            • Instruction Fuzzy Hash: 9211E7B2280F197FE36256559C42F7BB69AEBC4B60F210024B71CDB291DAA0DC019797
            Function 00CD80A8 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction ID: 514881c9ebcf92bb8a3288c35d7c8b68eb9b68301a2a5d961b0172a7879b9c7c
            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction Fuzzy Hash: 2A218E72A00209EFDF129F98CC40BAEBBB9EF48350F20045AFA11A7351DB74DE559B50
            Function 00D0EE26 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f26172f9468f2c2600b81b98297b295c07222ed680b84d33bef6562d4f83db60
            • Instruction ID: d1d65620530af319040cfe01112368504a9568fbcf885d365eddb339d5e517c3
            • Opcode Fuzzy Hash: f26172f9468f2c2600b81b98297b295c07222ed680b84d33bef6562d4f83db60
            • Instruction Fuzzy Hash: 1421E133A109159BDB18CF3CC8004AAF7E6EFCC35032A423AE916DB2A4D770B9118694
            Function 00C70124 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction ID: 20bcf56a561fe48bd63878acfe23f219633dff36320ef0e87e69dd46ee0f7c18
            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction Fuzzy Hash: D311E272600604EFD7229B44CC42F9FB7B9EB80754F208029F6099B180D6B1EE44DB50
            Function 00C48770 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 68c2f16dd874c140e06eafc56c3e25f33bd7191b457c6eac5b23150331640976
            • Instruction ID: 96d0c451cb77ae8b5aa71e0dc2aaec8b8ffcefed8d1e1f41f24929429f4be29c
            • Opcode Fuzzy Hash: 68c2f16dd874c140e06eafc56c3e25f33bd7191b457c6eac5b23150331640976
            • Instruction Fuzzy Hash: 371191357016119BCB11CF49C5D0A6AB7E9BF4A750B298069FD08DF205DAB2DE05C7A0
            Function 00C7AAEE Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction ID: 294ae5dc53002ff0a1df12cb045a480b1bbb5536ff4e3bc7cb386b428483f819
            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction Fuzzy Hash: 69219D72600640DFC731CF5AC540A6AF7E6EBD4B50F24803EE85A97610C734EE01EB81
            Function 00C480E9 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f05272d7fefb29d7eb0ff8b9ebd0add81ef19304102839aa328c50544efde239
            • Instruction ID: db06bb6814705b70459af1ed2039f1e07dab41737ddc98d757a74dcaff8e1cb8
            • Opcode Fuzzy Hash: f05272d7fefb29d7eb0ff8b9ebd0add81ef19304102839aa328c50544efde239
            • Instruction Fuzzy Hash: 4F216D75A00205DFCB14CF99C591AAEBBB5FB88718F24416ED505AB350CB71AE4ACBD0
            Function 00C7674D Relevance: .1, Instructions: 65COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: efe86a7017bfbff66d8a029c19c659a57286c9c96c092f043c4764848edca073
            • Instruction ID: 728349a7292871de88a753c07ee7b99d5534b8c91e37ca3d4465eb70e6b4b9c9
            • Opcode Fuzzy Hash: efe86a7017bfbff66d8a029c19c659a57286c9c96c092f043c4764848edca073
            • Instruction Fuzzy Hash: 17215975610A00EFC7249F69C881B66B3E8FF84394F54882DE4AEC7651DA70BD50DBA4
            Function 00C6E8C0 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 27c1c5061fa292c6487362dcb9fd4c565e9a0c97f604de73f3fbdb8bac9aeb15
            • Instruction ID: 8ee5ef23ffa423f62a56729a73e75030f4b864a9608d1d172fdc37c8b93729fe
            • Opcode Fuzzy Hash: 27c1c5061fa292c6487362dcb9fd4c565e9a0c97f604de73f3fbdb8bac9aeb15
            • Instruction Fuzzy Hash: BD114877300114ABCB29DB25CC81A6BB266DFD2378B34853DE9228B380D931DD02C3A0
            Function 00CD6870 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1b7f6fbaf1d662c79daeb6ab3013188eb459e77e20678266f3c235e96d6196c4
            • Instruction ID: 8de6f5ef68b9c34232aba5616522706475b591c8ad9e082e5179c85a8f19329f
            • Opcode Fuzzy Hash: 1b7f6fbaf1d662c79daeb6ab3013188eb459e77e20678266f3c235e96d6196c4
            • Instruction Fuzzy Hash: 43112332240614EFC722CB69CC50F5A77A8EF99B60F104026F341DB361DA71ED00D7A0
            Function 00C766B0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6de103371b30a23922500016a773f14590a3aaea47cf5c011207df4d5fb1b932
            • Instruction ID: e7eabccce48f96edb3f0509832b6233d3b0711fb0872246b486f3ec3c26aa7b9
            • Opcode Fuzzy Hash: 6de103371b30a23922500016a773f14590a3aaea47cf5c011207df4d5fb1b932
            • Instruction Fuzzy Hash: 9311E376A01644EFCB28CF59C980A5ABBF4EF84794B21C079E919DB310D630DE00DBA0
            Function 00D0A8E4 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction ID: 09db8d2246a4e22cc2d949c3c34dabc4039b2f413b508ecc7b618fd9bac38016
            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction Fuzzy Hash: 8F110832600605AFDB19CB58C801B9DF7B5EF84310F054269FC4697380D631FE41DB90
            Function 00C40AD0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction ID: 2cf28a0e6a54bbea76e7c2867616e914409abff51a20797c882f8dc785be840f
            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction Fuzzy Hash: AF2103B5A40B459FD3A0CF29C481B56BBF4FB48B20F10492EE98AC7B40E371E954CB94
            Function 00CCE7E1 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction ID: d390abde2415152fe23f79611a74994df6507d5cab61d5779982531fd1ae6c96
            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction Fuzzy Hash: 7611C232601600EFEB219F49C841F5AB7E5EF46754F15842CF9199B2A1DB71DE40EB90
            Function 00C627ED Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09361dea71907deb62e7bd8e5010db35a18f96829a2d4abb88cb02c976088b1f
            • Instruction ID: 45fcfcbd4e160d24e0ac25ca77227f1928657770940c32df9cb47a52d6cca85b
            • Opcode Fuzzy Hash: 09361dea71907deb62e7bd8e5010db35a18f96829a2d4abb88cb02c976088b1f
            • Instruction Fuzzy Hash: A1014E32706645AFE326526ADC85F27779CEF45398F150075F80187582D614DD00D2B1
            Function 00C44690 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5885521da2e034ea91aac8d5d5e1c550e5834261df6a281f6601c6fff7f50013
            • Instruction ID: 720bc8d5244d68971d50cf5775cd9c87db7d708c3d99eee3fd0e709fc25ffcb1
            • Opcode Fuzzy Hash: 5885521da2e034ea91aac8d5d5e1c550e5834261df6a281f6601c6fff7f50013
            • Instruction Fuzzy Hash: 89110E36241640EFCB29CF59D841F567BA8FB8AB64F244129F8148B350C774EE81DF60
            Function 00D14B00 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e0da28a0ca13628e2daaeeb0076725742ec3c87b1c7ac8550e9991d19e07c6be
            • Instruction ID: fda9ce1d4151e4d58e706ad1718654e7e49ef855904c1e471a2ac70b01997919
            • Opcode Fuzzy Hash: e0da28a0ca13628e2daaeeb0076725742ec3c87b1c7ac8550e9991d19e07c6be
            • Instruction Fuzzy Hash: D211C636204611AFC7219A29E940F97B7A5FFC4721F194419E996C7690DE30EC42D7A0
            Function 00C76620 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 156219211a95791c8a58e359e4aaef398b5411da4f7bc53dfd6721bb347a64aa
            • Instruction ID: 90cf3019198574a31cd08a35d736586aa50187b030a4265f5b865358167445a6
            • Opcode Fuzzy Hash: 156219211a95791c8a58e359e4aaef398b5411da4f7bc53dfd6721bb347a64aa
            • Instruction Fuzzy Hash: 2A11E576900B14ABCB21DF68C981B5EF7B8FF44780F904058F909B7201C730BE459B60
            Function 00C6EA2E Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ae513d2428baec4d268bd948900294f0bc51a1cbe1939dd06a0c621e9d607629
            • Instruction ID: 44175ce8ad7fc16460cb7fb49bcab7da783f9b7c61d73ddb32a68e0d9f72689c
            • Opcode Fuzzy Hash: ae513d2428baec4d268bd948900294f0bc51a1cbe1939dd06a0c621e9d607629
            • Instruction Fuzzy Hash: 29019E755006089FC725DB19E888F16BBF9FB85318F25816AE005CB366C770AD86DBA4
            Function 00C6E53E Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction ID: bd1fbe17aceecc0bca39d91347fced1a0eb9ea34ba7d1b01cd6b75f32a34da3f
            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction Fuzzy Hash: 78110C752016C29FD73297A9C594B6677E4EB0278CF1900B5ED4287652F338CE43E354
            Function 00CCE75D Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction ID: 01b7f6ad705555d80eeb45c57b7d4eb45eb0f7909400c1290c4f2459fb421e06
            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction Fuzzy Hash: 8B01D232A00104AFDB219F55C801F5A7AA9EB42B50F168068F9059B260E771DE40D790
            Function 00C3A250 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction ID: 2fa4455c46110b736cbd98523f2f20ac138f121098d16f83b17d9ba4f38a4637
            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction Fuzzy Hash: 32012232414B11AFCB309F16D840A377BA4EF55B60B008A2DFCE9CB680C736D920DBA1
            Function 00D14940 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 740200afbb164b24d452d2e3b9a44cac3d5afbeaabfebc9be723699c28daa2b9
            • Instruction ID: 3604bab775a28279d6eaf7caf2e5e39b8db875eda9cd678a538e5c6bb37bdaf8
            • Opcode Fuzzy Hash: 740200afbb164b24d452d2e3b9a44cac3d5afbeaabfebc9be723699c28daa2b9
            • Instruction Fuzzy Hash: 9201FE72541500AFC331DF18EC40E93B7A8EB91770B294269E9A89B1D2DB30DC81CFE0
            Function 00CBE1D0 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 35540377e27c81ade51628233645d594805c362fedb29bd4a1f598002bb88dc1
            • Instruction ID: 83599379e10741b1417e65beaeedb5d8863727ea84f8353da01903d4a72b5f01
            • Opcode Fuzzy Hash: 35540377e27c81ade51628233645d594805c362fedb29bd4a1f598002bb88dc1
            • Instruction Fuzzy Hash: 7611A132241240EFCB15EF59CD81F9677B8FF44B84F240065F9059B692C335ED01DA90
            Function 00C46259 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b6d0f04c4734726f712d5046fd30bb345cb9bef71a917fdfd29b87bc299e51ef
            • Instruction ID: 7addaef9ce02b92bdff42ba58aebfb8dde8a4ae4f7210b45a1adca4645e745ad
            • Opcode Fuzzy Hash: b6d0f04c4734726f712d5046fd30bb345cb9bef71a917fdfd29b87bc299e51ef
            • Instruction Fuzzy Hash: FD119A70602228ABDB25AB64CC42FE9B3B4BB04714F5041D4B329A60E1DB709E81DF99
            Function 00C4208A Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction ID: 6cb19f7531d114f80e043630fe1993cdbb9cd4c4e0163da7555f289c20fdb704
            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction Fuzzy Hash: 540147326001009BDF249E2AD881B9277A6FFD4710F9540AAFC11CF246DA71CD82D3A0
            Function 00CC6050 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3f1204b7b0cbedf62e6882d0734415bf08120e18b7a471f4e7a817297728d22b
            • Instruction ID: c065864b65def22a184fdb7808cdf80a21a77f8d2a455338a4294ace67f5e93f
            • Opcode Fuzzy Hash: 3f1204b7b0cbedf62e6882d0734415bf08120e18b7a471f4e7a817297728d22b
            • Instruction Fuzzy Hash: 08112D73900119ABCB11DB94CC81EDF7B7CEF48358F044166E916E7211EA34EA55CBE4
            Function 00CD6500 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 41469c0989dba30995b12688ba3d7916af40195ce0c90f31dfa2837323f01185
            • Instruction ID: eb602d6a1747b5da6ccc4282180dcc6c4660bec57639e7417be8cbabefc0e474
            • Opcode Fuzzy Hash: 41469c0989dba30995b12688ba3d7916af40195ce0c90f31dfa2837323f01185
            • Instruction Fuzzy Hash: F41104366001469FC300CF59E800BA6F7B9FF5A304F08815AE948CB315E732ED80DBA0
            Function 00CCC810 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 783ba86909d4e5ed469ad023a874bd0d8621552a168a2ecbbc97a3ad66303179
            • Instruction ID: 04e1457b237a67367029fa58839d30a88bbae0d94a92c690e875fe6e40d23857
            • Opcode Fuzzy Hash: 783ba86909d4e5ed469ad023a874bd0d8621552a168a2ecbbc97a3ad66303179
            • Instruction Fuzzy Hash: 6F11E8B1A002599BCB04DFA9D585AAEBBF8FF48750F10406AF905E7351D674EE018BA4
            Function 00CEEA60 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 565f3512b1658a8e4f6b4ff5eceb973ddfaaa70ed399bf01088e5c96c62f5603
            • Instruction ID: 5904f48c850932853b03b91c3e2e84258122b0e625d32a6e6fc2040708256628
            • Opcode Fuzzy Hash: 565f3512b1658a8e4f6b4ff5eceb973ddfaaa70ed399bf01088e5c96c62f5603
            • Instruction Fuzzy Hash: 0C01F1351402909BC721AF128400936BFA9FF427D1B44443EF5115B211CB20DD82EBA1
            Function 00C820F0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6058e68e4445125a4d2f60e8f93ed744000700f855747a501c04b429cfd31be6
            • Instruction ID: 0e23c7f7f3abb41627f59216501cccc0c4e1950cfcb48780dc1aa96ef24b1ec1
            • Opcode Fuzzy Hash: 6058e68e4445125a4d2f60e8f93ed744000700f855747a501c04b429cfd31be6
            • Instruction Fuzzy Hash: 72118C71A0120DEFCB04EFA4C859FAE7BBAEB44344F104059F9169B290EB35EE11DB95
            Function 00C3C020 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction ID: a15299992116b16c4e82932ddd283ce211b9348cc32c91a73cb86bef7a77641c
            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction Fuzzy Hash: 20012872200744EFDF229A66D844FAB73E9FFC4350F158419B9979B540DE70E942DB60
            Function 00C7E5CF Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 76f72fd599462ab4c9899ed5d04d8ed87d01875108b1c6d8797c3f22ed4f149a
            • Instruction ID: c48ca474c003c682986f5d314df40c1ba59af18edcf3321f04af096a318980d8
            • Opcode Fuzzy Hash: 76f72fd599462ab4c9899ed5d04d8ed87d01875108b1c6d8797c3f22ed4f149a
            • Instruction Fuzzy Hash: C801A272601A44BFC311AB79CD81E57B7ECFF8A7A1B000625B90993692DB34EC45D6F4
            Function 00CD69C0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c3970ef4b14ae44b5ec9e4e58efc76e6ab15bb926f129c8418ca5b4b239cc76b
            • Instruction ID: 1de2c1d5a91260c0280ac2ae62bd83b0312d89086701acd3eb4a04afaed15e5d
            • Opcode Fuzzy Hash: c3970ef4b14ae44b5ec9e4e58efc76e6ab15bb926f129c8418ca5b4b239cc76b
            • Instruction Fuzzy Hash: D201FC322243119BC324EF69C8499A7B7A8EF58764F21412BFA6D97380E7309E05D7D1
            Function 00CCC460 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 044ea7068bc12a47405204d0a561e82d1b3e032df9b8abe3cb0a6108544ffa50
            • Instruction ID: d92c7d7e48c67ada0e1ea2688a68a8356720efea06db3713caba2176eabe8115
            • Opcode Fuzzy Hash: 044ea7068bc12a47405204d0a561e82d1b3e032df9b8abe3cb0a6108544ffa50
            • Instruction Fuzzy Hash: 52115B75A01209ABCB09EFA4C895EAE7BB5EB48354F008059F80597350DA34EE51DB90
            Function 00CCC97C Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c778e78b0e6a13eafaad6501a3ed9376fbf722555d41196b8d6d1b90b8ba0257
            • Instruction ID: 9a170459ea8421495917cc88b53450134e842f860b2c032a896e287d7b20ec99
            • Opcode Fuzzy Hash: c778e78b0e6a13eafaad6501a3ed9376fbf722555d41196b8d6d1b90b8ba0257
            • Instruction Fuzzy Hash: 9D115BB16193489FC700DF69D842A9BBBF8EF99750F00451EF998D7391E630E900CBA6
            Function 00D14A80 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
            • Instruction ID: b496057d7fbec3af8b002dcb684db00465a92855c889f2f43deb7499addb60cb
            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
            • Instruction Fuzzy Hash: 1901B132244605AFDB219A69E841ED6B7EAFFC5314F094819F5428B650DEB0F881C7A4
            Function 00CCCA11 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb4994f3abd22a89d8f8a0128f2e7f89f35f04d25e12665785d7c79f01ac9e19
            • Instruction ID: 26fb02d0e442c236f4c42d5e07bb99c7a3328316bc9d444b5d3bf4c51bd39f85
            • Opcode Fuzzy Hash: fb4994f3abd22a89d8f8a0128f2e7f89f35f04d25e12665785d7c79f01ac9e19
            • Instruction Fuzzy Hash: 5E1179B16183089FC300DF69C846A4BBBF8EF89750F00851EF958D73A1E630E900DBA6
            Function 00C5E016 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction ID: 972ee1c9e5219687b9f7508cfdc8333d0c1469f157f62bd2bfc7997a1e050810
            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction Fuzzy Hash: 45017C32200580DFD7268A1DC948F3677E8EB84750F0904A5F815CB6E1D678DE80D629
            Function 00C3826B Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: aa14ff23d730f9c48aeb15bffb5b0d7b5ec16e60feff1e09c41f936b9ac29be3
            • Instruction ID: 3d72dc9f5f025b1a2e5bd0a0cc8f32c72e0b6408d9efd41a86e18bd598cdb2d4
            • Opcode Fuzzy Hash: aa14ff23d730f9c48aeb15bffb5b0d7b5ec16e60feff1e09c41f936b9ac29be3
            • Instruction Fuzzy Hash: 84018F71720704DBCB04FB6ADD05AAB77A9EF81724F194069F901E7652EE20DE05D6A0
            Function 00CEEB50 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 26c3418cf17feaa082ef31a41b820efd282fee1dedf7efea9ea210205cc58408
            • Instruction ID: b416265d8d9f61e430c52af98c2722e0d5678dee06cd7276e0b77236219a6ce3
            • Opcode Fuzzy Hash: 26c3418cf17feaa082ef31a41b820efd282fee1dedf7efea9ea210205cc58408
            • Instruction Fuzzy Hash: CB01D1B1280740AFD3315F16DD42F16BAE8DF45B90F11482AB6069F3A1D7B4E981DBAC
            Function 00C42582 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 28d3cc2a87b0c1604567c6b832122418fab1c2cbdb97b4e5ac99b14334729110
            • Instruction ID: ef09ea0fa3938f122a469bd597cef6587ed51842fb8b00983bd758db9c7b6a3f
            • Opcode Fuzzy Hash: 28d3cc2a87b0c1604567c6b832122418fab1c2cbdb97b4e5ac99b14334729110
            • Instruction Fuzzy Hash: 92F0F432A41A60BBC732DF568C41F17BAA9EB84B90F104029BA0597640CA34EE01DAA0
            Function 00C6C073 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction ID: f6a7218f3e3c6197839ed8060a310f4adf0715f9d7170edaf74448390a2c46aa
            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction Fuzzy Hash: 9CF0C2B2600A10ABD335CF4DDC81E67F7EADBC4B80F048128A555C7220EA31EE04CB90
            Function 00D162D6 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 79487ac50e518785a4c2dfce672048af13c73166dabf9758276ce30d59ef90c3
            • Instruction ID: b633d1cbadce2cf8e46c3b2856ea3f618cb71e7f98c074053e6e6421af04aa81
            • Opcode Fuzzy Hash: 79487ac50e518785a4c2dfce672048af13c73166dabf9758276ce30d59ef90c3
            • Instruction Fuzzy Hash: 51018471A00209EFCB04DFA9E44599EB7F8EF48304F54401AF910E7351D774DE008BA4
            Function 00D1625D Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 05734887442d27875d8b9b0b2941b9cb1d2809b79b9beaade75eb4fda5381129
            • Instruction ID: e720ab2cab47b3f6da2798eee5a5da7fbc7c8f4a9dba8ede96ec75a5e72a8b6c
            • Opcode Fuzzy Hash: 05734887442d27875d8b9b0b2941b9cb1d2809b79b9beaade75eb4fda5381129
            • Instruction Fuzzy Hash: 14017171A10249AFCB04DFA9D4419AEB7B8EF48304F10401AF900E7351D674DA008BA4
            Function 00D1634F Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2ed83ea86ba212d22b442d193f3278c7e07da8bdd32ca01a34887c35bd2470af
            • Instruction ID: 128c60a78e7e9304b59812443d16bbbb2ba8590b89f75892710cfa47c15c07ea
            • Opcode Fuzzy Hash: 2ed83ea86ba212d22b442d193f3278c7e07da8bdd32ca01a34887c35bd2470af
            • Instruction Fuzzy Hash: F2017C71A10249ABCB04EFA9E841AAEB7B8EF48304F14402AF910E7351DB34DA009BA4
            Function 00C3C310 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction ID: 5512717fe0cc72f082a4ccf967f6f5ea342428803357c88b029cdd153bffd216
            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction Fuzzy Hash: 31F02B33224A329BC772565AC8C0BBFA6958FC5BA4F2A4035F519BB210CE74CC02B7D1
            Function 00C7CA6F Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction ID: 1c810d5e1f9d085254b14ae35d80bab6a1a972f211f67ebd78342d2613f6590d
            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction Fuzzy Hash: D801F93120068ADFD7229719C845F99BBECEF41760F1880A5FD188B691DA74CE40D618
            Function 00D161E5 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 459cfb81c8a7ccb9d24908c2f9911925ce04c747e3b6475674ed1f636ccfe3e1
            • Instruction ID: f784b128320457e720d3025e7ab6cb304a64e6e2cee467da881b60ed5d0babc4
            • Opcode Fuzzy Hash: 459cfb81c8a7ccb9d24908c2f9911925ce04c747e3b6475674ed1f636ccfe3e1
            • Instruction Fuzzy Hash: EB014471A11259ABCB04DFA9D845ADEB7B8EF48714F14405AF501EB390D774DA01CB68
            Function 00CC63C0 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction ID: d0496021cda12d7cdfbda548b4beb1610d8bc63cfca2c0855291bf0ead557120
            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction Fuzzy Hash: FDF0307220001DBFEF019F94DD81DAF7B7DEF493D8B104129FA11A2161D631DE21ABA0
            Function 00CCA4B0 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee0fe4e7c8e0b37db899d2a83440d0872b0190f8bef6f16e26ee1514f3a3e027
            • Instruction ID: 591b0f06bbee00a697f6d0da9eb74322f78f7bedcc5bf6afc5669947bf81bf58
            • Opcode Fuzzy Hash: ee0fe4e7c8e0b37db899d2a83440d0872b0190f8bef6f16e26ee1514f3a3e027
            • Instruction Fuzzy Hash: 7F019A3610060DABCF129F84DC44EDE7F66FB4C754F058215FE1866220C232D970EB81
            Function 00C3C0F0 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8ed37c9c61afb1871642f2bd8d0be29edbb83357a05458f73dbc17b3b592a1a
            • Instruction ID: d09a124de3e871d101eff8e7d1aab95a70cde41fe64f219241362f58a3b3c4aa
            • Opcode Fuzzy Hash: e8ed37c9c61afb1871642f2bd8d0be29edbb83357a05458f73dbc17b3b592a1a
            • Instruction Fuzzy Hash: ECF059B23282005BFB109616CC82F7A33AAE7C0750F65803AFB159F2C2F970DD41A394
            Function 00C7656A Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: da84d5d1652151c9e351e2aa9bd247ac89245d0c1964a7d51aa3efdc9e41a3c9
            • Instruction ID: 05c120f57c9c78d3b41c0f849f3de6d948ab4077c1f3f1d960cd431bd8b2c374
            • Opcode Fuzzy Hash: da84d5d1652151c9e351e2aa9bd247ac89245d0c1964a7d51aa3efdc9e41a3c9
            • Instruction Fuzzy Hash: 8001F470204FC1CFE3269729DD09F6533E8AB00B40F184190F916CB7E3D768DA40A614
            Function 00CE437C Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction ID: 1187d64e924946bd9ae13a2f4671fd29a047e4a87b281af5e5d72996df436242
            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction Fuzzy Hash: CCF02E39381D9347D77DAE2B8420B2EA2559FC0F00B15052CA465CB660DF50DD00D7A0
            Function 00CCC89D Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2d590004bdf141acf167a4485c58a06f078baa80aa0de3c6a7fa3a0403d63b64
            • Instruction ID: d5a1e23ef335f8a5cce501cc78a5afab19d2c811ae472bee240aa5f5a20099e1
            • Opcode Fuzzy Hash: 2d590004bdf141acf167a4485c58a06f078baa80aa0de3c6a7fa3a0403d63b64
            • Instruction Fuzzy Hash: 48F0AF706153449FC314EF68C846E1BB7E4EF88714F40465EF898DB391E634EA00D79A
            Function 00CCE872 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction ID: 17884d3706e7716a09c624daf17b189a87c11d0fe7913510437d01f771b4d6e2
            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction Fuzzy Hash: 6BF089337116619BD3319A4ECC80F16B368EFC6BA0F59016DF9149B2A0C760ED41D7D0
            Function 00C70854 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction ID: 3177f6fc004cabd86b291b78b4f0e8ab4000cc4345973db55446a5386eae8dbc
            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction Fuzzy Hash: 2FF0B4B2610204EFE715DB21CC06F56B2E9FF98340F24C0789949D72A0FAB0EE41D755
            Function 00CCC912 Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 79fba5b854217abf59cd1e4e6c0a26967a611fb36c85cc9d24176a0615aff247
            • Instruction ID: 479200d5762c9c0d71ef42abdeb0b13c62f2a339bd8c88bba956d253ed6b5315
            • Opcode Fuzzy Hash: 79fba5b854217abf59cd1e4e6c0a26967a611fb36c85cc9d24176a0615aff247
            • Instruction Fuzzy Hash: 33F04F70A012499FCB04EFA9C556E9EB7B4EF08304F10815AF959EB395DA34EB01CB54
            Function 00C447FB Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 53bcd94196b0163afe58f47b5ca16576cee8276f80187b1dab2f93a6fdde6457
            • Instruction ID: b57f5f3ec3f3a5f7053050440994d2a2b497591b1bc4eebbb37d59c7dccf9c62
            • Opcode Fuzzy Hash: 53bcd94196b0163afe58f47b5ca16576cee8276f80187b1dab2f93a6fdde6457
            • Instruction Fuzzy Hash: 2BF0BE319126E09FD73ACB68C044B62B7D5BB01774F38896AE8A9C7982C775DE80C650
            Function 00D00115 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e2def2b65b90ffdbab3e080790b44e99d154ea79c2449ddd6c71ee3545d4e77f
            • Instruction ID: cb7a6b22e72db58498d01103e67c590e8921d8e195b76c1e0f4f811f504daf64
            • Opcode Fuzzy Hash: e2def2b65b90ffdbab3e080790b44e99d154ea79c2449ddd6c71ee3545d4e77f
            • Instruction Fuzzy Hash: 0CF02736419B8436CB215B2878523A12F659751320F0E1089D5A9D7352C574CC83C632
            Function 00C7C5ED Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1aa07ec7896d96f2e0c3561cc26888c4b6c4b2a3b227cbe5ca35cc1fcb1302c2
            • Instruction ID: 35dbfc1a14f3f1d268e51ea1ac9817a3ef47da5d13fbd292f6efb0d4d34db2c7
            • Opcode Fuzzy Hash: 1aa07ec7896d96f2e0c3561cc26888c4b6c4b2a3b227cbe5ca35cc1fcb1302c2
            • Instruction Fuzzy Hash: 72F0E2B1511A929FC7229718C1C8B51B3D4EB017A1F19D46DF82E87512C764DD80CA50
            Function 00C82619 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction ID: 7806092dadbdb00300c42ba6971cde76b42f9fdf943a3f1b27f638a20f6c3bea
            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction Fuzzy Hash: 67E0D872300A406BD712AE598CC5F57776EDFC6B14F04007DB9045F252CAE6DD0983A8
            Function 00CD6030 Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction ID: 13a1388f1172be84168c93c7654d99a09f27e82b47e501d964229b21554e1e6a
            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction Fuzzy Hash: 4AF0E572100204DFE3209F06D840F52BBE8EB05364F11C02AE7088B260D379FC40CBA8
            Function 00C40710 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction ID: a3fbe8d786dad4f522b7caeb67b2132c3a6bdfd76e7ccaa24da798e3de88f854
            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction Fuzzy Hash: 17F0ED3A204384ABDB15DF16C040AA57BB8FB51360B200098FD428B301EB31FEC2DB8A
            Function 00C749D0 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction ID: 4df6e8895c6667178254bc6a03d0b5743b32b1254adf18d2935c67f49c9b9cc0
            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction Fuzzy Hash: 46E0D832694584AFC3251A558801B6A77A5DBD07B2F158429F5088B160EB74DD40F7DC
            Function 00D14164 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4a79b89844b30560f6096796d84f8e89cd2c710ac3b369d1db41a3d21bd0dcbc
            • Instruction ID: 2d6ce8dbc096fcd8bcaa5d1196160574584670d43b13df56f49c85eea4e88db0
            • Opcode Fuzzy Hash: 4a79b89844b30560f6096796d84f8e89cd2c710ac3b369d1db41a3d21bd0dcbc
            • Instruction Fuzzy Hash: 6FF030319266916FD761DB28F544B9673E4AB11730F1E0994E80987911CB24ECC0C670
            Function 00CE678E Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction ID: feb76a37c800fbd977a0ac6ed46c59dcc2116d0d8a4f55fede358373465c8531
            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction Fuzzy Hash: 91E0DF32A00160BBDB22979A8D06F9ABAACDBA4FA8F060055BA00E7090D570EE40D690
            Function 00D108C0 Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction ID: 96f896bc858f5defba2d9625cec3abb20c0cd3f5ca979dc1d9d2d27bb6405399
            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction Fuzzy Hash: 1FE09B35644350ABCB24BA29D141AD3BBE8DFAD764F298069D94547612C671FCC2C6F0
            Function 00CFA456 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction ID: 8868813a8e2a48b100434324dfe0753a4a021412e33c6d1fc7f7b81ab8edd6be
            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction Fuzzy Hash: A3E09A31010A50DFD7766F26C849B62BBE0FF40B51F148C2DB0AA118B2C7B5ADC0EB46
            Function 00C425E0 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 69bc4438164f1316e6047a1356578ab251932e2fe345ebc9e13a7c952fb1cba3
            • Instruction ID: 00f21b5ad00afb31c744ccb6b53948eca71f877da6775fe67986303d24f19b50
            • Opcode Fuzzy Hash: 69bc4438164f1316e6047a1356578ab251932e2fe345ebc9e13a7c952fb1cba3
            • Instruction Fuzzy Hash: 67E09232100694ABC312BF29DD03F9B779AEF503A4F114525B115571A1CA30AD50D798
            Function 00CC4000 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction ID: 998a7ef67dc4f482192c09633e6880f5b4dcdaf206ae2fca11c5f4323d538260
            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction Fuzzy Hash: 9DE0C2343403058FD719CF19C090B6277B6BFD5B10F28C068E9588F205EB32E942CB40
            Function 00C7CA38 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2e4f003f85e203017fdd87380e83092525445763f10045d23110eec37f53ca85
            • Instruction ID: 176f27b0e567a77b6fb8039c7e79fb655384b36aaff02e81f37846f5ab307d58
            • Opcode Fuzzy Hash: 2e4f003f85e203017fdd87380e83092525445763f10045d23110eec37f53ca85
            • Instruction Fuzzy Hash: 4BD02B324815617ECB35E215BC95F933A599B40331F018864F50CE2021D554CC81F2D8
            Function 00C3823B Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction ID: 77c20fc4c1f7dfb7578fd868771a38a799ba19dfb1048e610357690faadb7406
            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction Fuzzy Hash: CFE0C231011B10EFDB313F22DD05F6277E1FF54B50F214929F082160A58BB6AC89EB48
            Function 00C42050 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fd361c002e14691d106dd266513faa1a3985a64ec28fda07872b62b0d9807a15
            • Instruction ID: badda2e24843734e073aba147329d1deab0fa7b299867ae76550daefe3646540
            • Opcode Fuzzy Hash: fd361c002e14691d106dd266513faa1a3985a64ec28fda07872b62b0d9807a15
            • Instruction Fuzzy Hash: B2E0C2321005906BC312FF5DDD02F8A739EEFA43A0F114221F150972A1CA20FD40D7A8
            Function 00C78A90 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
            • Instruction ID: 6d95b76dc57437b9d3130d808aeed483d607d4f5691318ed05f0c752dfbd6209
            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
            • Instruction Fuzzy Hash: 50E08633551A1487C728DE18D515B7277A4EF45B30F19863EA62747780C934E948D794
            Function 00C96AA4 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction ID: dda8bbbcbce46d48fa6712cd611d693b94ea0c36f05e00e7ed4d1cb07c62d8d6
            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction Fuzzy Hash: E8D05E36511A50AFC7329F1BEA04C13BBF9FBC5F51705062EA44593920C770AD46DBA0
            Function 00C7E59C Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction ID: 1504502f20cb41e1b13b8d94e621c8a2b12ccacb5f95ca11dabc463490ad2781
            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction Fuzzy Hash: 7BD0A932604660ABDB32AA1CFC00FC333E8EB887A1F060459B118C7150C360AC81CA88
            Function 00CBE908 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction ID: cc0a9ac12c9f967e5babb4aa9f42d05952c2e1adc25a1d26efe29fe22f9a9b59
            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction Fuzzy Hash: 9BE0EC359506849BCF12DF59C640FDAB7B5FB84B40F190054A4186B661C624AE04DB40
            Function 00C3A0E3 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction ID: f514235a818cd5cf3e4ca97bf3965aa700581d95d8e0b817a1aeb1e66535c0ef
            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction Fuzzy Hash: E7D0223222207093CB2896526900FA77A05DB80BD0F1A012C380AA3800C0048C82E2E0
            Function 00C7A830 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction ID: 5e997c442a7d32a8121192189e224d9a82a7f17014030421c0478db276aeb184
            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction Fuzzy Hash: 03D0123B1D054CBBCB119F65DC02F957BA9E754BE0F444120B904875A1C63AE990D584
            Function 00C7CA24 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ab0d34f1975c76b353e85d506bc12aafb1e2f66dc7590865b08d37570cdcd858
            • Instruction ID: c0fccbe9970d24347c5073579833bae650eb5eab7567dfebab9055ae79a797d6
            • Opcode Fuzzy Hash: ab0d34f1975c76b353e85d506bc12aafb1e2f66dc7590865b08d37570cdcd858
            • Instruction Fuzzy Hash: 2FD0A734541507DBCF16DF04C961E6E3B74EB10781F40407CE61091120D324DD01FA10
            Function 00C502A0 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction ID: cc6e7a43a22877b33c51959e03c6ba5786ec397d5258fbf00773527a100eb309
            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction Fuzzy Hash: BBD0C939212E81CFC62ACB0DC9A8B1573A4FB84B49F910490E801CBB21D66CDE84CA04
            Function 00C7C700 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction ID: 19352d42f707b3bb890f69fd2bce58d2e732922067425acdadb02e4e804ed8d5
            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction Fuzzy Hash: C6C08037150644AFC711DF94CD01F0177A9E798B80F000021F70447571C531FD50E644
            Function 00C60310 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction ID: eae983d936681b0b11ef8550fa6ef8329a63d3cba119f73a90c3cb44dc709d9c
            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction Fuzzy Hash: 10D01236100288EFCB15DF41C890D9A772AFBC8710F108019FD19077118A31ED62DA50
            Function 00C40750 Relevance: .0, Instructions: 9COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction ID: 7aa2024df21a642a2a6b681154e63201eb263ad3f21db11c22c3bb198aed7ee2
            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction Fuzzy Hash: ABC08838300A808FCF00CB2AC288F0833F0FB00380F000880F802CBB22E220EE00CA00
            Function 00C84340 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1acfdabb4a153575b1fbfe619d3c2d4bf210833fe8a17b41a4990a783ec0b709
            • Instruction ID: ce9589e72ec25815c5f53d3a804d97e44edf23da2e16d49ea81c85ab9f873b5d
            • Opcode Fuzzy Hash: 1acfdabb4a153575b1fbfe619d3c2d4bf210833fe8a17b41a4990a783ec0b709
            • Instruction Fuzzy Hash: 6E900271605800129A4071584888546400597E1701B55C022E0428654C8E148A5A6365
            Function 00C84650 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 472306f77e76f79ac0b5216427f41afa010558d8ff94b5dd31b4230ff87398c5
            • Instruction ID: ae657466c4f6e3f6bdd420669b34f75893c097371f60d0a44e6cd9990296e4aa
            • Opcode Fuzzy Hash: 472306f77e76f79ac0b5216427f41afa010558d8ff94b5dd31b4230ff87398c5
            • Instruction Fuzzy Hash: 979002A1601500424A4071584808406600597E2701395C126A0558660C8E188959A26D
            Function 00C82AD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 182c9216dd4c005cdded50ee4ea038e05be162b04815f4dd500f56a7934850ca
            • Instruction ID: 19f4139f5de3703f7ee6aaba085b990f1c4d53af5223530e9b63fd5e49ff13f2
            • Opcode Fuzzy Hash: 182c9216dd4c005cdded50ee4ea038e05be162b04815f4dd500f56a7934850ca
            • Instruction Fuzzy Hash: 7B900265211400030A05B5580708507004687D6751355C032F1019650CDE2189656125
            Function 00C82AF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 06e096047fbf3452ce9936e2390735362653d6285c8dbf0780ff758201606f17
            • Instruction ID: fcc5ebb6d3e72b9cc25fcee620bc5db93a16e1ac94c970f8b76a8789ed7ef4ec
            • Opcode Fuzzy Hash: 06e096047fbf3452ce9936e2390735362653d6285c8dbf0780ff758201606f17
            • Instruction Fuzzy Hash: 39900265221400020A45B558060850B044597D7751395C026F141A690CCE2189696325
            Function 00C82AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 274b81c072b3165f4a47f48aad780df8b5ff1645fe95e6a7414ee823c20f8f74
            • Instruction ID: eb02b6a9112bb99b0a2fc1c4bffb653f316deab022e7169d187f966335030cea
            • Opcode Fuzzy Hash: 274b81c072b3165f4a47f48aad780df8b5ff1645fe95e6a7414ee823c20f8f74
            • Instruction Fuzzy Hash: 419002E1201540924E00B2588408B0A450587E1701B55C027E1058660CCD258955A139
            Function 00C82BE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c819541a96222eca3dd1af7344d826d2c86fc65f2dc91c502a32600b1ed7ef7e
            • Instruction ID: 9d1c34ccbd77b3b9ff6d75954617f4618eb2a547560f3c16cb099d0b076aa11f
            • Opcode Fuzzy Hash: c819541a96222eca3dd1af7344d826d2c86fc65f2dc91c502a32600b1ed7ef7e
            • Instruction Fuzzy Hash: BF90027120544842DA4071584408A46001587D1705F55C022A0068794D9E258E59B665
            Function 00C82BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fa5c8a0ca62950f25ee519289fd6c95ddc25d18cff019990f610da61590a03d6
            • Instruction ID: 7d4787260086dc763203e695a1ee06db8499da23b011a5b1f336f1cffa66efda
            • Opcode Fuzzy Hash: fa5c8a0ca62950f25ee519289fd6c95ddc25d18cff019990f610da61590a03d6
            • Instruction Fuzzy Hash: D790027120140802DA807158440864A000587D2701F95C026A0029754DCE158B5D77A5
            Function 00C82B80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7b4870081efc7c23ad394af6f9fb7e0f4a9e4b04484ccf9cbb972655dcb565a7
            • Instruction ID: 8dae1088b1afa47bcbf688dfa5a637f36b4b6db25e4372f8691bb121a56a90c7
            • Opcode Fuzzy Hash: 7b4870081efc7c23ad394af6f9fb7e0f4a9e4b04484ccf9cbb972655dcb565a7
            • Instruction Fuzzy Hash: AC90027120140802DA0471584808686000587D1701F55C022A6028755E9E6589957135
            Function 00C82BA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8fffb11f9e3e821050806d3369a267599bbc94e615bc6901a7d453c76c88fe07
            • Instruction ID: 6dd348f514868bcd1c21aee2894bdf714b47998d07c0073812240d8f71746001
            • Opcode Fuzzy Hash: 8fffb11f9e3e821050806d3369a267599bbc94e615bc6901a7d453c76c88fe07
            • Instruction Fuzzy Hash: 0190027160540802DA5071584418746000587D1701F55C022A0028754D8F558B5976A5
            Function 00C82CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d7f1b51e06ff1406b21a9232a38b6c0f18e2b2b1cf59b179ec2285fabaa32cbd
            • Instruction ID: 2dadadb52c1fbf603a62785ee038b0e060c8610dfe2078cf3c62153a7fe86659
            • Opcode Fuzzy Hash: d7f1b51e06ff1406b21a9232a38b6c0f18e2b2b1cf59b179ec2285fabaa32cbd
            • Instruction Fuzzy Hash: 0F90026160540402DA407158541C706001587D1701F55D022A0028654DCE598B5976A5
            Function 00C82CF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ef5633ce190ba9d617cca1a7bf6b83e4a9dfe0d3b726192cd1524af5984f77e9
            • Instruction ID: 1705eedec396efb102162cceeb7fa0263e8031795c996c100b022522bffb388b
            • Opcode Fuzzy Hash: ef5633ce190ba9d617cca1a7bf6b83e4a9dfe0d3b726192cd1524af5984f77e9
            • Instruction Fuzzy Hash: D390027120140403DA007158550C707000587D1701F55D422A0428658DDE5689557125
            Function 00C82CA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09b670f55c67f3bc7750045e1614c34144b787dfcef09457b79d748ea17c2eab
            • Instruction ID: 4b68dde68f60660394bc549ef42f35d4c2adbb8e66f3cf49672ffe5c34a8b1d2
            • Opcode Fuzzy Hash: 09b670f55c67f3bc7750045e1614c34144b787dfcef09457b79d748ea17c2eab
            • Instruction Fuzzy Hash: F390027120140402DA007598540C646000587E1701F55D022A5028655ECE6589957135
            Function 00C82C60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f8dddd361c1f7642b6e46054f7eca238e97826378274454ac11085c73a428a16
            • Instruction ID: 364353fc96c4e71893ec6175adef7ab2ea5e2c61597d93488f3986ecb35f7b08
            • Opcode Fuzzy Hash: f8dddd361c1f7642b6e46054f7eca238e97826378274454ac11085c73a428a16
            • Instruction Fuzzy Hash: 9790027120140842DA0071584408B46000587E1701F55C027A0128754D8E15C9557525
            Function 00C82DD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cf9d04d885c8e7fe466735d66c5876fc13b901738211dd0e42fcf96e0c13191a
            • Instruction ID: 28cd42f2c4d498f91c3de5b60e8d2007ce16de4ccb9890b1c379e9c169f7ec85
            • Opcode Fuzzy Hash: cf9d04d885c8e7fe466735d66c5876fc13b901738211dd0e42fcf96e0c13191a
            • Instruction Fuzzy Hash: 40900261242441525E45B1584408507400697E1741795C023A1418A50C8D26995AE625
            Function 00C82DB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d6b93ca63dc97f2cd92f1a859d22d3f89eabbd644ca79a44a6e9e670fd0145da
            • Instruction ID: 7c8952b4baaaafbccaa3ab92ca712c2743075dce6a43506e09afa11001ca2528
            • Opcode Fuzzy Hash: d6b93ca63dc97f2cd92f1a859d22d3f89eabbd644ca79a44a6e9e670fd0145da
            • Instruction Fuzzy Hash: 3F90027124140402DA4171584408606000997D1741F95C023A0428654E8E558B5ABA65
            Function 00C82D00 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1eec01c951a4d8e2edfa51252d006c83644d7f61377952d6098ef8639a9d1d66
            • Instruction ID: 03f69371ade818a282289cf7d8d9bb1d3bec7c97c729a4a2792466991c7ad75b
            • Opcode Fuzzy Hash: 1eec01c951a4d8e2edfa51252d006c83644d7f61377952d6098ef8639a9d1d66
            • Instruction Fuzzy Hash: 5090026120544442DA007558540CA06000587D1705F55D022A1068695DCE358955B135
            Function 00C82D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d041fc4098323ce6c7d6f6e1d2379b3d86762bc31ce6af4f4e0be429f12f8568
            • Instruction ID: 380ff14dd0084503ae60947e3242e550fc8039b7f892fab46ae563139f32c70a
            • Opcode Fuzzy Hash: d041fc4098323ce6c7d6f6e1d2379b3d86762bc31ce6af4f4e0be429f12f8568
            • Instruction Fuzzy Hash: 1190026921340002DA807158540C60A000587D2702F95D426A0019658CCD15896D6325
            Function 00C82D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 55f204d1ee3ee4d54f3e66e41367a856530b69a306299a127d31d4f4f89a0510
            • Instruction ID: 193f22c857915da58d1a3845b6bf49ccc99c3fd6e7ae008dfbea3881a20756cc
            • Opcode Fuzzy Hash: 55f204d1ee3ee4d54f3e66e41367a856530b69a306299a127d31d4f4f89a0510
            • Instruction Fuzzy Hash: 1790026130140003DA407158541C6064005D7E2701F55D022E0418654CDD15895A6226
            Function 00C82EE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ec01152bf4652c848d0f2739c0eac4580690e6d3ee085303f03c69cf7f3dd8e0
            • Instruction ID: df5cd91d76970ed5e46a2df24d42857f9070b169f71062c3e10a0d2e65cb9226
            • Opcode Fuzzy Hash: ec01152bf4652c848d0f2739c0eac4580690e6d3ee085303f03c69cf7f3dd8e0
            • Instruction Fuzzy Hash: 6E9002A120180403DA4075584808607000587D1702F55C022A2068655E8E298D557139
            Function 00C82E80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 48e709fbc5663e9f527e6dbd8e8ebb8a6fca86252c4de724c70ced7b0fbcf4bc
            • Instruction ID: 228b327ab6e510424410ebaacb998b8654bd688bebf67df751f19abda34b37cc
            • Opcode Fuzzy Hash: 48e709fbc5663e9f527e6dbd8e8ebb8a6fca86252c4de724c70ced7b0fbcf4bc
            • Instruction Fuzzy Hash: 9490026160140502DA0171584408616000A87D1741F95C033A1028655ECE258A96B135
            Function 00C82EA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9db82999f84df4b69ed18a53d470d0fc362033223fe30ec1f926bfaef202d16e
            • Instruction ID: cfc16484945781a8556fe92df75246ae6d68c87f0d6b2a247c95b14f4af9a3b1
            • Opcode Fuzzy Hash: 9db82999f84df4b69ed18a53d470d0fc362033223fe30ec1f926bfaef202d16e
            • Instruction Fuzzy Hash: D69002B120140402DA4071584408746000587D1701F55C022A5068654E8E598ED97669
            Function 00C82E30 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 577bb022c72764705259aaf1d5d84d39ba71787ac24d3f32a208661376b6011a
            • Instruction ID: 15042be870e632080732a164016980dfb1c795a320008fd78cd70c5a89caa6c1
            • Opcode Fuzzy Hash: 577bb022c72764705259aaf1d5d84d39ba71787ac24d3f32a208661376b6011a
            • Instruction Fuzzy Hash: C490026130140402DA02715844186060009C7D2745F95C023E1428655D8E258A57B136
            Function 00C82FE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1f80cb9c669dce851b97c25bef83f9f925c493de2a14b9a08d2536e580975197
            • Instruction ID: 8dbe56d2e913e0b8d43dd51213b6a21224d4dfa14ad402fe95fe851ee2a15d21
            • Opcode Fuzzy Hash: 1f80cb9c669dce851b97c25bef83f9f925c493de2a14b9a08d2536e580975197
            • Instruction Fuzzy Hash: 5A900261211C0042DB0075684C18B07000587D1703F55C126A0158654CCD1589656525
            Function 00C82F90 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9960ed903663be0bbaf759d6481c0f6a0f32f8256a3a77865ead1006bbb56671
            • Instruction ID: 3ac1b97d38df01ccd5448cccbf89e6e683aad5731aabf2a1f832b441c54771ec
            • Opcode Fuzzy Hash: 9960ed903663be0bbaf759d6481c0f6a0f32f8256a3a77865ead1006bbb56671
            • Instruction Fuzzy Hash: A090027120180402DA007158481870B000587D1702F55C022A1168655D8E2589557575
            Function 00C82FA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f587da9fcf2068001f43b9318a2ffe05fe8d645c79834047b975b40bfa3f8fd
            • Instruction ID: 1dc10292cd72a5b0d91b62b7be0a9c56a85cb054c7acdb28bf2d0227ec1b5a95
            • Opcode Fuzzy Hash: 2f587da9fcf2068001f43b9318a2ffe05fe8d645c79834047b975b40bfa3f8fd
            • Instruction Fuzzy Hash: 2D90027120180402DA007158480C747000587D1702F55C022A5168655E8E65C9957535
            Function 00C82FB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7206df1d60094ad2b1092d803033d10d4f5a05e7eddaf629a5d5b16b665e0ea1
            • Instruction ID: ad6e87a690ce11a2e5b5da1fada29d1b1200ac677dd9b6250c55f494a61551a2
            • Opcode Fuzzy Hash: 7206df1d60094ad2b1092d803033d10d4f5a05e7eddaf629a5d5b16b665e0ea1
            • Instruction Fuzzy Hash: BB900261601400424A40716888489064005ABE2711755C132A099C650D8D5989696669
            Function 00C82F60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 03f18e3ef38e82f37d825bf998da61e6f822698e93de8f97fee895610c8a4acb
            • Instruction ID: a66e9a7ab434d89d777f153be3dc9ba63113212649de8d996841d5d5ff747560
            • Opcode Fuzzy Hash: 03f18e3ef38e82f37d825bf998da61e6f822698e93de8f97fee895610c8a4acb
            • Instruction Fuzzy Hash: 5D9002A121140042DA0471584408706004587E2701F55C023A2158654CCD298D656129
            Function 00C82F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 67246c0440d03bb5653f2c4934ff7d6d72e46fa9b8e6da417ddb7beb3ecc5c95
            • Instruction ID: 2ba607324fe21f3b6b672c78435e50ce349ea641a3492a602cb8216e07c22c20
            • Opcode Fuzzy Hash: 67246c0440d03bb5653f2c4934ff7d6d72e46fa9b8e6da417ddb7beb3ecc5c95
            • Instruction Fuzzy Hash: 159002A134140442DA0071584418B060005C7E2701F55C026E1068654D8E19CD56712A
            Function 00C83090 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f84a82735126801c18bd26f1cc2d8294d192b8124a16e78a5d89d51afc4e8bdb
            • Instruction ID: b0cac0208fbe1bb1936eded9e2f29a8ce36c32f4c3960fb8cab78ceb2971bc3e
            • Opcode Fuzzy Hash: f84a82735126801c18bd26f1cc2d8294d192b8124a16e78a5d89d51afc4e8bdb
            • Instruction Fuzzy Hash: EA90026124140802DA40715884187070006C7D1B01F55C022A0028654D8E168A6976B5
            Function 00C83010 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d0db42c8a046dcac18bff63b1538cf60b2d11d760401522a7bc5db6f17a8f0b8
            • Instruction ID: 8b2e736384a669ab2996b274252d119f51be3cf5fa41a6f1c54f2b1ea86943f9
            • Opcode Fuzzy Hash: d0db42c8a046dcac18bff63b1538cf60b2d11d760401522a7bc5db6f17a8f0b8
            • Instruction Fuzzy Hash: F490026120184442DA4072584808B0F410587E2702F95C02AA415A654CCD1589596725
            Function 00C839B0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 08a485f53fbeb1c6bd405845b839df001f97af5a009b107ffa948c2a6e33e6bf
            • Instruction ID: 223d49015fbfb4e99e88310eba61c2b309b501b5597dd8e25c8426be5c9b8fa4
            • Opcode Fuzzy Hash: 08a485f53fbeb1c6bd405845b839df001f97af5a009b107ffa948c2a6e33e6bf
            • Instruction Fuzzy Hash: 4A90026124545102DA50715C44086164005A7E1701F55C032A0818694D8D5589597225
            Function 00C82C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction ID: ead05aa7fbffe55da4e598de69e892839e2e32fec2a8e054203709acd026f4a1
            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction Fuzzy Hash:
            Function 00C82890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: f9848ffd13e74f6aff4751f6e2b36f8861eb552272f762b9c8cce17f66fa7078
            • Instruction ID: 00e968bcfbc4f33cf99330cdd2d3dc8da78591eff83bac8d2eaaba3585fbc1f7
            • Opcode Fuzzy Hash: f9848ffd13e74f6aff4751f6e2b36f8861eb552272f762b9c8cce17f66fa7078
            • Instruction Fuzzy Hash: 3E51F7B2A00516BFCF20EF99888497EF7B8BB09304B108229E4A5D7681D334DF54DBA4
            Function 00CF2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: 71a0e729018514bd2271315b450b5ed22b7c629aadc60dcf55fd681aaccc7ee5
            • Instruction ID: 6aa0e5413bb21fc6375fc29ded6424eea6406f984632a2c76c64255abd736b43
            • Opcode Fuzzy Hash: 71a0e729018514bd2271315b450b5ed22b7c629aadc60dcf55fd681aaccc7ee5
            • Instruction Fuzzy Hash: 8C51F575A00649AFCB70DF9CC89097EBBF8EB44300B148469F6A5D7682E6B4DF409B61
            Function 00C77630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
            Download Yara Rule
            Strings
            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00CB4742
            • ExecuteOptions, xrefs: 00CB46A0
            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00CB4655
            • CLIENT(ntdll): Processing section info %ws..., xrefs: 00CB4787
            • Execute=1, xrefs: 00CB4713
            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00CB46FC
            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00CB4725
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
            • API String ID: 0-484625025
            • Opcode ID: a5459cb89fcb62568c9b8b39a9b010794f1f752f60cbde41612162e07bccd1ca
            • Instruction ID: 93a1fd089f970c8a5ad86ae4e31f5c405decd4b018b10f032aa8708c5e9c303f
            • Opcode Fuzzy Hash: a5459cb89fcb62568c9b8b39a9b010794f1f752f60cbde41612162e07bccd1ca
            • Instruction Fuzzy Hash: 4C51363160421DBADF15ABA5EC8AFEA73B8EF14300F1441A9F509A7192EB71AF41DF50
            Function 00D16940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction ID: 0ae56a6c8d2589e52a7b73e7be481cf06df120d97d2c7796029e4148ac62a7d5
            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction Fuzzy Hash: 58022671508341AFD304DF18D590AABBBF5EFC8704F148A2DF9858B265DB31E985CB62
            Function 00C8B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-$0$0
            • API String ID: 1302938615-699404926
            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction ID: f489715dbb2b75c678d46d3d96ac2b55a55ea100fda45620d6eeed0db8d4de5f
            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction Fuzzy Hash: 2C81E230E052499EDF28EE68C8917FEBBB5AF85318F184119E871A72D1D7349E41CB68
            Function 00CF20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$[$]:%u
            • API String ID: 48624451-2819853543
            • Opcode ID: 5efbac8c6dc721938465654704f74ed1546f2f1579ec4aaa2472b65148453214
            • Instruction ID: b22525cd3ce8a76d45440cf6732c821d9c9a5763a4490d6c76f25b33d8defa48
            • Opcode Fuzzy Hash: 5efbac8c6dc721938465654704f74ed1546f2f1579ec4aaa2472b65148453214
            • Instruction Fuzzy Hash: 16215E76A0021DABCB50EF69CC45AFEBBF8EF54744F444126EA15E3241EB30DE019BA5
            Function 00C6F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
            Download Yara Rule
            Strings
            • RTL: Re-Waiting, xrefs: 00CB031E
            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00CB02E7
            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00CB02BD
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
            • API String ID: 0-2474120054
            • Opcode ID: 2717800c777e3a907fa6d3a5a6fe357481c50ed1d3ce9f9b4061c3ccbfbfede4
            • Instruction ID: 878ce5bf2f784cfb3c5d4f9c9a1242782ea00500ea31e0eca7a637933f6a9a57
            • Opcode Fuzzy Hash: 2717800c777e3a907fa6d3a5a6fe357481c50ed1d3ce9f9b4061c3ccbfbfede4
            • Instruction Fuzzy Hash: 0AE1EE30608741DFD724CF28D885B6AB7E0BF89324F240A6DF5A58B2E1D774DA46CB42
            Function 00C7B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CB728C
            Strings
            • RTL: Re-Waiting, xrefs: 00CB72C1
            • RTL: Resource at %p, xrefs: 00CB72A3
            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00CB7294
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 885266447-605551621
            • Opcode ID: 005d6a645b44282b3e60233ceb8470a2d815089e8fdce87e6c95162b9471eeb2
            • Instruction ID: e5e24202b97866b050481df8ef9af8f9cbd4e4242e7f0ff537cfcf330ea782ce
            • Opcode Fuzzy Hash: 005d6a645b44282b3e60233ceb8470a2d815089e8fdce87e6c95162b9471eeb2
            • Instruction Fuzzy Hash: 57410031704212ABC720DE25CC42FAAB7A5FF94710F104629FD69EB281DB31ED569BD2
            Function 00CF2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$]:%u
            • API String ID: 48624451-3050659472
            • Opcode ID: 1521e53c890e33c215a04293deeea6d5ccf36cca1596498a918ac4bb7f092e45
            • Instruction ID: c07da6b6844954fc39157fa1554661ea0947663eba4cda3f46d779a17d5625aa
            • Opcode Fuzzy Hash: 1521e53c890e33c215a04293deeea6d5ccf36cca1596498a918ac4bb7f092e45
            • Instruction Fuzzy Hash: 5F318272A0061D9FCB60DE29CC41BFEB7BCEB44710F540556E949E3241EB34EA489BA1
            Function 00C49126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID:
            • String ID: $$@
            • API String ID: 0-1194432280
            • Opcode ID: 6f4b121176c8bc1f18dfe4d9c1581b67d387572439d7aa6605cff1fe90ccdd8a
            • Instruction ID: c06a6298d72dd090d256cf9a8ffc00eaebcd227c1a325ba2995867d2e934993b
            • Opcode Fuzzy Hash: 6f4b121176c8bc1f18dfe4d9c1581b67d387572439d7aa6605cff1fe90ccdd8a
            • Instruction Fuzzy Hash: C2812971D0027A9BDB31CB54CC45BEEB7B8BB08714F0041EAA919B7290D7709E84DFA4
            Function 00CCCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
            Download Yara Rule
            APIs
            • @_EH4_CallFilterFunc@8.LIBCMT ref: 00CCCFBD
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1836740359.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C10000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_c10000_fTq2vadDnr.jbxd
            Similarity
            • API ID: CallFilterFunc@8
            • String ID: @$@4_w@4_w
            • API String ID: 4062629308-713214301
            • Opcode ID: e43b99b06fe938a8cd760e5c3dab7772a3ca150f13ed3bfcc4e54e03d52c0783
            • Instruction ID: dd61112d24094a9ade1a57c256af649743a7280de319fbcc3bc04d6324d54e84
            • Opcode Fuzzy Hash: e43b99b06fe938a8cd760e5c3dab7772a3ca150f13ed3bfcc4e54e03d52c0783
            • Instruction Fuzzy Hash: 98418B71900214DFCB21EFA9C841AAEBBB8EF45B00F00413EF915DB261E734DA45DB68